Hi, I discovered a certificate with a compromised key. While this would usually be an uninteresting event, I think this one is a bit more unusual.
This certificate https://crt.sh/?id=15456747789 issued by Digicert for *.digicert-demo.com uses this key (a test key from OpenSSL's source code): https://github.com/openssl/openssl/blob/master/test/certs/leaf.key As this is a hostname that is owned by the CA itself, it makes me wonder how this happened. The certificate was revoked quickly after I reported it to Digicert. -- Hanno Böck - Independent security researcher https://itsec.hboeck.de/ https://badkeys.info/ -- You received this message because you are subscribed to the Google Groups "[email protected]" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/mozilla.org/d/msgid/dev-security-policy/20241125164859.326b3b7d%40computer.
