On 07/19/2017 06:03 PM, Tom wrote:
Following that discovery, I've search for odd (invalid?) DNS names.
Here is the list of certificated I've found, it may overlap some discovery already reported. If I'm correct, theses certificate are not revoked, not expired, and probably trusted by Mozilla (crt.sh issuer are marked trusted by Mozilla, but not all).


Some additional problematic certs:

chains to Swisscom:
https://crt.sh/?id=175444569  wxadm.swissucc.local

chains to CATCert, notBefore in 2017:
https://crt.sh/?id=98706307   maritim4.mmaritim.local

chains to PROCERT, notBefore in 2017:
https://crt.sh/?id=175466182  fospuca.local

chains to Baltimore Cybertrust Root (DigiCert):
https://crt.sh/?id=12344381   lorweb.local

chains to Baltimore Cybertrust Root (DigiCert), notBefore in 2017:
https://crt.sh/?id=175469208  skbfep01.justica.local
https://crt.sh/?id=175469209  energy.ctd  and  pt

chains to QuoVadis, notBefore in 2017:
https://crt.sh/?id=175466199  devsrv.pe.siemens.info-com  (swapped -/.)

chains to DocuSign, notBefore in 2017:
https://crt.sh/?id=99149574   "www.immonotaireargus.com " (trailing space)
dev-security-policy mailing list

Reply via email to