CABlint recent error summary since 2020-03-29

Some of these may be false-positives. You should review closely before taking action.

# of affected certificates CA CCADB Owner Severity Description
41630 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Extension should be critical for KeyUsage
41630 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
41630 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
41270 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Extension should be critical for KeyUsage
41270 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
41270 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
41066 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
41066 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Extension should be critical for KeyUsage
41066 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
41038 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
41038 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Extension should be critical for KeyUsage
41038 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
9417 C=US, ST=CA, L=San Francisco, O="CloudFlare, Inc.", CN=CloudFlare Inc ECC CA-2 DigiCert W Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
1236 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec End System usage
1236 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec User usage
1236 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec Tunnel usage
614 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=FujiSSL Public Validation Authority - G3 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
246 C=PL, O=home.pl S.A., CN=Certyfikat SSL Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
238 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
235 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
187 C=JP, O=National Institute of Informatics, CN=NII Open Domain CA - G5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
156 C=PL, O=Dreamcommerce S.A., OU=Dreamcommerce S.A., CN=Shoper® SSL Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
108 C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL Asseco Data Systems S.A. (previously Unizeto Certum) W commonNames in BR certificate contains U-labels
34 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 2 Buypass W Unknown Extension: 2.23.140.3.1
34 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 2 Buypass W Name has unknown attribute 2.5.4.97
24 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
21 C=ES, O=FNMT-RCM, OU=AC Componentes Informáticos Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) W Name has unknown attribute 2.5.4.97
21 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
18 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust DV CA5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
16 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=EINS/PKI Public Certification Authority V4 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
16 C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA China Financial Certification Authority (CFCA) W Extension should be critical for KeyUsage
16 C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015 HARICA W Name has unknown attribute 2.5.4.97
13 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Pro Extended Validation CA G2 DigiCert E EV certificates must include localityName in subject
10 CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) W Unknown Extension: 2.23.140.3.1
10 CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) W Name has unknown attribute 2.5.4.97
9 C=UY, O=Abitab S.A., OU=IDdigital, CN=Abitab SSL Organization Validated Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
9 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA DigiCert E EV certificates must include localityName in subject
8 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Class I CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
8 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA DigiCert W Extension should be critical for KeyUsage
7 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.7.2
7 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.15.2
7 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.11.2
6 C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
6 C=NL, 2.5.4.97=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1 QuoVadis W Name has unknown attribute 2.5.4.97
6 C=NL, 2.5.4.97=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1 QuoVadis W Unknown Extension: 2.23.140.3.1
6 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W commonNames in BR certificate contains U-labels
5 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Extended Validation CA G2 DigiCert E EV certificates must include localityName in subject
4 C=PL, O=LH.pl Sp. z o.o., OU=LH.pl, CN=www.lh.pl Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
4 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust EV CN RSA G1 DigiCert E EV certificates must include localityName in subject
4 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust OV CA5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
3 C=UY, O=Abitab S.A., OU=IDdigital, CN=Abitab SSL Domain Validated Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
3 C=CN, O=WoTrus CA Limited, CN=WoTrus OV SSL CA Asseco Data Systems S.A. (previously Unizeto Certum) W Duplicate SAN entry
3 C=NL, ST=Noord-Brabant, L=Son, OU=IT Services, O=Prodrive Technologies B.V., CN=Prodrive Technologies B.V. OV SSL Issuing CA GlobalSign W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
2 C=TW, O=行政院, CN=政府伺服器數位憑證管理中心 - G1 Chunghwa Telecom W Name has multiple localityName attributes
2 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA DigiCert W Unknown Extension: 2.23.140.1.31
2 C=FR, O=DHIMYOTIS, OU=0002 48146308100036, 2.5.4.97=NTRFR-48146308100036, CN=Certigna Wild CA Dhimyotis / Certigna W Name has unknown attribute 2.5.4.97
2 C=FR, O=DHIMYOTIS, OU=0002 48146308100036, 2.5.4.97=NTRFR-48146308100036, CN=Certigna Services CA Dhimyotis / Certigna W Name has unknown attribute 2.5.4.97
2 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA T-Systems International GmbH (Deutsche Telekom) W Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
2 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
2 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain Signing KDC Response usage
2 C=JP, O=Fuji Xerox, CN=Fuji Xerox Xnet CA - S2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
2 C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) W Name has unknown attribute 2.5.4.97
1 C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
1 C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 T-Systems International GmbH (Deutsche Telekom) W Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
1 C=PL, O=home.pl S.A., CN=Certyfikat SSL Asseco Data Systems S.A. (previously Unizeto Certum) W commonNames in BR certificate contains U-labels
1 C=IT, O=InfoCert S.p.A., OU=WSA Trust Service Provider, serialNumber=07945211006, CN=InfoCert Organization Validation CA 3 AC Camerfirma, S.A. W Name has unknown attribute 2.5.4.97
1 C=IT, O=InfoCert S.p.A., OU=WSA Trust Service Provider, serialNumber=07945211006, CN=InfoCert Organization Validation CA 3 AC Camerfirma, S.A. W Unknown Extension: 2.23.140.3.1
1 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust EV RSA CA 2018 DigiCert E EV certificates must include localityName in subject
1 CN=Apple IST CA 8 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.48.1
1 C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, CN=TeleSec Business CA 1 T-Systems International GmbH (Deutsche Telekom) W Name has deprecated attribute emailAddress
1 C=ES, OU=AC CAMERFIRMA, O=AC Camerfirma S.A., serialNumber=A82743287, L=Madrid (see current address at https://www.camerfirma.com/address), CN=Camerfirma AAPP II - 2014 AC Camerfirma, S.A. E BR certificates must not contain directoryName type alternative name
1 C=ES, O=FNMT-RCM, OU=CERES, serialNumber=Q2826004J, CN=AC Administración Pública Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) W Name has unknown attribute 2.5.4.97
1 C=JP, O=FUJIFILM, CN=FUJIFILM Fnet CA - S2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
1 C=ES, OU=AC CAMERFIRMA, O=AC Camerfirma S.A., serialNumber=A82743287, L=Madrid (see current address at https://www.camerfirma.com/address), CN=Camerfirma AAPP II - 2014 AC Camerfirma, S.A. E BR certificates must not contain rfc822Name type alternative name
1 C=ES, OU=AC CAMERFIRMA, O=AC Camerfirma S.A., serialNumber=A82743287, L=Madrid (see current address at https://www.camerfirma.com/address), CN=Camerfirma AAPP II - 2014 AC Camerfirma, S.A. E BR certificates with organizationName must include either localityName or stateOrProvinceName
1 C=CN, O=China Financial Certification Authority, CN=CFCA EV OCA China Financial Certification Authority (CFCA) W Extension should be critical for KeyUsage
1 C=RU, O=Yandex LLC, OU=Yandex Certification Authority, CN=Yandex CA Asseco Data Systems S.A. (previously Unizeto Certum) W commonNames in BR certificate contains U-labels
1 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Duplicate SAN entry
1 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.48.1
1 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.22.2
1 C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=HARICA SSL RSA SubCA R3 HARICA E Wildcard to immediate left of public suffix in SAN
1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA EV QWAC CA 2019 GlobalSign W Name has unknown attribute 2.5.4.97
1 C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain Signing KDC Response usage
1 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA T-Systems International GmbH (Deutsche Telekom) W Name has multiple commonName attributes
1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA EV QWAC CA 2019 GlobalSign W Unknown Extension: 2.23.140.3.1
1 C=US, O=DigiCert Inc, CN=DigiCert ECC Secure Server CA DigiCert W Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
1 C=ES, O=Firmaprofesional S.A., OU=Security Services, serialNumber=A62634068, CN=AC Firmaprofesional - INFRAESTRUCTURA Autoridad de Certificacion Firmaprofesional W Name has unknown attribute 2.5.4.97