I’ve found 54 additional unexpired unrevoked certificates that are known to CT 
and trusted by NSS containing dnsNames that are invalid. The errors include 
invalid characters, internal names, and wildcards in the wrong position.

The full list is here: https://misissued.com/batch/8/

There are a few threads from the past few weeks about similar certificates, but 
as far as I know none of the certificates on this list have been discovered yet.

I’ve included a summary of the CCADB owners and intermediates at the end of 
this email.

Jonathan

—

DigiCert (18)
    TI Trust Technologies Global CA (16)
    Justica (1)
    WellsSecure Certification Authority 01 G2 (1)

DocuSign (OpenTrust/Keynectis) (10)
    CLASS 2 KEYNECTIS CA (8)
    KEYNECTIS SSL RGS (2)

AC Camerfirma, S.A. (4)
    AC CAMERFIRMA AAPP (2)
    Camerfirma Corporate Server II - 2015 (2)

Certinomis (4)
    Certinomis - Easy CA (2)
    Certinomis Serveurs et Equipements (2)

Symantec / VeriSign (3)
    Symantec Class 3 Secure Server CA - G4 (2)
    Symantec Class 3 Secure Server SHA256 SSL CA (1)

Visa
    Visa eCommerce Issuing CA (2)

Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert)
    EC-SectorPublic (2)

Taiwan-CA Inc. (TWCA)
    TWCA Secure SSL Certification Authority (1)

WoSign CA Limited
    StartCom Class 3 OV Server CA (1)

CA Disig a.s.
    CA Disig R2I2 Certification Service (1)

Actalis
    Actalis Authentication CA G3 (1)

PROCERT
    PSCProcert (1)

Comodo
    Intel External Basic Issuing CA 3B (1)

Izenpe S.A.
    EAEko Herri Administrazioen CA - CA AAPP Vascas (2) (1)

WISeKey
    WISeKey CertifyID Advanced Services CA 4 (1)

T-Systems International GmbH (Deutsche Telekom)
    Uni-Osnabrueck RZ-CA G-002 (1)

QuoVadis
    QuoVadis Global SSL ICA G2 (1)

Symantec / GeoTrust
    RapidSSL SHA256 CA - G3 (1)
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to