CABlint recent error summary since 2022-06-20

Some of these may be false-positives. You should review closely before taking action.

# of affected certificates CA CCADB Owner Severity Description
38261 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05 DigiCert / Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
38055 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 DigiCert / Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
25358 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02 DigiCert / Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
25250 C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01 DigiCert / Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
16344 C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 GoDaddy W BR certificates should be 397 days in validity or less
15019 C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
15015 C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
6477 C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3 DigiCert W Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
676 C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2 GoDaddy W BR certificates should be 397 days in validity or less
207 C=US, O=Google Trust Services LLC, CN=GTS CA 2A1 Google Trust Services LLC W Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
29 C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 GoDaddy W EV certificates should be 397 days in validity or less
17 C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 02 DigiCert / Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
12 C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 01 DigiCert / Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
11 C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA China Financial Certification Authority (CFCA) W Extension should be critical for KeyUsage
9 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA Deutsche Telekom Security GmbH W Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
7 C=US, ST=Texas, L=Houston, O=SSL Corp, CN=SSL.com SSL Intermediate CA ECC R2 SSL.com W Unknown Extension: 1.3.6.1.4.1.44363.44
7 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA DigiCert W Unknown Extension: 1.3.6.1.4.1.44363.44
4 C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2 GoDaddy W EV certificates should be 397 days in validity or less
3 C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 06 DigiCert / Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
3 C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 Deutsche Telekom Security GmbH W Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
2 C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing EOC CA 01 Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
2 C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 05 DigiCert / Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
2 C=TW, O=行政院, CN=政府伺服器數位憑證管理中心 - G1 Chunghwa Telecom W Name has multiple L attributes
2 C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing AOC CA 01 Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
1 C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing AOC CA 01 Microsoft Corporation W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension