Some of these may be false-positives. You should review closely before taking action.
# of affected certificates | CA | CCADB Owner | Severity | Description |
---|---|---|---|---|
38261 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
38055 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
25358 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
25250 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
16344 | C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | GoDaddy | W | BR certificates should be 397 days in validity or less |
15019 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
15015 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
6477 | C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3 | DigiCert | W | Unknown Extension: 1.3.6.1.4.1.11129.2.1.22 |
676 | C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2 | GoDaddy | W | BR certificates should be 397 days in validity or less |
207 | C=US, O=Google Trust Services LLC, CN=GTS CA 2A1 | Google Trust Services LLC | W | Unknown Extension: 1.3.6.1.4.1.11129.2.1.22 |
29 | C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | GoDaddy | W | EV certificates should be 397 days in validity or less |
17 | C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 02 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
12 | C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 01 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
11 | C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA | China Financial Certification Authority (CFCA) | W | Extension should be critical for KeyUsage |
9 | C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA | Deutsche Telekom Security GmbH | W | Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension |
7 | C=US, ST=Texas, L=Houston, O=SSL Corp, CN=SSL.com SSL Intermediate CA ECC R2 | SSL.com | W | Unknown Extension: 1.3.6.1.4.1.44363.44 |
7 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | DigiCert | W | Unknown Extension: 1.3.6.1.4.1.44363.44 |
4 | C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2 | GoDaddy | W | EV certificates should be 397 days in validity or less |
3 | C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 06 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
3 | C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 | Deutsche Telekom Security GmbH | W | Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension |
2 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing EOC CA 01 | Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
2 | C=US, O=Microsoft Corporation, CN=Microsoft Azure ECC TLS Issuing CA 05 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
2 | C=TW, O=行政院, CN=政府伺服器數位憑證管理中心 - G1 | Chunghwa Telecom | W | Name has multiple L attributes |
2 | C=US, O=Microsoft Corporation, CN=Microsoft ECC TLS Issuing AOC CA 01 | Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
1 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS Issuing AOC CA 01 | Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |