Re: Digicert issued certificate with let's encrypts public key

Peter Gutmann via dev-security-policy Sat, 16 May 2020 20:19:24 -0700

Kurt Roeckx via dev-security-policy <dev-security-policy@lists.mozilla.org> 
writes:


>Browsing crt.sh, I found this: https://crt.sh/?id=1902422627
>
>It's a certificate for api.pillowz.kz with the public key of Let's Encrypt
>Authority X1 and X3 CAs.

How could that have been issued?  Since a (PKCS #10) request has to be self-
signed, does this mean Digicert aren't validating signatures on requests?

Peter.
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Re: Digicert issued certificate with let's encrypts public key

Reply via email to