Revocation Tracker

CABlint recent error summary since 2020-02-19

Some of these may be false-positives. You should review closely before taking action.

# of affected certificates	CA	CCADB Owner	Severity	Description
9014	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
9014	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Extension should be critical for KeyUsage
9014	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
9001	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
9001	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Extension should be critical for KeyUsage
9001	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
8851	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Extension should be critical for KeyUsage
8851	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
8851	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
8763	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
8763	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Extension should be critical for KeyUsage
8763	C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5	DigiCert	W	Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
1857	C=US, ST=CA, L=San Francisco, O="CloudFlare, Inc.", CN=CloudFlare Inc ECC CA-2	DigiCert	W	Unknown Extension: 1.3.6.1.4.1.11129.2.1.22
274	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec End System usage
274	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec Tunnel usage
274	C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2	QuoVadis	W	TLS Server auth certificates should not contain IPSec User usage
213	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=FujiSSL Public Validation Authority - G3	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
206	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust DV CA5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
136	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
120	C=PL, O=home.pl S.A., CN=Certyfikat SSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
87	C=JP, O=National Institute of Informatics, CN=NII Open Domain CA - G5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
62	C=PL, O=Dreamcommerce S.A., OU=Dreamcommerce S.A., CN=Shoper® SSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
48	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
25	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
20	C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL	Asseco Data Systems S.A. (previously Unizeto Certum)	W	commonNames in BR certificate contains U-labels
11	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Pro Extended Validation CA G2	DigiCert	E	EV certificates must include localityName in subject
9	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
8	C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA	China Financial Certification Authority (CFCA)	W	Extension should be critical for KeyUsage
6	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA	DigiCert	W	Extension should be critical for KeyUsage
5	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	T-Systems International GmbH (Deutsche Telekom)	W	TLS Server auth certificates should not contain Signing KDC Response usage
5	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	T-Systems International GmbH (Deutsche Telekom)	W	Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
5	C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA	T-Systems International GmbH (Deutsche Telekom)	W	TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
4	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust OV CA5	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
4	CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)	W	Name has unknown attribute 2.5.4.97
3	C=TW, O=行政院, CN=政府伺服器數位憑證管理中心 - G1	Chunghwa Telecom	W	Name has multiple localityName attributes
3	C=ES, O=Firmaprofesional S.A., OU=Security Services, serialNumber=A62634068, CN=AC Firmaprofesional - INFRAESTRUCTURA	Autoridad de Certificacion Firmaprofesional	W	Unknown Extension: 2.23.140.3.1
3	CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES	Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV)	W	Unknown Extension: 2.23.140.3.1
3	C=IT, O=InfoCert S.p.A., OU=WSA Trust Service Provider, serialNumber=07945211006, CN=InfoCert Organization Validation CA 3	AC Camerfirma, S.A.	W	Name has unknown attribute 2.5.4.97
3	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=EINS/PKI Public Certification Authority V4	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
3	C=ES, O=Firmaprofesional S.A., OU=Security Services, serialNumber=A62634068, CN=AC Firmaprofesional - INFRAESTRUCTURA	Autoridad de Certificacion Firmaprofesional	W	Name has unknown attribute 2.5.4.97
2	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.7.2
2	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.15.2
2	CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US	DigiCert	W	Unknown Extension: 1.2.840.113635.100.6.27.11.2
2	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Extended Validation CA G2	DigiCert	E	EV certificates must include localityName in subject
2	C=ES, O=FNMT-RCM, OU=AC Componentes Informáticos	Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT)	W	Name has unknown attribute 2.5.4.97
2	C=JP, O="SECOM Trust Systems CO.,LTD.", CN=KDDI Web Communications Certification Authority 3	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
2	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Trailing whitespace in organizationalUnitName
1	C=FR, O=DHIMYOTIS, OU=0002 48146308100036, 2.5.4.97=NTRFR-48146308100036, CN=Certigna Wild CA	Dhimyotis / Certigna	W	Name has unknown attribute 2.5.4.97
1	C=CN, O=China Financial Certification Authority, CN=CFCA EV OCA	China Financial Certification Authority (CFCA)	W	Extension should be critical for KeyUsage
1	C=PL, O=Unizeto Technologies S.A., OU=SpaceSSL Certification Authority, CN=SpaceSSL CA	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
1	C=PL, O=LH.pl Sp. z o.o., OU=LH.pl, CN=www.lh.pl	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Name has deprecated attribute emailAddress
1	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Duplicate SAN entry
1	C=NL, 2.5.4.97=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1	QuoVadis	W	Name has unknown attribute 2.5.4.97
1	C=NL, 2.5.4.97=NTRNL-30237459, O=QuoVadis Trustlink B.V., CN=QuoVadis Qualified Web ICA G1	QuoVadis	W	Unknown Extension: 2.23.140.3.1
1	C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G2	SECOM Trust Systems CO., LTD.	W	BR certificates should include an HTTP URL of the issuing CA's certificate
1	C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2	Asseco Data Systems S.A. (previously Unizeto Certum)	W	Duplicate SAN entry
1	C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust EV CN RSA G1	DigiCert	E	EV certificates must include localityName in subject