Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

Doh - how did I miss that?! Thanks Ryan From: Ryan Sleevi Sent: Wednesday, June 17, 2020 4:11:46 PM To: Jeremy Rowley Cc: Mozilla Subject: Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types) It's right there under "Trust Filter" . Very top

Re: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

It's right there under "Trust Filter" . Very top of the page ;) e.g. https://crt.sh/ca-issuers?trustedExclude=expired%2Conecrl&trustedBy=Mozilla&trustedFor=Server+Authentication&dir=v&sort=2&rootOwner=&url=&content=&contentType= On Wed, Jun 17, 2020 at 5:18 PM Jeremy Rowley via dev-security-polic

RE: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

Is there a way to filter out the revoked and non-TLS/SMIME ICAs? -Original Message- From: dev-security-policy On Behalf Of Rob Stradling via dev-security-policy Sent: Wednesday, June 17, 2020 5:07 AM To: dev-security-policy Subject: crt.sh: CA Issuers monitor (was Re: CA Issuer AIA UR

crt.sh: CA Issuers monitor (was Re: CA Issuer AIA URL content types)

Inspired by last month's email threads and Bugzilla issues relating to CA Issuers misconfigurations, I've just finished adding a new feature to crt.sh... https://crt.sh/ca-issuers Sadly, this highlights plenty of misconfigurations and other problems: PEM instead of DER, certs for the wrong CAs,