Bonjour, Le lundi 9 mai 2016 21:40:52 UTC+2, Charles Reiss a écrit : > On 04/13/16 20:32, Kathleen Wilson wrote: > > All, > > > > I have added links to reports of the responses to the March 2016 CA > > Communication survey: > > > > https://wiki.mozilla.org/CA:Communications#March_2016_Responses > > For the responses to Question 1a: > > DocuSign (OpenTrust/Keynectis) indicated 2015 Dec 31 but the following > certificate has a notBefore of 10 Feb 2016 and, according to its CRL, > was revoked 11 Feb 2016: > - https://crt.sh/?id=16157906&opt=cablint
There has been exactly 2 TLS server certificates signed with SHA1 after the 31 Dec 2015: - serial number 1121741263ED77D31273BB5048A39EBCCB02, for *.idnomic.com and *.int.idnomic.com, (organization IDnomic, the new brand name of OpenTrust) generated on 04 Feb 2016, revoked on 11 Feb 2016 - serial number 1121C624EFBEFC18F88FC1987576AA9B7822, for api2.certificat.com and vetting.certificat.com (O=DocuSign France), generated on 10 Feb 2016, revoked on 11 Feb 2016 They were errouneously produced, not for a customer (OpenTrust/IDnomic and DocuSign still share some infrastructure), and once detected the certificates have been revoked, and the SHA1 configuration files have been disabled. New certificates have been generated to replace them, on 11 Feb 2016. _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
