Those two are actually the same certificate; it's not clear to me why they appear twice on crt.sh
Il 29/08/2017 18:50, Ryan Sleevi via dev-security-policy ha scritto:
On Tue, Aug 29, 2017 at 8:47 AM, Paul Kehrer via dev-security-policy < dev-security-policy@lists.mozilla.org> wrote:Symantec / GeoTrust CCADB does not list an email address. Not CC'd. DN: C=IT, O=UniCredit S.p.A., CN=UniCredit Subordinate External Example cert: https://crt.sh/?q=049462100743d2bcb10780e7c4eb2c e1197a3f8bea7fad5ef9141f008eb1e6ca OCSP URI: http://ocsp.unicredit.eu/ocspNote: There are 7 associated certificates for this CA ( https://crt.sh/?caid=294 ) Of those: 5 are issued by Symantec / GeoTrust: - 1 is expired ( https://crt.sh/?id=9219 ) - 4 are revoked ( https://crt.sh/?id=12722071 / https://crt.sh/?id=6941850 / https://crt.sh/?id=47086214 / https://crt.sh/?id=12165934) 2 are issued by Actalis - 2 are technically constrained sub-CAs ( https://crt.sh/?id=147626411 / https://crt.sh/?id=47081615 ) As they are technically-constrained subordinate CAs, they are (presently) exempted from that MUST requirement. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
