Revocation Tracker

CABlint recent error summary since 2020-06-27

Some of these may be false-positives. You should review closely before taking action.

# of affected certificates	CA	CCADB Owner	Severity	Description
28666	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
28666	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Extension should be critical for KeyUsage
28666	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
28463	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
28463	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
28463	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Extension should be critical for KeyUsage
28315	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
28315	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Extension should be critical for KeyUsage
28315	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
28234	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Extension should be critical for KeyUsage
28234	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
28234	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
5194	C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3	DigiCert	W	Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
797	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
797	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
764	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
764	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
519	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec End System usage
519	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec Tunnel usage
519	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec User usage
381	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=FujiSSL Public Validation Authority - G3	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
124	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
107	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
107	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
94	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
94	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
22	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	Deutsche Telekom Security GmbH	W	TLS Server auth certificates should not contain Signing KDC Response usage
22	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	Deutsche Telekom Security GmbH	W	TLS Server auth certificates should not contain Microsoft Smartcard Login usage
22	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	Deutsche Telekom Security GmbH	W	Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
18	CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)	W	Name has unknown attribute 2.5.4.97
18	CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)	W	Unknown Extension: 2.23.140.3.1
17	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
16	C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA	China Financial Certification Authority (CFCA)	W	Extension should be critical for KeyUsage
16	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=EINS/PKI Public Certification Authority V4	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
12	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust DV CA5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
11	C=PL, O=Dreamcommerce S.A., OU=Dreamcommerce S.A., CN=Shoper® SSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
9	C=PL, O=home.pl S.A., CN=Certyfikat SSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
9	C=ES, O=FNMT-RCM, OU=AC Componentes Informáticos	Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)	W	Name has unknown attribute 2.5.4.97
8	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust OV CA5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
8	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
6	C=US, O=DigiCert Inc, CN=DigiCert ECC Secure Server CA	DigiCert	W	Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
4	C=ES, O=Firmaprofesional S.A., OU=Security Services, serialNumber=A62634068, CN=AC Firmaprofesional - INFRAESTRUCTURA	Autoridad de Certificacion Firmaprofesional	W	Name has unknown attribute 2.5.4.97
4	C=CN, O=China Financial Certification Authority, CN=CFCA EV OCA	China Financial Certification Authority (CFCA)	W	Extension should be critical for KeyUsage
3	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.11.1
3	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	DigiCert	W	Extension should be critical for KeyUsage
3	C=JP, O=Fuji Xerox, CN=Fuji Xerox Xnet CA - S2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
3	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.15.1
3	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.7.1
2	C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	commonNames in BR certificate contains U-labels
2	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.7.2
2	C=NL, ST=Noord-Brabant, L=Son, OU=IT Services, O=Prodrive Technologies B.V., CN=Prodrive Technologies B.V. OV SSL Issuing CA	GlobalSign	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
2	C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
2	C=TW, O=行政院, CN=政府伺服器數位憑證管理中心 - G1	Chunghwa Telecom	W	Name has multiple localityName attributes
2	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.15.2
2	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.11.2
1	C=RO, O=CERTSIGN SA, CN=certSIGN Web CA, organizationIdentifier=VATRO-18288250	certSIGN	W	Unknown Extension: 2.23.140.3.1
1	C=RO, O=CERTSIGN SA, CN=certSIGN Web CA, organizationIdentifier=VATRO-18288250	certSIGN	W	Name has unknown attribute 2.5.4.97
1	C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02	Deutsche Telekom Security GmbH	W	Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
1	C=NL, organizationIdentifier=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1	QuoVadis	W	Unknown Extension: 2.23.140.3.1
1	C=NL, organizationIdentifier=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1	QuoVadis	W	Name has unknown attribute 2.5.4.97
1	C=JP, O="Nijimo, Inc.", CN=FujiSSL Public Certification Authority - G2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
1	C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02	Deutsche Telekom Security GmbH	W	TLS Server auth certificates should not contain Microsoft Smartcard Login usage
1	C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02	Deutsche Telekom Security GmbH	W	TLS Server auth certificates should not contain Signing KDC Response usage