AW: SHA1 certs issued this year chaining to included roots

Tue, 02 Feb 2016 06:07:57 -0800 

Hello Kathleen,

we revoked all SHA-1 certificates issued this year:

00a5401e9bafb23523 (Tuesday, February 2, 2016, 11:35:53)
009d79636c84ece62a (‎Tuesday, February 2, 2016, 11:37:25)
008e6c17cd66006c11 (Tuesday, February 2, 2016, 11:38:45)
2318da5c1485012e (Friday, January 29, 2016, 12:37:36)

6dfb9ccc0c5333c6 (‎Friday, January 29, 2016, 15:10:30)

7d5e244530e38c13 (‎Friday, January 29, 2016, 13:54:00)
00bdcda1e1e9b358e8 (Friday, January 29, 2016, 13:55:09)
008ab83981f725ff48 (Friday, January 29, 2016, 13:57:51)

The corresponding CRL:
http://crl.sbca.telesec.de/rl/Shared_Business_CA_3.crl

Best regards,

Bernd

T-Systems International GmbH
Trust Center Applications



-----Ursprüngliche Nachricht-----
Von: dev-security-policy 
[mailto:dev-security-policy-bounces+bernd.nakonzer=t-systems....@lists.mozilla.org]
 Im Auftrag von Kathleen Wilson
Gesendet: Freitag, 29. Januar 2016 22:44
An: mozilla-dev-security-pol...@lists.mozilla.org
Betreff: Re: SHA1 certs issued this year chaining to included roots

On 1/25/16 12:22 AM, Charles Reiss wrote:
> On 01/19/16 01:49, Charles Reiss wrote:
>> Via censys.io, I found a couple SHA-1 certs with notBefore dates from 
>> this year which chain to root CAs in Mozilla's program:
> [snip]
>
> And here are a couple more, from different subCAs:
>
> - https://crt.sh/?id=12131821 -- chaining to Deutsche Telekom Root CA 
> 2 [T-Systems] via subCA "Shared Business CA 3"
>


I received email from Bernd of T-Systems saying that from 1 January 2016, 8 
SHA‐1 subscriber certificates (SSL) were issued via sub-CA "Shared Business CA 
3" (chaining to “Deutsche Telekom Root CA 2”) – because of converging use 
cases. Other T-Systems CAs were not affected.
The problem has been fixed, so SHA-1 certs can no longer be issued.
The 8 certs will be revoked on February 5 and the corresponding CRL will be 
updated/published.

Thanks,
Kathleen

_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy
_______________________________________________
dev-security-policy mailing list
dev-security-policy@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security-policy

Reply via email to