答复: Certificate Problem Report (9WG: CFCA certificate with invalid domain)

Thu, 28 Feb 2019 19:57:47 -0800 

Dear Mozilla:
      This problem had been confirmed. We contacted the customer and
confirmed this certificate haven't been deployed to production system, no
damage is caused. This certificate had been revoked in March 1, 2019. We had
fixed this bug in February 27 update.

Best wishes!

Jonathan Sun
Certificate Product Manager 
International Coperation Group
Tel: +86 010 80864127


-----邮件原件-----
发件人: Buschart, Rufus <[email protected]> 
发送时间: 2019年2月28日 19:00
收件人: [email protected]
主题: Certificate Problem Report (9WG: CFCA certificate with invalid domain)

Dear  PKI team at CFCA!

There is a misissued certificate
https://crt.sh/?id=1231965201&opt=cablint,x509lint,zlin from your CA which
is not revoked yet. I think you should have a look.


With best regards,
Rufus Buschart

Siemens AG
Information Technology
Human Resources
PKI / Trustcenter
GS IT HR 7 4
Hugo-Junkers-Str. 9
90411 Nuernberg, Germany
Tel.: +49 1522 2894134
mailto:[email protected]
www.twitter.com/siemens

www.siemens.com/ingenuityforlife

Siemens Aktiengesellschaft: Chairman of the Supervisory Board: Jim Hagemann
Snabe; Managing Board: Joe Kaeser, Chairman, President and Chief Executive
Officer; Roland Busch, Lisa Davis, Klaus Helmrich, Janina Kugel, Cedrik
Neike, Michael Sen, Ralf P. Thomas; Registered offices: Berlin and Munich,
Germany; Commercial registries: Berlin Charlottenburg, HRB 12300, Munich,
HRB 6684; WEEE-Reg.-No. DE 23691322

> -----Ursprüngliche Nachricht-----
> Von: dev-security-policy 
> <[email protected]> Im Auftrag von 
> michel.lebihan2000--- via dev-security-policy
> Gesendet: Mittwoch, 27. Februar 2019 08:54
> An: [email protected]
> Betreff: CFCA certificate with invalid domain
> 
> Hello,
> 
> I noticed this certificate 
> https://crt.sh/?id=1231965201&opt=cablint,x509lint,zlint that has an 
> invalid domain `mail.xinhua08.con` in SANs. This looks like a typo and
`mail.xinhua08.com` is present in other certificates. Such an issue makes me
wonder about the quality of their validation.
> _______________________________________________
> dev-security-policy mailing list
> [email protected]
> https://lists.mozilla.org/listinfo/dev-security-policy

_______________________________________________
dev-security-policy mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to