Hi, As I mentioned in my previous mail I found some instances of CAs pointing to PEM encoded certificates in their AIA fields, while they should be DER encoded.
I found such instances for 4 CAs, I'll list them with one example cert and the URL of the referenced intermediate. Entrust/Affirmtrust: https://crt.sh/?id=2747041731 http://aia.affirmtrust.com/aftov1ca.crt Telia: https://crt.sh/?id=2793617446 http://repository.trust.teliasonera.com/teliasoneraservercav2.cer Multicert: https://crt.sh/?id=2369674005 http://pki.multicert.com/cert/SSL_CA01.cer TWCA: https://crt.sh/?id=1238438742 http://sslserver.twca.com.tw/cacert/secure_sha2_2014.crt I have informed all 4 CAs via their problem reporting mechanism from CCADB. -- Hanno Böck https://hboeck.de/ _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
