Revocation Tracker

CABlint recent error summary since 2020-09-15

Some of these may be false-positives. You should review closely before taking action.

# of affected certificates	CA	CCADB Owner	Severity	Description
75308	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Extension should be critical for KeyUsage
75308	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
75308	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
75241	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
75241	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
75241	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Extension should be critical for KeyUsage
75141	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
75141	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Extension should be critical for KeyUsage
75141	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
75056	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
75056	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
75056	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Extension should be critical for KeyUsage
40078	C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	GoDaddy	W	BR certificates should be 397 days in validity or less
23776	C=US, O=Amazon, OU=Server CA 1B, CN=Amazon	Amazon Trust Services	W	BR certificates should be 397 days in validity or less
10868	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
10868	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
10852	C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
10795	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
10795	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
9568	C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3	DigiCert	W	Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
8248	C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 DV TLS CA 2020	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
6300	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
6300	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
6290	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
6290	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01	DigiCert / Microsoft Corporation	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
4629	C=IT, ST=Bergamo, L=Ponte San Pietro, O=Actalis S.p.A., CN=Actalis Domain Validation Server CA G3	Actalis	W	BR certificates should be 397 days in validity or less
4531	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	DigiCert	W	BR certificates should be 397 days in validity or less
3504	C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2	GoDaddy	W	BR certificates should be 397 days in validity or less
3046	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	DigiCert	W	Extension should be critical for KeyUsage
3046	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
3046	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
3033	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	DigiCert	W	Extension should be critical for KeyUsage
3033	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
3033	C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
2986	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
2486	C=US, O="Cisco Systems, Inc.", CN=Cisco Meraki CA	DigiCert	W	BR certificates should be 397 days in validity or less
2397	C=US, O=ATT Services Inc, CN=ATT Atlas R3 OV TLS CA 2020	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
1561	C=US, O=DigiCert Inc, CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	DigiCert	W	BR certificates should be 397 days in validity or less
1062	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	Deutsche Telekom Security GmbH	W	BR certificates should be 397 days in validity or less
1016	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G3	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
862	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec Tunnel usage
862	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec End System usage
862	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec User usage
827	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1	DigiCert	W	BR certificates should be 397 days in validity or less
825	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=FujiSSL Public Validation Authority - G3	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
744	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte RSA CA 2018	DigiCert	W	BR certificates should be 397 days in validity or less
705	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	DigiCert	W	BR certificates should be 397 days in validity or less
585	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	DigiCert	W	EV certificates should be 397 days in validity or less
578	C=US, O=DigiCert Inc, CN=GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	DigiCert	W	BR certificates should be 397 days in validity or less
394	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018	DigiCert	W	BR certificates should be 397 days in validity or less
261	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3	GlobalSign nv-sa	W	EV certificates should be 397 days in validity or less
224	C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com RSA SSL subCA	SSL.com	W	BR certificates should be 397 days in validity or less
187	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
167	C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2	GoDaddy	W	EV certificates should be 397 days in validity or less
120	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust EV RSA CA 2018	DigiCert	W	EV certificates should be 397 days in validity or less
118	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
116	C=US, O=DigiCert Inc, CN=DigiCert Global CA G2	DigiCert	W	BR certificates should be 397 days in validity or less
107	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
103	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2	DigiCert	W	BR certificates should be 397 days in validity or less
80	C=NL, O=Trust Provider B.V., OU=Domain Validated SSL, CN=Trust Provider B.V. TLS RSA CA G1	DigiCert	W	BR certificates should be 397 days in validity or less
79	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte EV RSA CA 2018	DigiCert	W	EV certificates should be 397 days in validity or less
72	C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02	Deutsche Telekom Security GmbH	W	BR certificates should be 397 days in validity or less
62	C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02	Deutsche Telekom Security GmbH	W	BR certificates should be 397 days in validity or less
51	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	DigiCert	E	BR certificates must be 825 days in validity or less
43	C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA	China Financial Certification Authority (CFCA)	W	Extension should be critical for KeyUsage
42	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust CN RSA CA G1	DigiCert	W	BR certificates should be 397 days in validity or less
39	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Secure Site ECC CA-1	DigiCert	W	BR certificates should be 397 days in validity or less
27	C=US, O=Aetna Inc, CN=Aetna Inc. Secure CA2	DigiCert	W	BR certificates should be 397 days in validity or less
26	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1	DigiCert	W	BR certificates should be 397 days in validity or less
26	C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3	DigiCert	E	BR certificates must be 825 days in validity or less
26	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018	GlobalSign nv-sa	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
25	C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2	GoDaddy	W	EV certificates should be 397 days in validity or less
23	CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)	W	Unknown Extension: 2.23.140.3.1
23	CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)	W	Name has unknown attribute 2.5.4.97
22	C=ES, O=FNMT-RCM, OU=AC Componentes Informáticos	Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)	W	Name has unknown attribute 2.5.4.97
20	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Pro CA G2	DigiCert	W	BR certificates should be 397 days in validity or less
17	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	Deutsche Telekom Security GmbH	W	TLS Server auth certificates should not contain Signing KDC Response usage
17	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	Deutsche Telekom Security GmbH	W	Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
17	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	Deutsche Telekom Security GmbH	W	TLS Server auth certificates should not contain Microsoft Smartcard Login usage
15	C=US, O=DigiCert Inc, CN=DigiCert ECC Secure Server CA	DigiCert	W	BR certificates should be 397 days in validity or less
14	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust DV CA5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
14	C=DE, ST=Sachsen, L=Dresden, O=Technische Universitaet Dresden, CN=TU Dresden CA	Deutsche Telekom Security GmbH	W	BR certificates should be 397 days in validity or less
14	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert ECC Extended Validation Server CA	DigiCert	W	EV certificates should be 397 days in validity or less
13	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL RSA CA 2018	DigiCert	W	BR certificates should be 397 days in validity or less
13	C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC EV SSL CA 2018	GlobalSign nv-sa	W	EV certificates should be 397 days in validity or less
12	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02	DigiCert / Microsoft Corporation	W	Duplicate SAN entry
12	C=US, O=DigiCert Inc, CN=DigiCert EV RSA CA G2	DigiCert	W	EV certificates should be 397 days in validity or less
12	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1	DigiCert	W	BR certificates should be 397 days in validity or less
11	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=EINS/PKI Public Certification Authority V4	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
11	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
10	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte RSA CA 2018	DigiCert	E	BR certificates must be 825 days in validity or less
10	C=FR, O=DHIMYOTIS, OU=0002 48146308100036, organizationIdentifier=NTRFR-48146308100036, CN=Certigna Services CA	Dhimyotis / Certigna	E	BR certificates must be 398 days in validity or less
9	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01	DigiCert / Microsoft Corporation	W	Duplicate SAN entry
8	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018	DigiCert	E	BR certificates must be 825 days in validity or less
8	C=NL, O=KPN B.V., CN=KPN PKIoverheid Server CA 2020	Government of The Netherlands, PKIoverheid (Logius)	W	Duplicate SAN entry
8	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site CA G2	DigiCert	W	BR certificates should be 397 days in validity or less
8	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL ECC CA 2018	DigiCert	W	BR certificates should be 397 days in validity or less
7	C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
7	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Pro Extended Validation CA G2	DigiCert	W	EV certificates should be 397 days in validity or less
7	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	DigiCert	W	Unknown Extension: 1.3.6.1.4.1.44363.44
6	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	DigiCert	W	Extension should be critical for KeyUsage
6	C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, CN=KIT-CA	Deutsche Telekom Security GmbH	W	BR certificates should be 397 days in validity or less
6	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.11.2
6	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.15.2
6	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.7.2
6	C=JP, O=Fuji Xerox, CN=Fuji Xerox Xnet CA - S2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
5	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust OV CA5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
5	C=JP, O=National Institute of Informatics, CN=NII Open Domain CA - G5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
5	C=US, O=DigiCert Inc, CN=Thawte EV RSA CA G2	DigiCert	W	EV certificates should be 397 days in validity or less
5	C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
4	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=RapidSSL TLS RSA CA G1	DigiCert	W	BR certificates should be 397 days in validity or less
4	C=US, O=DigiCert Inc, CN=DigiCert ECC Secure Server CA	DigiCert	W	Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
4	C=BR, O=VALID CERTIFICADORA DIGITAL, CN=Valid Certificadora Digital AlphaSSL CA 2018	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
4	C=US, O=DigiCert Inc, CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1	DigiCert	E	BR certificates must be 825 days in validity or less
4	C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA	DigiCert	E	Wildcard to immediate left of public suffix in SAN
4	C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3	DigiCert	W	BR certificates should be 397 days in validity or less
4	C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 2	Buypass	W	Unknown Extension: 2.23.140.3.1
4	C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 CA 2	Buypass	W	Name has unknown attribute 2.5.4.97
4	C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
4	C=CN, O=China Financial Certification Authority, CN=CFCA EV OCA	China Financial Certification Authority (CFCA)	W	Extension should be critical for KeyUsage
4	C=ES, O=Firmaprofesional S.A., OU=Security Services, serialNumber=A62634068, CN=AC Firmaprofesional - INFRAESTRUCTURA	Autoridad de Certificacion Firmaprofesional	W	Name has unknown attribute 2.5.4.97
4	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
4	C=US, O=DigiCert Inc, CN=DigiCert Basic RSA CN CA G2	DigiCert	W	BR certificates should be 397 days in validity or less
3	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA	DigiCert	W	Unknown Extension: 2.23.140.1.31
3	C=PL, O=Krajowa Izba Rozliczeniowa S.A., CN=SZAFIR Trusted CA2	Krajowa Izba Rozliczeniowa S.A. (KIR)	W	Extension should be critical for KeyUsage
3	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust CN RSA CA G1	DigiCert	E	BR certificates must be 825 days in validity or less
3	C=TW, O=行政院, CN=政府伺服器數位憑證管理中心 - G1	Chunghwa Telecom	W	Name has multiple localityName attributes
3	C=US, O=IdenTrust, OU=TrustID Server, CN=TrustID Server CA O1	IdenTrust Services, LLC	W	BR certificates should be 397 days in validity or less
3	C=US, O=DigiCert Inc, CN=GeoTrust EV RSA CA G2	DigiCert	W	EV certificates should be 397 days in validity or less
2	C=GR, L=Thessaloniki, O=Aristotle University of Thessaloniki, CN=Aristotle University of Thessaloniki SSL RSA SubCA R2	HARICA	W	BR certificates should be 397 days in validity or less
2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert CN RSA CA G1	DigiCert	W	BR certificates should be 397 days in validity or less
2	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	Deutsche Telekom Security GmbH	W	Name has multiple commonName attributes
2	C=GR, O=Hellenic Academic and Research Institutions CA, CN=International Hellenic University TLS RSA SubCA R1	HARICA	W	BR certificates should be 397 days in validity or less
2	C=GR, O=Hellenic Academic and Research Institutions CA, CN=University of Ioannina TLS RSA SubCA R1	HARICA	W	BR certificates should be 397 days in validity or less
2	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05	DigiCert / Microsoft Corporation	W	Duplicate SAN entry
2	C=PL, O=home.pl S.A., CN=Certyfikat SSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
2	C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	commonNames in BR certificate contains U-labels
2	C=DE, O=Technische Universitaet Ilmenau, CN=TU Ilmenau CA G2	Deutsche Telekom Security GmbH	W	BR certificates should be 397 days in validity or less
2	C=ES, O=Firmaprofesional S.A., OU=Security Services, serialNumber=A62634068, CN=AC Firmaprofesional - INFRAESTRUCTURA	Autoridad de Certificacion Firmaprofesional	W	Unknown Extension: 2.23.140.3.1
2	C=IL, O=Domain The Net Technologies Ltd, CN=Domain The Net Technologies Ltd CA for SSL R2	SSL.com	W	BR certificates should be 397 days in validity or less
2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA EV QWAC CA 2019	GlobalSign nv-sa	W	Name has unknown attribute 2.5.4.97
2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA EV QWAC CA 2019	GlobalSign nv-sa	W	Unknown Extension: 2.23.140.3.1
2	C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA EV QWAC CA 2019	GlobalSign nv-sa	W	EV certificates should be 397 days in validity or less
1	C=ES, O=IZENPE S.A., OU=BZ Ziurtagiri publikoa - Certificado publico EV, CN=CA de Certificados SSL EV	Izenpe S.A.	W	Name has unknown attribute 2.5.4.97
1	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
1	C=JP, O=FUJIFILM, CN=FUJIFILM Fnet CA - S2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
1	C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
1	C=CN, O=WoTrus CA Limited, CN=WoTrus OV SSL Pro CA	DigiCert	W	BR certificates should be 397 days in validity or less
1	C=US, O=Wells Fargo & Company, OU=Organization Validated TLS, CN=Wells Fargo Public Trust Certification Authority 01 G2	DigiCert	W	BR certificates should be 397 days in validity or less
1	C=FR, O=DHIMYOTIS, OU=0002 48146308100036, organizationIdentifier=NTRFR-48146308100036, CN=Certigna Services CA	Dhimyotis / Certigna	W	Name has unknown attribute 2.5.4.97
1	OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign	GlobalSign nv-sa	W	Name has unknown attribute 2.5.4.97
1	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte ECC CA 2018	DigiCert	W	BR certificates should be 397 days in validity or less
1	C=ES, O=CONSORCI ADMINISTRACIO OBERTA DE CATALUNYA, OU=Serveis Públics de Certificació, CN=EC-SectorPublic	Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert)	W	Name has unknown attribute 2.5.4.97
1	C=FR, O=DHIMYOTIS, OU=0002 48146308100036, organizationIdentifier=NTRFR-48146308100036, CN=Certigna Wild CA	Dhimyotis / Certigna	W	Name has unknown attribute 2.5.4.97
1	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust ECC CA 2018	DigiCert	W	BR certificates should be 397 days in validity or less
1	C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06	DigiCert / Microsoft Corporation	W	Duplicate SAN entry
1	C=GR, O=Hellenic Academic and Research Institutions CA, CN=Greek School Network TLS RSA SubCA R1	HARICA	W	BR certificates should be 397 days in validity or less
1	C=GR, O=Hellenic Academic and Research Institutions CA, CN=University of the Peloponnese TLS RSA SubCA R1	HARICA	W	BR certificates should be 397 days in validity or less
1	C=US, O="Cisco Systems, Inc.", CN=Cisco Meraki CA	DigiCert	E	BR certificates must be 825 days in validity or less
1	C=US, O=Government of the District of Columbia, OU=Office of the Chief Technology Officer, CN=DC Government SHA2 EV Intermediate CA	DigiCert	W	EV certificates should be 397 days in validity or less
1	C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC CloudSSL CA - SHA384 - G3	GlobalSign nv-sa	W	BR certificates should be 397 days in validity or less
1	C=NL, organizationIdentifier=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1	QuoVadis	W	Unknown Extension: 2.23.140.3.1
1	C=NL, organizationIdentifier=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1	QuoVadis	W	Name has unknown attribute 2.5.4.97
1	C=NL, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G2	QuoVadis	W	Name has unknown attribute 2.5.4.97
1	C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02	Deutsche Telekom Security GmbH	W	TLS Server auth certificates should not contain Microsoft Smartcard Login usage
1	C=US, O="DigiCert, Inc.", OU=www.digicert.com, CN=DigiCert TLS ICA Thawte PCA	DigiCert	W	BR certificates should be 397 days in validity or less
1	C=HU, L=Budapest, O=Microsec Ltd., organizationIdentifier=VATHU-23584497, CN=Qualified e-Szigno TLS CA 2018	Microsec Ltd.	W	Unknown Extension: 2.23.140.3.1
1	C=NL, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G2	QuoVadis	W	Unknown Extension: 2.23.140.3.1
1	C=HU, L=Budapest, O=Microsec Ltd., organizationIdentifier=VATHU-23584497, CN=Qualified e-Szigno TLS CA 2018	Microsec Ltd.	W	Name has unknown attribute 2.5.4.97
1	C=CN, O="TrustAsia Technologies, Inc.", CN=TrustAsia OV TLS Pro CA G2	DigiCert	E	BR certificates must be 825 days in validity or less
1	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	DigiCert	E	BR certificates must be 825 days in validity or less
1	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Duplicate SAN entry
1	C=NZ, O=SafeToOpen Ltd, CN=SafeToOpen TLS ICA RSA R1	SSL.com	W	BR certificates should be 397 days in validity or less
1	C=US, O=DigiCert Inc, CN=GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1	DigiCert	E	BR certificates must be 825 days in validity or less
1	C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02	Deutsche Telekom Security GmbH	W	TLS Server auth certificates should not contain Signing KDC Response usage
1	C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02	Deutsche Telekom Security GmbH	W	Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
1	C=ES, O=IZENPE S.A., OU=BZ Ziurtagiri publikoa - Certificado publico EV, CN=CA de Certificados SSL EV	Izenpe S.A.	W	Unknown Extension: 2.23.140.3.1
1	C=US, O=DigiCert Inc, CN=DigiCert Basic EV RSA CN CA G2	DigiCert	W	EV certificates should be 397 days in validity or less