This currently unrevoked cert has a SHA-1/RSA signature, the serverAuth
EKU and CN=hmrcset.trustis.com:
https://crt.sh/?id=50773741&opt=cablint
It lacks the SAN extension, but that doesn't excuse it from the ban on
SHA-1!
Its issuer is trusted for serverAuth by Mozilla:
https://crt.sh/?caid=920&opt=mozilladisclosure
--
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy