Some of these may be false-positives. You should review closely before taking action.
| # of affected certificates | CA | CCADB Owner | Severity | Description |
|---|---|---|---|---|
| 58064 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 58064 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 58002 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 58002 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 49928 | C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL CA G3 | QuoVadis | W | TLS Server auth certificates should not contain IPSec Tunnel usage |
| 49928 | C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL CA G3 | QuoVadis | W | TLS Server auth certificates should not contain IPSec User usage |
| 49928 | C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL CA G3 | QuoVadis | W | TLS Server auth certificates should not contain IPSec End System usage |
| 34040 | C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | GoDaddy | W | BR certificates should be 397 days in validity or less |
| 23260 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | DigiCert | W | Extension should be critical for KeyUsage |
| 23260 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 23260 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 02 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 23032 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | DigiCert | W | Extension should be critical for KeyUsage |
| 23032 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 23032 | C=US, O=Microsoft Corporation, CN=Microsoft RSA TLS CA 01 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 15710 | C=US, O="Cloudflare, Inc.", CN=Cloudflare Inc ECC CA-3 | DigiCert | W | Unknown Extension: 1.3.6.1.4.1.11129.2.1.22 |
| 11011 | C=BE, O=GlobalSign nv-sa, CN=AlphaSSL CA - SHA256 - G2 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 10009 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 10009 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 | DigiCert | W | Extension should be critical for KeyUsage |
| 10009 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 1 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 9933 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 | DigiCert | W | Extension should be critical for KeyUsage |
| 9933 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 9933 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 9887 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 9887 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 9887 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2 | DigiCert | W | Extension should be critical for KeyUsage |
| 9866 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 9866 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | DigiCert | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 9866 | C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 5 | DigiCert | W | Extension should be critical for KeyUsage |
| 9708 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 DV TLS CA 2020 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 4607 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G3 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 3042 | C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2 | GoDaddy | W | BR certificates should be 397 days in validity or less |
| 3011 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 1257 | C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA | Deutsche Telekom Security GmbH | W | BR certificates should be 397 days in validity or less |
| 653 | C=JP, O="SECOM Trust Systems CO.,LTD.", CN=FujiSSL Public Validation Authority - G3 | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 305 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Extended Validation CA - SHA256 - G3 | GlobalSign nv-sa | W | EV certificates should be 397 days in validity or less |
| 262 | C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web SR 3.0 CA | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 156 | C=US, O=Amazon, OU=Server CA 1B, CN=Amazon | Amazon Trust Services | W | BR certificates should be 397 days in validity or less |
| 151 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 151 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 05 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 149 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.10 treated as opaque extension |
| 149 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 06 | DigiCert / Microsoft Corporation | W | Microsoft extension 1.3.6.1.4.1.311.21.7 treated as opaque extension |
| 141 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G2 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 118 | C=US, ST=Arizona, L=Scottsdale, O="GoDaddy.com, Inc.", OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2 | GoDaddy | W | EV certificates should be 397 days in validity or less |
| 95 | C=DE, ST=Baden-Wuerttemberg, L=Karlsruhe, O=Karlsruhe Institute of Technology, CN=KIT-CA | Deutsche Telekom Security GmbH | W | BR certificates should be 397 days in validity or less |
| 87 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Atlas R3 DV TLS CA 2020 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 84 | C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 | Deutsche Telekom Security GmbH | W | BR certificates should be 397 days in validity or less |
| 80 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | DigiCert | W | BR certificates should be 397 days in validity or less |
| 57 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Organization Validation CA - SHA256 - G3 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 53 | C=JP, O="SECOM Trust Systems CO.,LTD.", CN=SECOM Passport for Web EV 2.0 CA | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 45 | C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 | Deutsche Telekom Security GmbH | W | BR certificates should be 397 days in validity or less |
| 38 | C=CN, O=China Financial Certification Authority, CN=CFCA OV OCA | China Financial Certification Authority (CFCA) | W | Extension should be critical for KeyUsage |
| 38 | C=GR, O=Hellenic Academic and Research Institutions CA, CN=National and Kapodistrian University of Athens TLS RSA SubCA R1 | HARICA | W | BR certificates should be 397 days in validity or less |
| 37 | C=IT, ST=Bergamo, L=Ponte San Pietro, O=Actalis S.p.A., CN=Actalis Domain Validation Server CA G3 | Actalis | W | BR certificates should be 397 days in validity or less |
| 27 | C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust DV CA5 | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 26 | C=US, O=DigiCert Inc, CN=RapidSSL TLS DV RSA Mixed SHA256 2020 CA-1 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 24 | C=JP, O="SECOM Trust Systems CO.,LTD.", CN=CrossTrust OV CA5 | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 24 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte RSA CA 2018 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 20 | C=DE, ST=Sachsen, L=Dresden, O=Technische Universitaet Dresden, CN=TU Dresden CA | Deutsche Telekom Security GmbH | W | BR certificates should be 397 days in validity or less |
| 19 | C=BR, O=VALID CERTIFICADORA DIGITAL, CN=Valid Certificadora Digital AlphaSSL CA 2018 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 18 | C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA | Deutsche Telekom Security GmbH | W | TLS Server auth certificates should not contain Microsoft Smartcard Login usage |
| 18 | C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA | Deutsche Telekom Security GmbH | W | TLS Server auth certificates should not contain Signing KDC Response usage |
| 18 | C=DE, O=Verein zur Foerderung eines Deutschen Forschungsnetzes e. V., OU=DFN-PKI, CN=DFN-Verein Global Issuing CA | Deutsche Telekom Security GmbH | W | Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension |
| 17 | C=JP, O="SECOM Trust Systems CO.,LTD.", CN=EINS/PKI Public Certification Authority V4 | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 14 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | DigiCert | W | Unknown Extension: 1.3.6.1.4.1.44363.44 |
| 13 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC EV SSL CA 2018 | GlobalSign nv-sa | W | EV certificates should be 397 days in validity or less |
| 12 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | DigiCert | W | BR certificates should be 397 days in validity or less |
| 12 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | DigiCert | W | EV certificates should be 397 days in validity or less |
| 11 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust RSA CA 2018 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 11 | C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | DigiCert | W | Extension should be critical for KeyUsage |
| 11 | C=US, ST=Arizona, L=Scottsdale, O="Starfield Technologies, Inc.", OU=http://certs.starfieldtech.com/repository/, CN=Starfield Secure Certificate Authority - G2 | GoDaddy | W | EV certificates should be 397 days in validity or less |
| 11 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign ECC OV SSL CA 2018 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 10 | C=NL, ST=Noord-Holland, L=Amsterdam, O=TERENA, CN=TERENA SSL CA 3 | DigiCert | E | BR certificates must be 825 days in validity or less |
| 8 | C=CN, O=China Financial Certification Authority, CN=CFCA EV OCA | China Financial Certification Authority (CFCA) | W | Extension should be critical for KeyUsage |
| 8 | C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA | DigiCert | E | BR certificates must be 825 days in validity or less |
| 7 | C=US, O=DigiCert Inc, CN=GeoTrust TLS DV RSA Mixed SHA256 2020 CA-1 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 7 | C=US, O=ATT Services Inc, CN=ATT Atlas R3 OV TLS CA 2020 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 7 | C=JP, O=Fuji Xerox, CN=Fuji Xerox Xnet CA - S2 | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 5 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 01 | DigiCert / Microsoft Corporation | W | Duplicate SAN entry |
| 4 | C=GR, O=Hellenic Academic and Research Institutions CA, CN=International Hellenic University TLS RSA SubCA R1 | HARICA | W | BR certificates should be 397 days in validity or less |
| 4 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign Domain Validation CA - SHA256 - G2 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 4 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Encryption Everywhere DV TLS CA - G1 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 4 | C=IT, L=Roma, O=Agenzia per l'Italia Digitale, OU=Area Soluzioni per la Pubblica Amministrazione, CN=AgID CA1 | W | BR certificates should include an HTTP URL of the issuing CA's certificate | |
| 4 | C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com RSA SSL subCA | SSL.com | W | BR certificates should be 397 days in validity or less |
| 4 | C=NL, O=KPN B.V., CN=KPN PKIoverheid Server CA 2020 | Government of The Netherlands, PKIoverheid (Logius) | W | Duplicate SAN entry |
| 4 | C=GR, O=Hellenic Academic and Research Institutions CA, CN=University of Ioannina TLS RSA SubCA R1 | HARICA | W | BR certificates should be 397 days in validity or less |
| 3 | C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 | QuoVadis | W | TLS Server auth certificates should not contain IPSec User usage |
| 3 | C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 | QuoVadis | W | TLS Server auth certificates should not contain IPSec End System usage |
| 3 | C=US, O=HydrantID (Avalanche Cloud Corporation), CN=HydrantID SSL ICA G2 | QuoVadis | W | TLS Server auth certificates should not contain IPSec Tunnel usage |
| 3 | C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 | Asseco Data Systems S.A. (previously Unizeto Certum) | W | Name has deprecated attribute emailAddress |
| 3 | C=PL, O=home.pl S.A., CN=Certyfikat SSL | Asseco Data Systems S.A. (previously Unizeto Certum) | W | Name has deprecated attribute emailAddress |
| 3 | C=DE, O=Technische Universitaet Ilmenau, CN=TU Ilmenau CA G2 | Deutsche Telekom Security GmbH | W | BR certificates should be 397 days in validity or less |
| 3 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte EV RSA CA 2018 | DigiCert | W | EV certificates should be 397 days in validity or less |
| 3 | C=JP, O=National Institute of Informatics, CN=NII Open Domain CA - G5 | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 3 | C=US, O=Microsoft Corporation, CN=Microsoft Azure TLS Issuing CA 02 | DigiCert / Microsoft Corporation | W | Duplicate SAN entry |
| 3 | C=BR, O=VALID CERTIFICADORA DIGITAL, CN=Valid Certificadora Digital SSL DV CA 2018 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust TLS RSA CA G1 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 2 | C=IT, O=Intesa Sanpaolo S.p.A., OU=WSA Trust Service Provider, serialNumber=10810700152, CN=Intesa Sanpaolo Organization Validation CA | AC Camerfirma, S.A. | W | Name has deprecated attribute emailAddress |
| 2 | C=GR, L=Thessaloniki, O=Aristotle University of Thessaloniki, CN=Aristotle University of Thessaloniki SSL RSA SubCA R2 | HARICA | W | BR certificates should be 397 days in validity or less |
| 2 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign RSA OV SSL CA 2018 | GlobalSign nv-sa | W | TLS Server auth certificates should not contain 1.3.6.1.5.5.8.2.2 usage |
| 2 | C=US, O=CrowdStrike Inc., CN=CrowdStrike GCC R3 TLS OV CA 2020 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 2 | C=US, O=DigiCert Inc, CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1 | DigiCert | W | Unknown Extension: 1.3.6.1.4.1.11129.2.1.22 |
| 2 | C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 | Deutsche Telekom Security GmbH | W | TLS Server auth certificates should not contain Microsoft Smartcard Login usage |
| 2 | C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 | Deutsche Telekom Security GmbH | W | TLS Server auth certificates should not contain Signing KDC Response usage |
| 2 | C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | DigiCert | E | FQDN under reserved or special domain in SAN |
| 2 | C=PL, O=nazwa.pl sp. z o.o., OU=http://nazwa.pl, CN=nazwaSSL | Asseco Data Systems S.A. (previously Unizeto Certum) | W | commonNames in BR certificate contains U-labels |
| 2 | C=DE, ST=Bayern, L=Muenchen, O=Max-Planck-Gesellschaft, CN=MPG CA - G02 | Deutsche Telekom Security GmbH | W | Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension |
| 2 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 High Assurance Server CA | DigiCert | W | Extension should be critical for KeyUsage |
| 1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2 | DigiCert | W | TLS Server auth certificates should not contain Microsoft Smartcard Login usage |
| 1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2 | DigiCert | W | TLS Server auth certificates should not contain Signing KDC Response usage |
| 1 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign CloudSSL CA - SHA256 - G3 | GlobalSign nv-sa | W | BR certificates should be 397 days in validity or less |
| 1 | C=US, O=DigiCert Inc, CN=DigiCert Global CA G2 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 1 | C=US, O=DigiCert Inc, CN=DigiCert Assured ID CA G2 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 1 | C=BE, O=GlobalSign nv-sa, CN=GlobalSign GCC R3 EV QWAC CA 2020 | GlobalSign nv-sa | W | EV certificates should be 397 days in validity or less |
| 1 | C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Domain Validation CA SHA2 | Asseco Data Systems S.A. (previously Unizeto Certum) | W | commonNames in BR certificate contains U-labels |
| 1 | CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US | DigiCert | W | Unknown Extension: 1.2.840.113635.100.6.27.11.1 |
| 1 | CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US | DigiCert | W | Unknown Extension: 1.2.840.113635.100.6.27.15.1 |
| 1 | C=US, O=DigiCert Inc, CN=DigiCert TLS RSA SHA256 2020 CA1 | DigiCert | E | Wildcard to immediate left of public suffix in SAN |
| 1 | CN=Apple IST CA 2 - G1, OU=Certification Authority, O=Apple Inc., C=US | DigiCert | W | Unknown Extension: 1.2.840.113635.100.6.27.7.1 |
| 1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=GeoTrust CN RSA CA G1 | DigiCert | E | BR certificates must be 825 days in validity or less |
| 1 | C=IL, O=Domain The Net Technologies Ltd, CN=Domain The Net Technologies Ltd CA for SSL R2 | SSL.com | W | BR certificates should be 397 days in validity or less |
| 1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Secure Site Pro Extended Validation CA G2 | DigiCert | W | EV certificates should be 397 days in validity or less |
| 1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert SHA2 Extended Validation Server CA | DigiCert | W | Unknown Extension: 2.23.140.1.31 |
| 1 | C=JP, O=FUJIFILM, CN=FUJIFILM Fnet CA - S2 | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 1 | C=JP, O="Japan Registry Services Co., Ltd.", CN=JPRS Organization Validation Authority - G2 | SECOM Trust Systems CO., LTD. | W | BR certificates should include an HTTP URL of the issuing CA's certificate |
| 1 | C=NL, O=Trust Provider B.V., OU=Domain Validated SSL, CN=Trust Provider B.V. TLS RSA CA G1 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=Thawte TLS RSA CA G1 | DigiCert | W | BR certificates should be 397 days in validity or less |
| 1 | C=GR, O=Hellenic Academic and Research Institutions CA, CN=CEDEFOP TLS RSA SubCA R1 | HARICA | W | BR certificates should be 397 days in validity or less |
| 1 | C=GR, O=Hellenic Academic and Research Institutions CA, CN=University of the Peloponnese TLS RSA SubCA R1 | HARICA | W | BR certificates should be 397 days in validity or less |
| 1 | C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 | Deutsche Telekom Security GmbH | W | TLS Server auth certificates should not contain Microsoft Smartcard Login usage |
| 1 | C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 | Deutsche Telekom Security GmbH | W | TLS Server auth certificates should not contain Signing KDC Response usage |
| 1 | C=DE, ST=Bayern, L=Muenchen, O=Fraunhofer, OU=Fraunhofer Corporate PKI, CN=Fraunhofer Service CA - G02 | Deutsche Telekom Security GmbH | W | Microsoft extension 1.3.6.1.4.1.311.20.2 treated as opaque extension |
| 1 | C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Baltimore CA-2 G2 | DigiCert | W | BR certificates should be 397 days in validity or less |