CABlint recent error summary since 2020-01-11

Some of these may be false-positives. You should review closely before taking action.

# of affected certificates CA CCADB Owner Severity Description
2278 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Extension should be critical for KeyUsage
2278 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
2278 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
2257 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
2257 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Extension should be critical for KeyUsage
2257 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
2211 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Extension should be critical for KeyUsage
2211 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
2211 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
2200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
2200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
2200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Extension should be critical for KeyUsage
542 C=US, ST=CA, L=San Francisco, O="CloudFlare, Inc.", CN=CloudFlare Inc ECC CA-2 DigiCert W Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
55 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec User usage
55 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec End System usage
55 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec Tunnel usage
42 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=FujiSSL Public Validation Authority - G3 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
26 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
23 C=PL, O=Dreamcommerce S.A., OU=Dreamcommerce S.A., CN=Shoper® SSL Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
23 C=PL, O=home.pl S.A., CN=Certyfikat SSL Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
18 C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL Asseco Data Systems S.A. (previously Unizeto Certum) W commonNames in BR certificate contains U-labels
8 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust DV CA5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
8 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
6 C=JP, O=National Institute of Informatics, CN=NII Open Domain CA - G5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
4 C=FR, O=DHIMYOTIS, OU=0002 48146308100036, 2.5.4.97=NTRFR-48146308100036, CN=Certigna Services CA Dhimyotis / Certigna W Name has unknown attribute 2.5.4.97
3 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Class I CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
2 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
2 C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Organization Validation Authority - G2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
1 C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
1 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA DigiCert W Extension should be critical for KeyUsage
1 C=NL, O=KPN B.V., 2.5.4.97=NTRNL-27124701, CN=KPN BV PKIoverheid Organisatie Server CA - G3 Government of The Netherlands, PKIoverheid (Logius) W Duplicate SAN entry
1 C=JP, O="Nijimo, Inc.", CN=FujiSSL Public Certification Authority - G2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
1 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust OV CA5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
1 C=ES, O=FNMT-RCM, OU=AC Componentes Informáticos Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) W Name has unknown attribute 2.5.4.97
1 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress