Asseco DS / Certum: non-audited intermediate certificate
Categories
(CA Program :: CA Certificate Compliance, task)
Tracking
(Not tracked)
People
(Reporter: kathleen.a.wilson, Assigned: aleksandra.kapinos)
Details
(Whiteboard: [ca-compliance] )
Looking at https://crt.sh/mozilla-disclosures#disclosedwithinconsistentaudit I found that the following intermediate certificate is not listed in scope of an audit statement.
This cert either needs to be revoked and added to OnCRL, or needs to be included in scope of appropriate audits and audit statements.
Subject
CN=SSL.com Root Certification Authority RSA; O=SSL Corporation; C=US
Issuer
CN=Certum Trusted Network CA; OU=Certum Certification Authority; O=Unizeto Technologies S.A.; C=PL
SHA-256 Fingerprint
ACF718DF838E640051777D1947F51620E8D804BA186553AE52FC9811B5D34B8B
|
Assignee | |
Comment 1•6 years ago
|
||
This certificate are showed up in the new audit statement which covered the period March 27, 2018 to 4 March, 2019. Today, we updated the new audit report in CCADB and in Certum website https://www.certum.eu/en/cert_aboutus_about_webtrust/
|
||
Updated•6 years ago
|
|
|
Assignee | |
Comment 2•5 years ago
|
||
Do you have any additional question in this bug? If not, please close this bug.
|
|
||
Updated•5 years ago
|
|
||
Comment 3•5 years ago
|
||
It appears that this was a false positive. The certificate was issued on 11-Sept 2018 and appears on the audit report covering that date. CCADB still lists this certificate as being covered by the SSL.com audit, but a note states that it is listed in the Certum audit. The CP/CPS information in CCADB lists SSL.com's policies as applying to this certificate, which is correct assuming that SSL.com is in possession of the private key.
|
||
Updated•3 years ago
|
|
||
Updated•2 years ago
|
Description
•