Hi, This certificate has a duplicate commonname: https://crt.sh/?id=242683153&opt=problemreporting
This was pointed out by Mattias Geniar: https://twitter.com/mattiasgeniar/status/924705516974112768 I'm not entirely sure if the wording of the BRs forbid this (they say the CN field must contain a single IP or fqdn, but don't really consider the case that 2 CNs can be present), though this is clearly malformed. I have informed telesec / Deutsche Telekom about this (this is indirectly signed by them) via their contact form. I haven't checked if other such certificates exist. -- Hanno Böck https://hboeck.de/ mail/jabber: ha...@hboeck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy