On 01/10/2018 14:38, Adriano Santoni via dev-security-policy wrote:
Is it possible to filter the list https://crt.sh/?cablint=issues based
on the issuing CA ?
Yes.
First, visit this page:
https://crt.sh/?cablint=1+week
Next, click on the link in the "Issuer CN, OU or O" column that
corresponds to the issuing CA you're interested in.
Il 01/10/2018 15:26, Doug Beattie via dev-security-policy ha scritto:
Hi Wayne and all,
I've been noticing an increasing number of CA errors,
https://crt.sh/?cablint=issues Is anyone monitoring this list and asking
for misissuance reports for those that are not compliant? There are 15
different errors and around 300 individual errors (excluding the SHA-1
"false" errors). Some CAs are issuing certs to CNs of localhost, are
including RFC822 SANs, not including OCSP links and many more.
- Actalis,
- Digicert,
- Microsoft,
-
There are also some warning checks that should actually be errors like
underscores in CNs or SANs.
Doug
--
Rob Stradling
Senior Research & Development Scientist
Email: [email protected]
_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy
