I have updated the list again to note the additional responders fixed (in this update: CA Disig, PKIoverheid, Izenpe). To make this email slightly less enormous I've also started removing everything but the CA's name when I have confirmed that all the reported responders are now properly responding to my queries.
AS Sertifitseerimiskeskuse (SK) CCADB does not list an email address. Not CC'd. DN: C=EE, O=AS Sertifitseerimiskeskus, CN=EE Certification Centre Root CA, [email protected] Example cert: https://crt.sh/?q=74d992d3910bcf7e34b8b5cd28f91eaeb4f41f3da6394d78b8c43672d43f4f0f OCSP URI: http://ocsp.sk.ee/CA Autoridad de Certificacion Firmaprofesional Email sent to [email protected] DN: C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068 Example cert: https://crt.sh/?q=cd74198d4c23e4701dea579892321b9e4f47a08bd8374710b899aad1495a4b35 OCSP URI: http://ocsp.firmaprofesional.com DN: C=ES, [email protected], L=C/ Muntaner 244 Barcelona, OU=Consulte http://www.firmaprofesional.com, OU=Jerarquia de Certificacion Firmaprofesional, O=Firmaprofesional S.A. NIF A-62634068, CN=AC Firmaprofesional - CA1 Example cert: https://crt.sh/?q=649d5190f9fff58de60313c2f0598393f9dba05368b1dbfe93ec806015fb8796 OCSP URI: http://ocsp.firmaprofesional.com DN: C=ES, O=Firmaprofesional SA, OU=Certificados Digitales para la Administracion Publica, serialNumber=A62634068, CN=AC Firmaprofesional - AAPP Example cert: https://crt.sh/?q=d4ef928ee32c3838d40e5756b523829b1dafcd46fd84428ba03d59330a4ae5e7 OCSP URI: http://ocsp.firmaprofesional.com CA Disig a.s. (Fixed as of 2017-08-31) --Data removed for brevity, see older emails for more info certSIGN (partially resolved) Email sent to [email protected] DN: C=RO, O=certSIGN, OU=certSIGN Enterprise CA Class 3 G2, CN=certSIGN Enterprise CA Class 3 G2 Example cert: https://crt.sh/?q=98ab1983ae9f6a6116e5010e3ab2b1b0bf266fa205a140b1bc1d340ff4ff6355 OCSP URI: http://ocsp.certsign.ro Notes: This is fixed as of 2017-08-31 DN: C=RO, O=certSIGN, OU=certSIGN ROOT CA Example cert: https://crt.sh/?q=3003bf8853427c7b91023f7539853d987c58dc4e11bbe047d2a9305c01a6152c OCSP URI: http://ocsp.certsign.ro Notes: Per Cristian Garabet this will be resolved 2017-09-15 Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) CCADB does not list an email address. Not CC'd. DN: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), L=Passatge de la Concepcio 11 08008 Barcelona, OU=Serveis Publics de Certificacio ECV-2, OU=Vegeu https://www.catcert.net/verCIC-2 (c)03, OU=Administracions Locals de Catalunya, CN=EC-AL Example cert: https://crt.sh/?q=88f6298c5a8cc66cefb8ea214a528c3efce36a26213fe4fd260613967d39e7d4 OCSP URI: http://ocsp.catcert.net DN: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), L=Passatge de la Concepcio 11 08008 Barcelona, OU=Serveis Publics de Certificacio ECV-2, OU=Vegeu https://www.catcert.net/verCIC-2 (c)03, OU=Administracions Locals de Catalunya, CN=EC-AL Example cert: https://crt.sh/?q=1869a83f83b8f034336ab09fe52563c00c80c4b45897b3ea15e658fd14306208 OCSP URI: http://ocsp.catcert.net DN: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), L=Passatge de la Concepcio 11 08008 Barcelona, OU=Serveis Publics de Certificacio ECV-2, OU=Vegeu https://www.catcert.net/verCIC-2 (c)03, OU=Secretaria d'Administracio i Funcio Publica, CN=EC-SAFP Example cert: https://crt.sh/?q=15d3c7463f477e2627c4c9a158e429abd6bfe63101d6745560a36d1c03363d30 OCSP URI: http://ocsp.catcert.net DN: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), L=Passatge de la Concepcio 11 08008 Barcelona, OU=Serveis Publics de Certificacio ECV-2, OU=Vegeu https://www.catcert.net/verCIC-2 (c)03, OU=Universitats i Recerca, CN=EC-UR Example cert: https://crt.sh/?q=7432b4c29e1360668814ec282ad78208cd521e62b8d8d60d5084fdf8daad57cb OCSP URI: http://ocsp.catcert.net DN: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), L=Passatge de la Concepcio 11 08008 Barcelona, OU=Serveis Publics de Certificacio ECV-2, OU=Vegeu https://www.catcert.net/verCIC-2 (c)03, OU=Universitats i Recerca, CN=EC-UR Example cert: https://crt.sh/?q=3148d57a495fd7bdf4653dfdd3d3c9d186547df42e296c4e1b6a7c679179d03f OCSP URI: http://ocsp.catcert.net DN: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), L=Passatge de la Concepcio 11 08008 Barcelona, OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verCIC-3 (c)05, OU=Universitat Rovira i Virgili, CN=EC-URV Example cert: https://crt.sh/?q=caa2a1fe7756bd5e227add40c5e06808dc0a79f1e8c93e4bf982df4893b284e4 OCSP URI: http://ocsp.catcert.net DN: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC Example cert: https://crt.sh/?q=356a5f4d994e9efa7caefc491768911d65ec25977465b610e2f29aa4472631c3 OCSP URI: http://ocsp.catcert.net DN: C=ES, O=Agencia Catalana de Certificacio (NIF Q-0801176-I), OU=Serveis Publics de Certificacio, OU=Vegeu https://www.catcert.net/verarrel (c)03, OU=Jerarquia Entitats de Certificacio Catalanes, CN=EC-ACC Example cert: https://crt.sh/?q=20d082b1f53252e33cee5991be8650b414f11f3af16a14295c2fee0c9ab558c2 OCSP URI: http://ocsp.catcert.net DigiCert: Email sent to [email protected] DN: C=CH, L=Zurich, O=ABB, CN=ABB Issuing CA 6 Example cert: https://crt.sh/?id=16963460 OCSP URI: http://aia.pki.abb.com/ocsp Notes: This CA is technically constrained via NC except under IPv6. The BRs require IPv6 exclusion to be considered constrained so I believe this is still an issue at this time. DN: CN=Cartão de Cidadão 001, OU=ECEstado, O=SCEE - Sistema de Certificação Electrónica do Estado, C=PT Example cert: https://crt.sh/?id=12729446 OCSP URI: http://ocsp.root.cartaodecidadao.pt/publico/ocsp Notes: Per Ben Wilson this CA only issues client certificates. It is, however, trusted for serverAuth. DN: C=PT, O=MULTICERT - Serviços de Certificação Electrónica S.A., OU=Accredited Certification Authority, CN=MULTICERT Certification Authority 002 Example cert: https://crt.sh/?id=117934576 OCSP URI: http://ocsp.multicert.com/ocsp OCSP URI: http://ocsp.multicert.com/procsp DN: C=PT, O=MULTICERT - Serviços de Certificação Electrónica S.A., OU=Entidade de Certificação Credenciada, CN=MULTICERT - Entidade de Certificação 001 Example cert: https://crt.sh/?id=11653177 OCSP URI: http://ocsp.multicert.com/ocsp DN: DC=com, DC=sanpaoloimi, DC=corp, CN=Intesa Sanpaolo CA Servizi Esterni Example cert: https://crt.sh/?id=10915119 OCSP URI: http://ocsp.intesasanpaolo.com DN: DC=com, DC=sanpaoloimi, DC=corp, CN=Intesa Sanpaolo CA Servizi Esterni Enhanced Example cert: https://crt.sh/?id=119601976 OCSP URI: http://ocsp.intesasanpaolo.com DigiCert/Government of Portugal, Sistema de Certificação Electrónica do Estado (SCEE) / Electronic Certification System of the State: DN: C=PT, O=SCEE, CN=ECRaizEstado Example cert: https://crt.sh/?id=8322256 OCSP URI: http://ocsp.ecee.gov.pt DigiCert/Wells Fargo Bank, N.A.: DN: Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certification Authority 01 G2 Example cert: https://crt.sh/?id=2029493 OCSP URI: http://validator.wellsfargo.com/ DocuSign (OpenTrust/Keynectis) CCADB does not list an email address. Not CC'd. DN: C=FR, O=OpenTrust, OU=0002 478217318, CN=OpenTrust CA for AATL G1 Example cert: https://crt.sh/?q=8e409aaa332930d32acbab3b514c3e116b1b4d8cc6cf3dfc016a05f9c266f597 OCSP URI: http://get-ocsp.certificat.com/opentrustcaforaatlg1 Government of The Netherlands, PKIoverheid (Logius) (Fixed as of 2017-08-31) -Data removed for brevity IdenTrust (fixed as of 2017-08-31) -Data removed for brevity Izenpe S.A. (fixed as of 2017-09-05) -Data removed for brevity PROCERT CCADB does not list an email address. Not CC'd. However, this is already under discussion (among other issues) in https://bugzilla.mozilla.org/show_bug.cgi?id=1391058 DN: [email protected], L=Chacao, ST=Miranda, OU=Proveedor de Certificados PROCERT, O=Sistema Nacional de Certificacion Electronica, C=VE, CN=PSCProcert Example cert: https://crt.sh/?id=109516168 OCSP URI: http://ura.procert.net.ve/ocsp SECOM Trust Systems Co. Ltd. Email sent to [email protected] DN: C=JP, L=Academe, O=National Institute of Informatics, CN=NII Open Domain CA - G4 Example cert: https://crt.sh/?q=fc1c83a714148a269d787b4cd306b8f19165f1829b1b280c40315f03f85a9964 OCSP URI: http://niig4.ocsp.secomtrust.net DN: C=JP, O=CrossTrust, CN=CrossTrust DV CA3 Example cert: https://crt.sh/?q=525ae2e9fc4901507d30f7f381af765a81bd7276353651594be323205f5c93ef OCSP URI: http://dvca3.ocsp.crosstrust.net DN: C=JP, O=CrossTrust, CN=CrossTrust OV CA3 Example cert: https://crt.sh/?q=1857ba98deb0a30c2f6e5f064381420bae0a3bd1df2b6652a525a66b7030d505 OCSP URI: http://ovca3.ocsp.crosstrust.net DN: C=JP, O="FreeBit Co.,Ltd.", CN=YourNet SSL for business2 Example cert: https://crt.sh/?q=70a530cc67a67a1d1b010aad8370609f407d2d91987b59e5f71e51921f58a346 OCSP URI: http://freebitov2.ocsp.secomtrust.net DN: C=JP, O="FreeBit Co.,Ltd.", CN=YourNet SSL for domain2 Example cert: https://crt.sh/?q=731421bd0429723c8bb562ea469dba90095e790ed8c22482b32cbcd26f7c4235 OCSP URI: http://freebitdv2.ocsp.secomtrust.net DN: C=JP, O=FUJIFILM, CN=FUJIFILM Fnet CA - S Example cert: https://crt.sh/?q=3e1b4f7a037a7c8d830329b02f91a37405bb369639bebeb777b2b150204b995b OCSP URI: http://fnetcas.ocsp.secomtrust.net DN: C=JP, O=Fuji Xerox, CN=Fuji Xerox Xnet CA - S Example cert: https://crt.sh/?q=78606d4c88f75e783d39139d664889a4910d7146ae3b1da7b24c81f3df909b39 OCSP URI: http://xnetcas.ocsp.secomtrust.net DN: C=JP, O=INTEC INC., CN=EINS/PKI Public Certification Authority V2 Example cert: https://crt.sh/?q=90f07f5ae79e83cf8c75f946df031a165fa2553f3a3d04ae62368f81773a717f OCSP URI: http://intec.ocsp.secomtrust.net DN: C=JP, O=INTEC INC., CN=EINS/PKI Public Certification Authority V3 Example cert: https://crt.sh/?q=ad72b76954165daf1b9021c1fb2b9b648e978dc9862a525a88274ec1b7e9f61f OCSP URI: http://intec2.ocsp.secomtrust.net DN: C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G1 Example cert: https://crt.sh/?q=22a04b51e2be5e12726357431ee2568d707515c1f3f094123a391acb540acebb OCSP URI: http://dv.ocsp.pubcert.jprs.jp DN: C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Organization Validation Authority - G1 Example cert: https://crt.sh/?q=30748bde0a6fc2802e638511516745141f95c08b8bdf44e69bfb96b0ff2d7ad2 OCSP URI: http://ov.ocsp.pubcert.jprs.jp DN: C=JP, O=KAGOYA JAPAN Inc., CN=KAGOYA JAPAN Certification Authority Example cert: https://crt.sh/?q=5d2c95d1995e2dbce6f6db38eee7fbe5782965b3e24cec3c483761a4b09cf1a2 OCSP URI: http://kagoya.ocsp.secomtrust.net DN: C=JP, O=KDDI Web Communications Inc., CN=KDDI Web Communications Certification Authority Example cert: https://crt.sh/?q=0edc6f278d94a6a0c58f39169ba369b3e0273813bdad4c43e4a525c73ff9ed66 OCSP URI: http://kddiweb.ocsp.secomtrust.net DN: C=JP, O="Nijimo, Inc.", CN=FujiSSL Public Certification Authority - G1 Example cert: https://crt.sh/?q=460d994d73ed6b1db484dac0d525fcb3fbfdd2a0982183788c917c4b1d03d839 OCSP URI: http://nijimo.ocsp.secomtrust.net DN: C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1 Example cert: https://crt.sh/?q=c415cebfa3fc2ef3c74092b84265bad64c3fc9994c91177965667d7abee90588 OCSP URI: http://scrootca1.ocsp.secomtrust.net DN: C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA Example cert: https://crt.sh/?q=9cf126826bb66aa8b40cc33ca6410e789982373342218d4fd8d6da7d71a88914 OCSP URI: http://ev2.ocsp.secomtrust.net DN: C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV CA Example cert: https://crt.sh/?q=92ad0dd7ae67012cb96b33a96d24207f883af033d587deab402c70644d98e5be OCSP URI: http://ev.ocsp.secomtrust.net DN: C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web MH CA Example cert: https://crt.sh/?q=06ea91549c4c2d7aaf1b8c4b7c13ca25dc9456b2c187900b7c196a52561d08c0 OCSP URI: http://mh.ocsp.secomtrust.net DN: C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA Example cert: https://crt.sh/?q=625ee6aaca95caf9d8b130bc0ce1903286e90ccf32d014b1410e0fc8ad9a34c2 OCSP URI: http://sr30.ocsp.secomtrust.net DN: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication EV RootCA1 Example cert: https://crt.sh/?q=cbe221580a9800b7e4608d21f7d59e539a64d5c3996c722cf2cde908aa89d4ba OCSP URI: http://evroot.ocsp.secomtrust.net DN: C=JP, O="SECOM Trust Systems CO.,LTD.", OU=Security Communication RootCA2 Example cert: https://crt.sh/?q=7cf75f006ccff8da30d6ea2a2f7c50d0447aa2513ff4a4a37bf292470bba8c85 OCSP URI: http://scrootca2.ocsp.secomtrust.net DN: C=JP, O=XiPS, CN=XiPS CA2 Example cert: https://crt.sh/?q=ae7a6dcb4ead3fae08aa340576595bd02261c2e002f016a83374b3a70446cd06 OCSP URI: http://xips2.ocsp.secomtrust.net Symantec / GeoTrust *Removed from the list as Ryan Sleevi noted the subordinates in question are technically constrained* Visa Email sent to [email protected] DN: C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Issuing CA Example cert: https://crt.sh/?id=53550125 OCSP URI: http://ocsp.visa.com/ocsp _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
