Thanks to Kathleen for suggesting/requesting this new crt.sh feature... To facilitate compliance checking for the 3 test websites that BR 2.2 [1] requires for each root certificate, I've created this new report:
https://crt.sh/test-websites Anything in red on this page represents either: a misconfigured/non-compliant test website, a bug in my code, or an interesting edge case worthy of further discussion. Each test website is currently rechecked every 10 minutes. The code for the checker application is available at [2]. [1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.5.9.pdf "2.2. PUBLICATION OF INFORMATION ... The CA SHALL host test Web pages that allow Application Software Suppliers to test their software with Subscriber Certificates that chain up to each publicly trusted Root Certificate. At a minimum, the CA SHALL host separate Web pages using Subscriber Certificates that are (i) valid, (ii) revoked, and (iii) expired." [2] https://github.com/crtsh/test_websites_monitor -- Rob Stradling Senior Research & Development Scientist Sectigo Limited _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy