For reference, I’ve added links for the replacement certificates below.

> On Jul 29, 2017, at 09:08, kaddachi olfa via dev-security-policy 
> <> wrote:
> is an expired certificate (notBefore March 2016; 
> notAfter March 2017) issued by this CA which has a wildcard name in the 
> common name while the SAN contains specific domain names that would be 
> covered by the wildcard only. 
> ==> The CA has revoked the certificate on 
> 2016-03-21 when the CA discover the mistake in the SAN extension. A new 
> certificate is issued on the same day (2016-03-21) with the right SAN 
> (* See the certificate below:

> is an expired certificate with a notBefore of Oct 
> 2015 and notAfter of Oct 2016 issued by this CA with an iPAddress SAN of 
> (I believe that by 2014, the BRs rohibited issuing internal name 
> certs with validity past November 2015.) 
> ==>Yes is an expired certificate which contain an 
> IPAddress SAN of The new certificate for the end entity 
> ( has been issued by the CA on 14-12-2016. See 
> certificate below:

> is a certificate for the internal 
> name 'adv-ail.calladvance.local' issued by this CA with a not Before of 2017. 
> ==> The CA proceeded to notify the end entity of the certificate 
> The certificate is revoked on 
> 28/07/2017 and replaced by a new certificate which does not contain  in SAN 
> extension the internal name "adv-mail.calladvance.local". See ertificate 
> below:
dev-security-policy mailing list

Reply via email to