Blacklisted certificates
Christoph Moench-Tegeder
cmt at burggraben.net
Wed Mar 31 11:02:26 UTC 2021
## Jochen Neumeister (joneum at FreeBSD.org):
> Why are this certificates blacklisted?
Various reasons:
- Symantec (which owned Thawte and VeriSign back in the time) made
the news in a bad way:
https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/
- some certificates are simply expired
- some certificates use SHA-1 ("sha1WithRSAEncryption") which is
beyond deprecated
- and basically "whatever Mozilla did", as the certificates are
imported from NSS.
Regards,
Christoph
--
Spare Space
More information about the freebsd-current
mailing list