Revocation Tracker
Home
Batches
Recent CABLint issues
New Batch
Here are some batches people have created
Common Name not in SAN
Serial number greater than 20 octets
Metadata-only subject fields
IP addresses in dNSName SAN
Entrust metadata-only OU
No SAN
Bad OCSP
RSA signatures without parameters
SHA-1 OCSP responders, take 2
ROCA (CVE-2017-15361) fingerprints found
CAA Anomaly: SAN Wildcard/Nonwildcard Mix with restrictive issue and permissive issuewild tag
CAA Anomaly: SAN Wildcard/Nonwildcard Mix with restrictive issue and permissive issuewild tag - UPDATE
GlobalSign invalid SCTs
D-Trust Invalid SCTs
DigiCert: dNSNames containing underscores listed in bugzil.la/1515564
P-521 public keys
Invalid dnsName (Jan 2019)
Here are batches which have been completed
Invalid characters in dnsName
OCSP responder URL not HTTP
Serial numbers with <64 bits of entropy
Reserved IP Address
Invalid dnsName
O=U.S. Government for non-government entity
IdenTrust ACES BR-noncompliance
PROCERT Non-Random Serial Numbers
"Double-dot" domains
SwissSign negative serial numbers
Validity period for EV certs too long
Kamu SM <64 serial numbers
RSA key smaller than 2048 bits
Bad SAN types
certSIGN reported misissued
Bad wildcards
Amazon/DigiCert CAA Misissuances
Let's Encrypt CAA Misissuances
Comodo Early CAA Bug
Cloudflare/Comodo CAA Anomalies
Potentially mis-issued based on CAA records
Mis-issued due to CAA violation
Comodo CAA misissuances (https://bugzilla.mozilla.org/show_bug.cgi?id=1420858)
Comodo CAA misissuances (https://bugzilla.mozilla.org/show_bug.cgi?id=1423624)
.onion certificates without a 2.23.141.1.31 extension
Let's Encrypt CAA tag value case sensitivity
Sectigo: dNSNames containing underscores in certs expiring >= 2019-01-15
IP address in dnsName Jan 2019
Post-SC12 underscores (non-DC)