On 01/10/2018 14:48, Adriano Santoni via dev-security-policy wrote:
Thank you Rob!
If I am not mistaken, it seems to me that we have just 1 certificate in
that list, and it's a non-trusted certificate (it was issued by a test CA).
For certs issued (and logged) within the last 1 week, yes, that's correct.
The summary page only deals with the past 1 week. However, once you
click on a link to (for example) https://crt.sh/?caid=31477&opt=cablint
("Actalis Domain Validation Server CA G1"), there's an undocumented
feature...
Add "minNotBefore=YYYY-MM-DD" to the URL to view linting info on older
certs issued by that CA.
e.g., https://crt.sh/?caid=31477&opt=cablint&minNotBefore=2018-01-01
(This feature is undocumented because not all historical certs have been
linted by crt.sh).
Il 01/10/2018 15:43, Rob Stradling via dev-security-policy ha scritto:
On 01/10/2018 14:38, Adriano Santoni via dev-security-policy wrote:
Is it possible to filter the list https://crt.sh/?cablint=issues
based on the issuing CA ?
Yes.
First, visit this page:
https://crt.sh/?cablint=1+week
Next, click on the link in the "Issuer CN, OU or O" column that
corresponds to the issuing CA you're interested in.
Il 01/10/2018 15:26, Doug Beattie via dev-security-policy ha scritto:
Hi Wayne and all,
I've been noticing an increasing number of CA errors,
https://crt.sh/?cablint=issues Is anyone monitoring this list and
asking
for misissuance reports for those that are not compliant? There are 15
different errors and around 300 individual errors (excluding the SHA-1
"false" errors). Some CAs are issuing certs to CNs of localhost, are
including RFC822 SANs, not including OCSP links and many more.
- Actalis,
- Digicert,
- Microsoft,
-
There are also some warning checks that should actually be errors like
underscores in CNs or SANs.
Doug
--
Rob Stradling
Senior Research & Development Scientist
Email: r...@comodoca.com
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy