Kurt Roeckx via dev-security-policy <[email protected]> writes:
>Browsing crt.sh, I found this: https://crt.sh/?id=1902422627 > >It's a certificate for api.pillowz.kz with the public key of Let's Encrypt >Authority X1 and X3 CAs. How could that have been issued? Since a (PKCS #10) request has to be self- signed, does this mean Digicert aren't validating signatures on requests? Peter. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
