I am confused for those reasons.
1. the CN of two cerificates are same. So it is not necessary to issue two
certificates in just 2 minutes.
2. second one used SHA1, though is consistent with BR, but first one used
3. first one has 39 month period of validity which is very rare.
4. Since they are issued so close they should be logged at CT same time but
second one are too late.
So is there some common parctice I don't know or another mistake made by Wosign?
dev-security-policy mailing list