CABlint recent error summary since 2020-03-29

Some of these may be false-positives. You should review closely before taking action.

# of affected certificates	CA	CCADB Owner	Severity	Description
41630	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Extension should be critical for KeyUsage
41630	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
41630	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
41270	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Extension should be critical for KeyUsage
41270	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
41270	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
41066	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
41066	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Extension should be critical for KeyUsage
41066	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
41038	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
41038	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Extension should be critical for KeyUsage
41038	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
9417	C=US, ST=CA, L=San Francisco, O="CloudFlare, Inc.", CN=CloudFlare Inc ECC CA-2	DigiCert	W	Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
1236	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec End System usage
1236	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec User usage
1236	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec Tunnel usage
614	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=FujiSSL Public Validation Authority - G3	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
246	C=PL, O=home.pl S.A., CN=Certyfikat SSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
238	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
235	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
187	C=JP, O=National Institute of Informatics, CN=NII Open Domain CA - G5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
156	C=PL, O=Dreamcommerce S.A., OU=Dreamcommerce S.A., CN=Shoper® SSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
108	C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	commonNames in BR certificate contains U-labels
34	C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 2	Buypass	W	Unknown Extension: 2.23.140.3.1
34	C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 2	Buypass	W	Name has unknown attribute 2.5.4.97
24	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
21	C=ES, O=FNMT-RCM, OU=AC Componentes Informáticos	Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)	W	Name has unknown attribute 2.5.4.97
21	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
18	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust DV CA5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
16	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=EINS/PKI Public Certification Authority V4	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
16	C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA	China Financial Certification Authority (CFCA)	W	Extension should be critical for KeyUsage
16	C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=Hellenic Academic and Research Institutions RootCA 2015	HARICA	W	Name has unknown attribute 2.5.4.97
13	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Pro Extended Validation CA G2	DigiCert	E	EV certificates must include localityName in subject
10	CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)	W	Unknown Extension: 2.23.140.3.1
10	CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)	W	Name has unknown attribute 2.5.4.97
9	C=UY, O=Abitab S.A., OU=IDdigital, CN=Abitab SSL Organization Validated	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
9	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	DigiCert	E	EV certificates must include localityName in subject
8	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Class I CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
8	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	DigiCert	W	Extension should be critical for KeyUsage
7	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.7.2
7	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.15.2
7	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.11.2
6	C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
6	C=NL, 2.5.4.97=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1	QuoVadis	W	Name has unknown attribute 2.5.4.97
6	C=NL, 2.5.4.97=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1	QuoVadis	W	Unknown Extension: 2.23.140.3.1
6	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	commonNames in BR certificate contains U-labels
5	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Extended Validation CA G2	DigiCert	E	EV certificates must include localityName in subject
4	C=PL, O=LH.pl Sp. z o.o., OU=LH.pl, CN=www.lh.pl	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
4	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust EV CN RSA G1	DigiCert	E	EV certificates must include localityName in subject
4	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust OV CA5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
3	C=UY, O=Abitab S.A., OU=IDdigital, CN=Abitab SSL Domain Validated	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
3	C=CN, O=WoTrus CA Limited, CN=WoTrus OV SSL CA	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Duplicate SAN entry
3	C=NL, ST=Noord-Brabant, L=Son, OU=IT Services, O=Prodrive Technologies B.V., CN=Prodrive Technologies B.V. OV SSL Issuing CA	GlobalSign	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
2	C=TW, O=行政院, CN=政府伺服器數位憑證管理中心 - G1	Chunghwa Telecom	W	Name has multiple localityName attributes
2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	DigiCert	W	Unknown Extension: 2.23.140.1.31
2	C=FR, O=DHIMYOTIS, OU=0002 48146308100036, 2.5.4.97=NTRFR-48146308100036, CN=Certigna Wild CA	Dhimyotis / Certigna	W	Name has unknown attribute 2.5.4.97
2	C=FR, O=DHIMYOTIS, OU=0002 48146308100036, 2.5.4.97=NTRFR-48146308100036, CN=Certigna Services CA	Dhimyotis / Certigna	W	Name has unknown attribute 2.5.4.97
2	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	T-Systems International GmbH (Deutsche Telekom)	W	Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
2	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	T-Systems International GmbH (Deutsche Telekom)	W	TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
2	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	T-Systems International GmbH (Deutsche Telekom)	W	TLS Server auth certificates should not contain Signing KDC Response usage
2	C=JP, O=Fuji Xerox, CN=Fuji Xerox Xnet CA - S2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
2	C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM	Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)	W	Name has unknown attribute 2.5.4.97
1	C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02	T-Systems International GmbH (Deutsche Telekom)	W	TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
1	C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02	T-Systems International GmbH (Deutsche Telekom)	W	Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
1	C=PL, O=home.pl S.A., CN=Certyfikat SSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	commonNames in BR certificate contains U-labels
1	C=IT, O=InfoCert S.p.A., OU=WSA Trust Service Provider, serialNumber=07945211006, CN=InfoCert Organization Validation CA 3	AC Camerfirma, S.A.	W	Name has unknown attribute 2.5.4.97
1	C=IT, O=InfoCert S.p.A., OU=WSA Trust Service Provider, serialNumber=07945211006, CN=InfoCert Organization Validation CA 3	AC Camerfirma, S.A.	W	Unknown Extension: 2.23.140.3.1
1	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust EV RSA CA 2018	DigiCert	E	EV certificates must include localityName in subject
1	CN=Apple IST CA 8 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.48.1
1	C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, CN=TeleSec Business CA 1	T-Systems International GmbH (Deutsche Telekom)	W	Name has deprecated attribute emailAddress
1	C=ES, OU=AC CAMERFIRMA, O=AC Camerfirma S.A., serialNumber=A82743287, L=Madrid (see current address at https://www.camerfirma.com/address), CN=Camerfirma AAPP II - 2014	AC Camerfirma, S.A.	E	BR certificates must not contain directoryName type alternative name
1	C=ES, O=FNMT-RCM, OU=CERES, serialNumber=Q2826004J, CN=AC Administración Pública	Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)	W	Name has unknown attribute 2.5.4.97
1	C=JP, O=FUJIFILM, CN=FUJIFILM Fnet CA - S2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
1	C=ES, OU=AC CAMERFIRMA, O=AC Camerfirma S.A., serialNumber=A82743287, L=Madrid (see current address at https://www.camerfirma.com/address), CN=Camerfirma AAPP II - 2014	AC Camerfirma, S.A.	E	BR certificates must not contain rfc822Name type alternative name
1	C=ES, OU=AC CAMERFIRMA, O=AC Camerfirma S.A., serialNumber=A82743287, L=Madrid (see current address at https://www.camerfirma.com/address), CN=Camerfirma AAPP II - 2014	AC Camerfirma, S.A.	E	BR certificates with organizationName must include either localityName or stateOrProvinceName
1	C=CN, O=China Financial Certification Authority, CN=CFCA EV OCA	China Financial Certification Authority (CFCA)	W	Extension should be critical for KeyUsage
1	C=RU, O=Yandex LLC, OU=Yandex Certification Authority, CN=Yandex CA	Asseco Data Systems S.A. (previously Unizeto Certum)	W	commonNames in BR certificate contains U-labels
1	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Duplicate SAN entry
1	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.48.1
1	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.22.2
1	C=GR, L=Athens, O=Hellenic Academic and Research Institutions Cert. Authority, CN=HARICA SSL RSA SubCA R3	HARICA	E	Wildcard to immediate left of public suffix in SAN
1	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA EV QWAC CA 2019	GlobalSign	W	Name has unknown attribute 2.5.4.97
1	C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02	T-Systems International GmbH (Deutsche Telekom)	W	TLS Server auth certificates should not contain Signing KDC Response usage
1	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	T-Systems International GmbH (Deutsche Telekom)	W	Name has multiple commonName attributes
1	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA EV QWAC CA 2019	GlobalSign	W	Unknown Extension: 2.23.140.3.1
1	C=US, O=DigiCert Inc, CN=DigiCert ECC Secure Server CA	DigiCert	W	Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
1	C=ES, O=Firmaprofesional S.A., OU=Security Services, serialNumber=A62634068, CN=AC Firmaprofesional - INFRAESTRUCTURA	Autoridad de Certificacion Firmaprofesional	W	Name has unknown attribute 2.5.4.97