[Bug 1271513]

Kwilson-r Fri, 12 Apr 2019 23:01:19 -0700

We recently added two tests that CAs must perform and resolve errors
for...


Test 1) Browse to https://crt.sh/ and enter the SHA-1 Fingerprint for
the root certificate. Then click on the 'Search' button. Then click on
the 'Run cablint' link. All errors must be resolved/fixed. Warnings
should also be either resolved or explained.

Output for Test1:
no errors (certificate not found via CT)

Test 2) Browse to http://cert-checker.allizom.org:3001/ and enter the
test website and click on the 'Browse' button to provide the PEM file
for the root certificate. Then click on 'run certlint'. All errors must
be resolved/fixed. Warnings should also be either resolved or explained.

Output for Test 2:
Using certificate chain from 'https://www.sede.fnmt.gob.es/certificados'

Using certificate from local file 'ACRAIZFNMT.cert'

    /C=ES/O=FNMT-RCM/OU=sede electr\xC3\xB3nica/OU=SEDE ELECTRONICA 
FNMT-RCM/serialNumber=Q2826004J/CN=www.sede.fnmt.gob.es
        Notice
            O could be encoded as PrintableString
            OU could be encoded as PrintableString
            CN could be encoded as PrintableString
        Informational
            No checks for DirectoryName
            TLS Server certificate identified
        Warning
            Unable to check unicode normalization of certificate policy 
explicit text
        Error
            BR certificates with organizationName must include either 
localityName or stateOrProvinceName
            BR certificates may not contain DirName type alternative names

...

    /C=ES/O=FNMT-RCM/OU=AC RAIZ FNMT-RCM
        Notice
            O could be encoded as PrintableString
            OU could be encoded as PrintableString
        Informational
            CA certificate identified
        Error
            CA certificates must include commonName in subject
~~

Please add a comment in this bug when the errors have been resolved.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1271513

Title:
  www.cert.fnmt.es certificates are not included in Mozilla products

To manage notifications about this bug go to:
https://bugs.launchpad.net/firefox/+bug/1271513/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1271513]

Reply via email to