Izenpe: Certificates not disclosed in CCADB
Categories
(CA Program :: CA Certificate Compliance, task)
Tracking
(Not tracked)
People
(Reporter: kwilson, Assigned: o-garcia)
References
Details
(Whiteboard: [ca-compliance])
https://crt.sh/mozilla-disclosures#undisclosed is reporting that the following certificate is not disclosed in the CCADB.
https://crt.sh/?sha256=c7cf9edf18f88c5ce35e9de88c6f5c21ad8a4e742da74cc71468807094d82d6b&opt=mozilladisclosure
Serial Number:
24:c5:c8:aa:56:6f:8e:e8:4c:be:a7:05:5c:e1:64:a4
Signature Algorithm: sha256WithRSAEncryption
Issuer: (CA ID: 337)
commonName = Izenpe.com
organizationName = IZENPE S.A.
countryName = ES
Validity
Not Before: Oct 20 08:23:33 2010 GMT
Not After : Dec 12 23:00:00 2037 GMT
Subject: (CA ID: 535)
commonName = EAEko Herri Administrazioen CA - CA AAPP Vascas (2)
organizationalUnitName = AZZ Ziurtagiri publikoa - Certificado publico SCA
organizationName = IZENPE S.A.
countryName = ES
Reporter | ||
Updated•4 years ago
|
Comment 1•4 years ago
|
||
I think someone has added a "NULL" bit at the end of the certificate to create a second SHA2 hash for an already known/disclosed CA certificate.
Reporter | ||
Comment 2•4 years ago
|
||
Indeed, when I search for that serial number in the CCADB, it finds the disclosed certificate.
Comment 3•4 years ago
|
||
The "NULL" signature parameters are actually correct for an RSA signature. The problem here is that the signature parameters within the TBSCertificate are missing the required "NULL" parameters, which I suppose means that https://crt.sh/?id=1477430 was misissued (although presumably that occurred in ~2010, before BRs v1.0).
I've deleted the duplicate certificate record mentioned in comment #0 from the crt.sh database so that https://crt.sh/mozilla-disclosures stops flagging it.
Reporter | ||
Comment 4•4 years ago
|
||
Looks like this was a false positive, so closing as INVALID.
However, I encourage Izenpe to consider replacing their old, long-lived intermediate certs with newer BR-compliant certs.
Assignee | ||
Comment 5•4 years ago
|
||
We'll keep in mind.
Thanks
Updated•1 year ago
|
Description
•