Closed Bug 1675295 Opened 5 years ago Closed 5 years ago

Entrust: Invalid data in commonName fields

Categories

(CA Program :: CA Certificate Compliance, task)

Product:
CA Program
Component:
CA Certificate Compliance
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: fozzie, Assigned: bruce.morton)

Details

(Whiteboard: [ca-compliance])

I haven't found any certificates issued after 2020-08-17 (the revocation date in certificate #2 linked) so I think this issue has been fixed for new issuances.

Assignee: bwilson → bruce.morton
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Whiteboard: [ca-compliance]

George, it seems like those certificates were not issued by an SSL-enabled CA (all issued by https://crt.sh/?caid=114082), and don't use BR profile identifiers. Nor is that CA technically capable of issuing server or email certificates. The certificates are instead issued under the "Verified Mark Certificates" profile of Entrust's CPS, using the VMC Guidelines as their base profile, as can be found here: bimigroup.org/resources/VMC_Guidelines_latest.pdf

I think this is not a problem in the scope of Mozilla's root store.

I think you're right Matthias. I missed the OIDs on Censys. I'll close this as INVALID. Thanks!

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → INVALID
Product: NSS → CA Program
You need to log in before you can comment on or make changes to this bug.