CABlint recent error summary since 2019-02-15

Some of these may be false-positives. You should review closely before taking action.

# of affected certificates CA CCADB Owner Severity Description
5112 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
5112 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
5112 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 DigiCert W Extension should be critical for KeyUsage
5108 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
5108 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
5108 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 DigiCert W Extension should be critical for KeyUsage
5101 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
5101 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Extension should be critical for KeyUsage
5101 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
5002 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Extension should be critical for KeyUsage
5002 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension
5002 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 DigiCert W Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension
1580 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec User usage
1580 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec End System usage
1580 C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 QuoVadis W TLS Server auth certificates should not contain IPSec Tunnel usage
894 C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
628 C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL Asseco Data Systems S.A. (previously Unizeto Certum) W Certificate Policies should not contain notice references
628 C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL Asseco Data Systems S.A. (previously Unizeto Certum) W Deprecated Netscape extension 2.16.840.1.113730.1.1 treated as opaque extension
552 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=FujiSSL Public Validation Authority - G3 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
493 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=KDDI Web Communications Certification Authority 3 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
404 C=PL, O=home.pl S.A., CN=Certyfikat SSL Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
368 C=JP, O=National Institute of Informatics, CN=NII Open Domain CA - G5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
326 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
312 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
183 C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL Asseco Data Systems S.A. (previously Unizeto Certum) W commonNames in BR certificate contains U-labels
64 C=FR, O=DHIMYOTIS, OU=0002 48146308100036, 2.5.4.97=NTRFR-48146308100036, CN=Certigna Services CA Dhimyotis / Certigna W Name has unknown attribute 2.5.4.97
50 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
41 C=FR, O=Certinomis, 2.5.4.97=NTRFR-433998903, CN=Certinomis - Web CA Certinomis / Docapost W Name has unknown attribute 2.5.4.97
31 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.11.2
31 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.15.2
31 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.7.1
31 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.15.1
31 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.7.2
31 CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US DigiCert W Unknown Extension: 1.2.840.113635.100.6.27.11.1
28 C=PL, O=Unizeto Technologies S.A., OU=SpaceSSL Certification Authority, CN=SpaceSSL CA Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
28 C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Organization Validation Authority - G2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
26 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust DV CA5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
26 C=ES, O=CONSORCI ADMINISTRACIO OBERTA DE CATALUNYA, OU=Serveis Públics de Certificació, CN=EC-SectorPublic Consorci Administració Oberta de Catalunya (Consorci AOC, CATCert) W Name has unknown attribute 2.5.4.97
23 CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) W Name has unknown attribute 2.5.4.97
20 C=FR, O=DHIMYOTIS, OU=0002 48146308100036, 2.5.4.97=NTRFR-48146308100036, CN=Certigna Wild CA Dhimyotis / Certigna W Name has unknown attribute 2.5.4.97
20 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=EINS/PKI Public Certification Authority V4 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
16 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
16 C=ES, O=FNMT-RCM, OU=AC Componentes Informáticos Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) W Name has unknown attribute 2.5.4.97
14 C=ES, O=FNMT-RCM, OU=CERES, serialNumber=Q2826004J, CN=AC Administración Pública Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) W Name has unknown attribute 2.5.4.97
14 C=ES, O=IZENPE S.A., OU=BZ Ziurtagiri publikoa - Certificado publico EV, CN=CA de Certificados SSL EV Izenpe S.A. W Name has unknown attribute 2.5.4.97
14 C=ES, O=IZENPE S.A., OU=BZ Ziurtagiri publikoa - Certificado publico EV, CN=CA de Certificados SSL EV Izenpe S.A. W BR certificates should include an HTTP URL of the issuing CA's certificate
13 C=PL, O=home.pl S.A., CN=Certyfikat SSL Asseco Data Systems S.A. (previously Unizeto Certum) W Deprecated Netscape extension 2.16.840.1.113730.1.1 treated as opaque extension
13 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust OV CA5 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
13 C=PL, O=home.pl S.A., CN=Certyfikat SSL Asseco Data Systems S.A. (previously Unizeto Certum) W Certificate Policies should not contain notice references
13 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA DigiCert W Extension should be critical for KeyUsage
10 C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - AA et Agents Certinomis / Docapost W Name has unknown attribute 2.5.4.97
10 C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA China Financial Certification Authority (CFCA) W Extension should be critical for KeyUsage
8 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Deprecated Netscape extension 2.16.840.1.113730.1.1 treated as opaque extension
8 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA T-Systems International GmbH (Deutsche Telekom) W Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
8 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain 1.3.6.1.5.2.3.5 usage
8 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
8 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Certificate Policies should not contain notice references
5 C=JP, O="Nijimo, Inc.", CN=FujiSSL Public Certification Authority - G2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
5 C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain 1.3.6.1.5.2.3.5 usage
5 C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
5 C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 T-Systems International GmbH (Deutsche Telekom) W Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
5 C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA T-Systems International GmbH (Deutsche Telekom) W Name has multiple commonName attributes
5 C=JP, O=CrossTrust, CN=CrossTrust DV CA4 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
4 C=PL, O=home.pl S.A., CN=Certyfikat SSL Asseco Data Systems S.A. (previously Unizeto Certum) W commonNames in BR certificate contains U-labels
4 C=ES, O=Firmaprofesional S.A., OU=Security Services, serialNumber=A62634068, CN=AC Firmaprofesional - INFRAESTRUCTURA Autoridad de Certificacion Firmaprofesional W Name has unknown attribute 2.5.4.97
4 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Duplicate SAN entry
3 C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Easy CA Certinomis / Docapost W Name has unknown attribute 2.5.4.97
3 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Organization Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Duplicate SAN entry
3 C=JP, L=Academe, O=National Institute of Informatics, CN=NII Open Domain CA - G4 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
3 C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Domain Validation Authority - G1 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
3 C=JP, O=KDDI Web Communications Inc., CN=KDDI Web Communications Certification Authority 2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
3 C=JP, O=Fuji Xerox, CN=Fuji Xerox Xnet CA - S2 SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
3 C=CN, O=WoTrus CA Limited, CN=WoTrus OV SSL CA Asseco Data Systems S.A. (previously Unizeto Certum) W Duplicate SAN entry
2 C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 T-Systems International GmbH (Deutsche Telekom) W Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
2 C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain 1.3.6.1.5.2.3.5 usage
2 C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
2 C=CN, O=China Financial Certification Authority, CN=CFCA EV OCA China Financial Certification Authority (CFCA) W Extension should be critical for KeyUsage
2 C=CN, O=WoSign CA Limited, CN=WoSign OV SSL CA Asseco Data Systems S.A. (previously Unizeto Certum) W Duplicate SAN entry
2 C=PL, O=Unizeto Technologies S.A., OU=SpaceSSL Certification Authority, CN=SpaceSSL CA Asseco Data Systems S.A. (previously Unizeto Certum) W Duplicate SAN entry
2 C=DE, O=Universitaet Leipzig, OU=URZ, CN=UNIVERSITAET LEIPZIG CA, emailAddress=pki@uni-leipzig.de T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain Microsoft Smartcardlogin usage
2 C=ES, O=FNMT-RCM, OU=AC Componentes Informáticos Government of Spain, Fábrica Nacional de Moneda y Timbre (FNMT) W Duplicate SAN entry
2 C=DE, O=Universitaet Leipzig, OU=URZ, CN=UNIVERSITAET LEIPZIG CA, emailAddress=pki@uni-leipzig.de T-Systems International GmbH (Deutsche Telekom) W TLS Server auth certificates should not contain 1.3.6.1.5.2.3.5 usage
2 C=DE, O=Universitaet Leipzig, OU=URZ, CN=UNIVERSITAET LEIPZIG CA, emailAddress=pki@uni-leipzig.de T-Systems International GmbH (Deutsche Telekom) W Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension
2 C=HU, L=Budapest, O=Microsec Ltd., 2.5.4.97=VATHU-23584497, CN=Qualified e-Szigno TLS CA 2018 Microsec Ltd. W Name has multiple serialNumber attributes
2 C=HU, L=Budapest, O=Microsec Ltd., 2.5.4.97=VATHU-23584497, CN=Qualified e-Szigno TLS CA 2018 Microsec Ltd. W Name has unknown attribute 2.5.4.97
1 C=CN, O=WoSign CA Limited, CN=WoSign DV SSL CA Asseco Data Systems S.A. (previously Unizeto Certum) W Certificate Policies should not contain notice references
1 C=PL, O=LH.pl Sp. z o.o., OU=LH.pl, CN=www.lh.pl Asseco Data Systems S.A. (previously Unizeto Certum) W Deprecated Netscape extension 2.16.840.1.113730.1.1 treated as opaque extension
1 C=FR, O=Certinomis, 2.5.4.97=NTRFR-433998903, CN=Certinomis - Web CA Certinomis / Docapost W Duplicate SAN entry
1 C=IT, L=Roma, O=Agenzia per l'Italia Digitale, OU=Area Soluzioni per la Pubblica Amministrazione, CN=AgID CA1 W BR certificates should include an HTTP URL of the issuing CA's certificate
1 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G2 DigiCert E Unknown TLD in SAN
1 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Class I CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W Name has deprecated attribute emailAddress
1 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 GlobalSign W organizationName is using deprecated TeletexString
1 C=PL, O=Unizeto Technologies S.A., OU=SpaceSSL Certification Authority, CN=SpaceSSL CA Asseco Data Systems S.A. (previously Unizeto Certum) W Certificate Policies should not contain notice references
1 C=PL, O=Unizeto Technologies S.A., OU=SpaceSSL Certification Authority, CN=SpaceSSL CA Asseco Data Systems S.A. (previously Unizeto Certum) W Deprecated Netscape extension 2.16.840.1.113730.1.1 treated as opaque extension
1 C=DE, O=Technische Universitaet Dresden, OU=ZIH, CN=TU Dresden CA - G02, emailAddress=pki@tu-dresden.de T-Systems International GmbH (Deutsche Telekom) W Extension should be critical for KeyUsage
1 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 Asseco Data Systems S.A. (previously Unizeto Certum) W commonNames in BR certificate contains U-labels
1 C=US, ST=CA, L=San Francisco, O="CloudFlare, Inc.", CN=CloudFlare Inc ECC CA-2 DigiCert E Unknown TLD in SAN
1 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert ECC Extended Validation Server CA DigiCert W Unknown Extension: 2.23.140.1.31
1 C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, CN=TeleSec Business CA 1 T-Systems International GmbH (Deutsche Telekom) W Duplicate SAN entry
1 C=DE, O=Universitaet Freiburg, OU=Rechenzentrum, CN=Uni-FR CA - G02, emailAddress=pki@rz.uni-freiburg.de T-Systems International GmbH (Deutsche Telekom) W Extension should be critical for KeyUsage
1 C=DE, O=T-Systems International GmbH, OU=T-Systems Trust Center, ST=Nordrhein Westfalen, postalCode=57250, L=Netphen, street=Untere Industriestr. 20, CN=TeleSec ServerPass Class 2 CA T-Systems International GmbH (Deutsche Telekom) W Duplicate SAN entry
1 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA DigiCert W Unknown Extension: 2.23.140.1.31
1 CN=ACCVCA-120, OU=PKIACCV, O=ACCV, C=ES Government of Spain, Autoritat de Certificació de la Comunitat Valenciana (ACCV) E BR certificates must not contain directoryName type alternative name
1 C=JP, O=KDDI Web Communications Inc., CN=KDDI Web Communications Certification Authority SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
1 C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web MH CA SECOM Trust Systems CO., LTD. W BR certificates should include an HTTP URL of the issuing CA's certificate
1 C=NL, O=KPN B.V., 2.5.4.97=NTRNL-27124701, CN=KPN BV PKIoverheid Organisatie Server CA - G3 Government of The Netherlands, PKIoverheid (Logius) W Duplicate SAN entry
1 C=JP, O=KDDI Web Communications Inc., CN=KDDI Web Communications Certification Authority SECOM Trust Systems CO., LTD. W Deprecated Netscape extension 2.16.840.1.113730.1.1 treated as opaque extension
1 C=RO, O=certSIGN, OU=certSIGN Enterprise CA Class 3 G2, CN=certSIGN Enterprise CA Class 3 G2 certSIGN W commonName is using deprecated TeletexString
1 C=PL, O=LH.pl Sp. z o.o., OU=LH.pl, CN=www.lh.pl Asseco Data Systems S.A. (previously Unizeto Certum) W Certificate Policies should not contain notice references