One question, Since WoSign and StartCom have certification which is cross signed by Certum CA(https://wiki.mozilla.org/CA:WoSign_Issues#Cross_Signing), does that mean browser will still trust any certification signed by "Certification Authority of WoSign G2" if the website owner sends a certification chain indicates this cross signed certification?
Is there any way to distrust intermediate certification by its common name? _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy