https://crt.sh/?id=21813439 is a certificate issued by this CA which has a domain name in the common name but only an email address in the SAN. (The certificate has TLS server/client usage EKUs.)
==> The CA proceeded to notify the end entity of the certificate https://crt.sh/?id=21813439. The certificate is revoked on 28/07/2017. No new certificate is issued by TunServerCA2.to this end entity. ******** https://crt.sh/?id=99182607 is a revoked certificate issued by this CA which has a domain name in the common name which does not match the domain name in the SAN, which is for a different TLD. (A new certificate with both names in SANs, https://crt.sh/?id=99462700 , has a notBefore which appears to have around the same timestamp as the revocation.) ==> Yes the CA has revoked the certificate https://crt.sh/?id=99182607 on 2017-03-03 and issue a new one for the end entity https://crt.sh/?id=99462700. The new certificate contains both names in SAN (DNS=vpn.tunisieclearing.com and Nom DNS=vpn.tunisieclearing.tn). The CA, at the time of issuance, has verified that the Applicant had the right to use and had the control of the both Domain Names. ********* https://crt.sh/?id=15126121 is an expired certificate (notBefore March 2016; notAfter March 2017) issued by this CA which has a wildcard name in the common name while the SAN contains specific domain names that would be covered by the wildcard only. ==> The CA has revoked the certificate https://crt.sh/?id=15126121 on 2016-03-21 when the CA discover the mistake in the SAN extension. A new certificate is issued on the same day (2016-03-21) with the right SAN (*.sonede.com.tn). See the certificate below: -----BEGIN CERTIFICATE----- MIIGuTCCBKGgAwIBAgIQQVkWAyEXAyAwgwPw3/OEojANBgkqhkiG9w0BAQsFADB8 MQswCQYDVQQGEwJUTjEuMCwGA1UEChMlTmF0aW9uYWwgRGlnaXRhbCBDZXJ0aWZp Y2F0aW9uIEFnZW5jeTE9MDsGA1UEAxM0VHVuaXNpYW4gU2VydmVyIENlcnRpZmlj YXRlIEF1dGhvcml0eSAtIFR1blNlcnZlckNBMjAeFw0xNjAzMjEwMDAwMDBaFw0x NzAzMjAyMzU5NTlaMIHMMQswCQYDVQQGEwJUTjFBMD8GA1UECgw4U1RFIE5BVElP TkFMRSBEIEVYUExPSVRBVElPTiBFVCBERSBESVNUUklCVVRJT04gREVTIEVBVVgx KDAmBgNVBAsMH0RJUkVDVElPTiBDRU5UUkFMRSBJTkZPUk1BVElRVUUxGDAWBgNV BAMMDyouc29uZWRlLmNvbS50bjEmMCQGCSqGSIb3DQEJARYXd2VibWFzdGVyQHNv bmVkZS5jb20udG4xDjAMBgNVBAcMBVRVTklTMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAtUqxkjJGrnLQ+fx4vif+PV9FlwTByGoQ5F/2Kc67u9iM0zBt ttkcUHzdwoSkPLaYKezT3FQhuE7c1BKRBfne95zmDJ6kKbvoehUG6niJP6qOQ5p2 aT3oHPI87e20SQPFvvZMSbDftDq9/cH/69d+NkSlfAvihks7hp/zZv9QDdxaZh/O SfA12SRUy0/Q2n7VKnJrUPBK3Ydyl0KOS5p6LNxOUG4faJ9Fil3OO2b54etyMMcc QTiDqwDUXMohR3KzCQpUD9RGba41Stqwj7PO25YtNJbSSfCq5Sn9nZn8K9iapIDQ 1uwLO+VJf2SwEZl4iZulAhmXLieq/lv+oZreWQIDAQABo4IB5DCCAeAwDAYDVR0T AQH/BAIwADAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG AQUFBwMCMBoGA1UdEQQTMBGCDyouc29uZWRlLmNvbS50bjAfBgNVHSMEGDAWgBSH q/dpS1D2YVf/P1uOHXDGomyqxjA9BgNVHR8ENjA0MDKgMKAuhixodHRwOi8vY3Js LmNlcnRpZmljYXRpb24udG4vVHVuU2VydmVyQ0EyLmNybDB7BggrBgEFBQcBAQRv MG0wLQYIKwYBBQUHMAGGIWh0dHA6Ly9vY3NwLmNlcnRpZmljYXRpb24udG46ODA4 MDA8BggrBgEFBQcwAoYwaHR0cDovL3d3dy5jZXJ0aWZpY2F0aW9uLnRuL3B1Yi9U dW5TZXJ2ZXJDQTIuY3J0MIGnBgNVHSAEgZ8wgZwwgZkGCGCGFAECBgEIMIGMMCwG CCsGAQUFBwIBFiBodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLnRuL2NwczBcBggr BgEFBQcCAjBQMCwWJU5hdGlvbmFsIERpZ2l0YWwgQ2VydGlmaWNhdGlvbiBBZ2Vu Y3kwAwIBARogaHR0cHM6Ly93d3cuY2VydGlmaWNhdGlvbi50bi9ycGEwDQYJKoZI hvcNAQELBQADggIBABUXwoV4YIrF4SVRUsb/dPhCO0uxcyVylVGz2y+OIDIsuy+d 7yJl4gCeLsMIIexWVqupnx1qzX8LR6ZMpVWbTeie0EFOppBU6S1OcFvf+6kQ9FNa RwCUn+fcYr5+NQRZD2OmfIeiqJ/vo0yNKQ2j5KENG1JZ8AgyeJ1RBK8IxAHNe9oE sdqjxXL54fh6t4zxfgavaRv9dZo+Ph4udEq1Ea/dKXg0pfsM1/bVpO+V1yaiL+lk fH/diGWUVV5HTlmtPCXU3idUKZytOWsP+NljHxQAmVzv38aAvvC9r2Dgc/MScCHP b7iBDDfwZRVj78MIAjHlf5cOAUCAJUmEC0lXnBNSRKAmYThCr+SVuKrqcwGcq5+X yNo46/ba6y/M/Q3TPCgDlFzgpxJ2Ox3jntSuA6qhLgJagC1HJce0wqAfCy4rAYuD WpsGr0rm65DSYgr+MZlcp4UNE1M+plKl7rXClYg5lRVX1c4glYr9+Do05z49ZRHq 1C8LpHbBYkDVbz/EsuDLZ+Y1wpo4Nec+PEfKm/Tc6Cyfr8JmHOhJ/YmaRg2UBh2q 1PE3gKyb5SZmmLmFBgwO5G91EvQOCSyuI/s7bzP5ra392q7Z9iFzadETjGjflWEq pMMUmphu3cCez871AUvDhMKKDlEdGob8Xw3RTwz485FuUdL8qb2vw36Jhhki -----END CERTIFICATE----- ********** https://crt.sh/?id=10975511 is an expired certificate with a notBefore of Oct 2015 and notAfter of Oct 2016 issued by this CA with an iPAddress SAN of 127.0.0.1. (I believe that by 2014, the BRs rohibited issuing internal name certs with validity past November 2015.) ==>Yes https://crt.sh/?id=10975511 is an expired certificate which contain an IPAddress SAN of 127.0.0.1. The new certificate for the end entity (mail.tunisiaexport.tn) has been issued by the CA on 14-12-2016. See certificate below: -----BEGIN CERTIFICATE----- MIIGqTCCBJGgAwIBAgIQQVkWEhQXEhOUxb2pudH/dDANBgkqhkiG9w0BAQsFADB8 MQswCQYDVQQGEwJUTjEuMCwGA1UEChMlTmF0aW9uYWwgRGlnaXRhbCBDZXJ0aWZp Y2F0aW9uIEFnZW5jeTE9MDsGA1UEAxM0VHVuaXNpYW4gU2VydmVyIENlcnRpZmlj YXRlIEF1dGhvcml0eSAtIFR1blNlcnZlckNBMjAeFw0xNjEyMTQwMDAwMDBaFw0x NzEyMTMyMzU5NTlaMIGkMQswCQYDVQQGEwJUTjEOMAwGA1UEChMFQ0VQRVgxHzAd BgNVBAsTFkRJUkVDVElPTiBDRU5UUkFMRSBUSUMxHjAcBgNVBAMTFW1haWwudHVu aXNpYWV4cG9ydC50bjEuMCwGCSqGSIb3DQEJARYfYWRtaW5pc3RyYXRldXJAdHVu aXNpYWV4cG9ydC50bjEUMBIGA1UEBxMLVFVOSVMgQ0VERVgwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQDBhGvVLiT77ZY3DwlHO/1wzU58lyoINz5JH9xp 2FU1oyuQ3QXS3uRSjpn4ndCmo1jV1Tm88rmSw0/v0I7lRK3JFnAOo3HEScNMOiv4 JQb/qVNdCMJNdwL4pmgUSguRU/j0Ti7LPK6ThONoy6mOb0autkhFSbfxXI/li1cF IUz/G715gBTMMAY0maS6eCPmnOiKQtqyHXdj95rhsKhPlJjSvUntTzMHBtjMiPmj qkax5lJH4kRYcq++Q+pmmTY/osuBWDWD4bLYRjzNV6Wi5PkH6uEFaoqmRhJhq0Bs dNo1Bqhhv90bXh246q3170gbLjcnVaJIb8QpoUQOgK1SsYK3AgMBAAGjggH8MIIB +DAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwHwYDVR0jBBgwFoAUh6v3 aUtQ9mFX/z9bjh1wxqJsqsYwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2NybC5j ZXJ0aWZpY2F0aW9uLnRuL1R1blNlcnZlckNBMi5jcmwwewYIKwYBBQUHAQEEbzBt MC0GCCsGAQUFBzABhiFodHRwOi8vb2NzcC5jZXJ0aWZpY2F0aW9uLnRuOjgwODAw PAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cuY2VydGlmaWNhdGlvbi50bi9wdWIvVHVu U2VydmVyQ0EyLmNydDCBpwYDVR0gBIGfMIGcMIGZBghghhQBAgYBCDCBjDAsBggr BgEFBQcCARYgaHR0cHM6Ly93d3cuY2VydGlmaWNhdGlvbi50bi9jcHMwXAYIKwYB BQUHAgIwUDAsFiVOYXRpb25hbCBEaWdpdGFsIENlcnRpZmljYXRpb24gQWdlbmN5 MAMCAQEaIGh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24udG4vcnBhMDgGA1UdEQQx MC+CFW1haWwudHVuaXNpYWV4cG9ydC50boIWY2VwZXgtbWFpbC5DRVBFWC1OVC5U TjAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DANBgkqhkiG9w0BAQsFAAOCAgEAR0KY nSesbliAs0OtMnTWzNM1UtZdw9FeuB8BwSq26OQRFjbK37f76GDuRRmqNvzH0Kea aK0HEiMpqTBlP37E2W7gp7ZXtYnERtbDz2gt9+X151dyoChAW3/mkLWVTQe0iEon Oh8BuCsM56d3T2hB8inE0OIN/2794LAOIivmhI+6AK/iSzGemT2YO/+mZx6dMddr PMkBdv+nKxa/vpL4fBhwkTWI2s9tDpVlB3Bok91K49oyPFo7J0zRWUzjkckLlMe5 mXRbXg9LiwDrcsNuuo/dyFMGZwEO9Y85uAOBGrUHUr3S819gfZkOz8wpZTxxEipT BF+mjx/yNpat6ys0p9PQthlrHi99eadJGspszR3MAC5rx4q2B2mXynmtYGJqaHZh kG6mLQfHSyOneIkIw5p5gPFGvXklgSULtgOWBnzHR7DH7HvN8776mLZFUn++BU17 JC/nZ7/xV4TeM6LchODP9NqxNE1z1HIgAH4jVAdV9C8mRzAON5qTo5GzNtq/BmRq UiP38X66NhjG3kCSTNphuM5o/Cgoo/fH2wgeDdkDdYJNQ3GFmTgbQEQNHG+H6SNW 0bzIyzmpB65XuQ2c66AwhTE8Dvyk5yzfOQeKXa8pNkojGkBLZ2OzJSKiUl5tNMVe +Y2fb5FZtFMdzJ/WD0XmyPxRbhPJMtmsm8VCE4A= -----END CERTIFICATE----- ************************************** https://crt.sh/?id=79470561&opt=cablint is a certificate for the internal name 'adv-ail.calladvance.local' issued by this CA with a not Before of 2017. ==> The CA proceeded to notify the end entity of the certificate https://crt.sh/?id=79470561&opt=cablint. The certificate is revoked on 28/07/2017 and replaced by a new certificate which does not contain in SAN extension the internal name "adv-mail.calladvance.local". See ertificate below: -----BEGIN CERTIFICATE----- MIIGzDCCBLSgAwIBAgIQQVkXBygYAQhwsemy3u00aTANBgkqhkiG9w0BAQsFADB8 MQswCQYDVQQGEwJUTjEuMCwGA1UEChMlTmF0aW9uYWwgRGlnaXRhbCBDZXJ0aWZp Y2F0aW9uIEFnZW5jeTE9MDsGA1UEAxM0VHVuaXNpYW4gU2VydmVyIENlcnRpZmlj YXRlIEF1dGhvcml0eSAtIFR1blNlcnZlckNBMjAeFw0xNzA3MjgwMDAwMDBaFw0x ODAxMDgyMzU5NTlaMIGuMQswCQYDVQQGEwJUTjEeMBwGA1UEChMVQURWQU5DSUEg VEVMRVNFUlZJQ0VTMRUwEwYDVQQLEwxESVJFQ1RJT04gSVQxJzAlBgNVBAMTHm1h aWwuYWR2YW5jaWEtdGVsZXNlcnZpY2VzLmNvbTEuMCwGCSqGSIb3DQEJARYfYWRt aW5AYWR2YW5jaWEtdGVsZXNlcnZpY2VzLmNvbTEPMA0GA1UEBxMGVFVOSVNBMIIB IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtw1jMHicoELF3MkXQKu2oNjR 6k/apP0qodi8WFdlLulET1WkxvQr30j0tRAkiTuvH9P1qNVKOAXpalBtOpJXGfxH eT+et28LZ9p+lGlkKsCElP8d8lotMYzkFbndgMc0ed61jZEhkoBHzObibECzA2kI m8q7nXAMjz5s726rUVS3jR3E5Zn3X4Bw5gYzrkFhcUG7w9Rf4MNfz9hrRqiH0j0+ XBYVm41X+qnJrnLt9GBI+eYbWuIkt1TROQQbCpwrC0vrjkBfB6739hpbiID7o9Vg 01/AnfStIhqZTTLfLGt4N0dgBEHMSRWzzuffA8oOfrDLWH24OBs/PLmkj25wDQID AQABo4ICFTCCAhEwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1Ud IwQYMBaAFIer92lLUPZhV/8/W44dcMaibKrGMD0GA1UdHwQ2MDQwMqAwoC6GLGh0 dHA6Ly9jcmwuY2VydGlmaWNhdGlvbi50bi9UdW5TZXJ2ZXJDQTIuY3JsMHsGCCsG AQUFBwEBBG8wbTAtBggrBgEFBQcwAYYhaHR0cDovL29jc3AuY2VydGlmaWNhdGlv bi50bjo4MDgwMDwGCCsGAQUFBzAChjBodHRwOi8vd3d3LmNlcnRpZmljYXRpb24u dG4vcHViL1R1blNlcnZlckNBMi5jcnQwgacGA1UdIASBnzCBnDCBmQYIYIYUAQIG AQgwgYwwLAYIKwYBBQUHAgEWIGh0dHBzOi8vd3d3LmNlcnRpZmljYXRpb24udG4v Y3BzMFwGCCsGAQUFBwICMFAwLBYlTmF0aW9uYWwgRGlnaXRhbCBDZXJ0aWZpY2F0 aW9uIEFnZW5jeTADAgEBGiBodHRwczovL3d3dy5jZXJ0aWZpY2F0aW9uLnRuL3Jw YTAJBgNVHRMEAjAAMAsGA1UdDwQEAwIF4DBRBgNVHREESjBIgh5tYWlsLmFkdmFu Y2lhLXRlbGVzZXJ2aWNlcy5jb22CJmF1dG9kaXNjb3Zlci5hZHZhbmNpYS10ZWxl c2VydmljZXMuY29tMA0GCSqGSIb3DQEBCwUAA4ICAQADMlsU8yAX+wT9VwKMFqEM fD0da3gNesgSvy77TM1F4R5fOkWvYsJ9vv0TbxY5jvyvaG90MxnE86uptNgS+BSZ dKnXkRBeM9X/cUsmJU1mnkmHCdG9vqRldGjhcbqmBd5hsCaBGi4i5aSxUcKMZ8Yi UTxa0dQAUzvIxqjLSpVtx+ZRD0Tu1zx/Hgw+qiKxFqZnm1aao94gB3zca3UB5Bwf tM23pSbHGct6nFZPzKj5URFX+pgFEeZ62kLLx52ejSyJJ0mqiz4OmDEE8Gnr/Ifz /qZ7S3bpAJRlq33l2n/+GWT1Q+lM9fGdJX526bTviaoAMbhhQHizCh60eP6q02mN R0aY4Es2rJ4vJWM/pCw6RgSeud+jWxej9S2q0e9AajLJRtPsnQh3UxEfUn4xc11m LfOUYJZpJFVZQF4C5RLoLeff4NgqdxTLuh9DF7vH5jyDNMLMvX8hhqMLBcEA9DGA Tb9fSNVRGQXZO3Ad+2AWyZYHE5dHS8NfKm3mu8a+j00OVxHNTn8tKGIN1cNcwb14 CyqiboCdipcZpuTTv1VYBsH9Si7jAk+JZVAyipiqSTT2LVtnO2BQU3M8fWQulrxJ XrvvSfgUrF63GH0F0XipK14CfplnMUWp27gPGyztRhGFUuq34D4UYut7LmiCIlUY w8BN8ZBFiUDOSmydQeB6ew== -----END CERTIFICATE----- Olfa Kaddachi _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
