Dear Mozilla Security Policy Community,
Thanks for the advice about the short serial numbers and apologies for the
Since 2016, all D-TRUST TLS certificates based on electronic Certificate
Requests have a certificate serial number which includes 64 bits of entropy.
Between 2012 and July 6th, 2017 we produced a small number of certificates with
paper-based Certificate Registration Requests using 64 bits of entropy in the
“DNqualifier” field instead of the serial number field.
Since the 7th of July, 2017, all D-TRUST TLS-Certificates have 64 bits of
entropy in the serial number.
I hope this helps and please do not hesitate to contact us if there are any
Standardization & Consulting
Kommandantenstraße 18 · 10969 Berlin · Deutschland
Am Mittwoch, 19. Juli 2017 00:26:16 UTC+2 schrieb Charles Reiss:
> https://crt.sh/?id=174827359 is a certificate issued by D-TRUST SSL
> Class 3 CA 1 2009 containing the DNS SAN
> 'www.lbv-gis.brandenburg.de/lbvagszit' (containing a '/') with a
> notBefore in April 2017.
> The certificate also seems to have a short certificate serial number,
> which cannot include 64 bits of entropy. Many certificates issued by
> this CA appears to use large serial numbers (e.g. ). But there are
> certificates with much shorter sequential-looking serial numbers with
> notBefores shortly before  and after  this certificate's and as
> recent as 4 July 2017 .
>  https://crt.sh/?id=137090990 , https://crt.sh/?id=124715040
>  https://crt.sh/?id=173758922
> I did a cursory check on censys.io to see if there were other cases of
> short serial numbers in certificates with recent notBefores that are
> trusted by Mozilla:
> - Digidentity Services CA - G2 (https://crt.sh/?caid=868 ; chains to
> Staat der Nederlanden Root CA - G2) has issued certificates which serial
> numbers that appear to be of the form 0x10000000 + sequential counter
> with notBefores as recent as 8 June 2017.
> - Siemens Issuing CA Internet Server 2016 (https://crt.sh/?caid=26087 ;
> chains to QuoVadis Root CA 2 G3) has issued certificates with 4-byte
> serial numbers with notBefores as recent as 11 July 2017, though they do
> not appear to be assigned sequentially.
> D-Trust and QuoVadis both indicated no problems complying with version
> 2.4.1 of Mozilla's certificate policies (which requires, among other
> things, 64 bits of serial number entropy) by 1 June 2017 when they
> replied to Mozilla's April CA communication. The Government of the
> Netherlands indicated they needed a delay for CPS translation only.
dev-security-policy mailing list