SHA-1 issuance by Symantec root



CA Certificate Root Program
2 years ago
a year ago


(Reporter: gerv, Assigned: Kathleen Wilson)


Firefox Tracking Flags

(Not tracked)

Details is a EV CT pre-certificate for the domain name "" and 13 other SANs, which uses the SHA-1 hash algorithm and was issued in 2016. This cert was issued by the intermediate "Symantec Class 3 EV SSL CA - G2":
which chains up to "VeriSign Class 3 Public Primary Certification Authority - G5", a root certificate trusted by Mozilla to issue server certificates.

We recognise this certificate is a pre-cert and not a full cert. However, RFC6962 says:

"The signature on the TBSCertificate indicates the certificate authority's intent to issue a certificate. This intent is considered binding (i.e., misissuance of the Precertificate is considered equal to misissuance of the final certificate)."

Therefore, this issuance is in violation of the Baseline Requirements, which Mozilla policies require adherence to. Please can you explain what has happened, with particular reference to the following questions:

A) Does the CP/CPS of the relevant issuing CA forbid the use of SHA-1? If not, why not?

B) What is the audit status of the relevant issuing CAs?

C) What technical controls are in place within your CA to prevent SHA-1 issuance and how were they bypassed?

D) Was the full certificate in fact created? Was it transmitted to USAA?


Comment 1

2 years ago
Gerv, this was disclosed back in March and discussed on at!searchin/$3Aa9$3A32$3A73$3Aa4$3A19$3Ad1$3A64/

So it was. Thank you for that reminder; I had forgotten.

Reviewing that discussion, Sanjay Modi wrote:
"Following discussions with the customer who initiated this order, we have identified a technical deficiency in our system that allowed for hash algorithm modifications by a subset of customers to existing enrollments in limited circumstances, and only when pending administrator review prior to issuance.  We released a patch today to add this case to our system-wide SHA1 blocking mechanisms. In addition, as an added precaution, we are evaluating an update to actively change any SHA1 orders encountered in our system to SHA256."

I think if Mozilla wanted to take additional action regarding this cert, we should have taken it back then.

Last Resolved: 2 years ago
Resolution: --- → WONTFIX


a year ago
Product: → NSS
You need to log in before you can comment on or make changes to this bug.