CT certs with invalid roots

149 views

Skip to first unread message

Syed Farhan

unread,

Oct 7, 2021, 11:38:13 AM10/7/21

to certificate-transparency

Hi,

I'm looking at a few entries in the google managed CT logs that have a root certificate that is not a part of the CT root store. As far as I can tell these roots were never present in the CT root store, yet I can see these certificates in the CT logs. Can anyone help me understand if there's something I'm missing here:

Karategirls.eu
- CT name: Pilot
- Index: 10546471
- Root (SHA256): 210370a1a744aa211e4bcaf59191fd9f47ab4fbe986fa89142aee1f15bca923c
w3.awstls.com
- CT name: Pilot
- Index: 524585842
- Root (SHA256): 64903546a58058d1e6f1bead1134ede66a6831d231f0df8d4e28535d7a300496
www.dukey.org
1. CT name: Pilot
2. Index: 10617196
3. Root (SHA256): 7cfdcf570db7b109c76272bb12802ffe19604e9a37895c19cc96c52ab1cfd56d

Thanks,

Farhan

Rob Stradling

unread,

Oct 7, 2021, 6:30:40 PM10/7/21

to certificate-...@googlegroups.com

Hi Farhan. This issue was discussed in this thread: https://groups.google.com/a/chromium.org/g/ct-policy/c/Itoq0YUZTlA/m/24hkszkVBAAJ

From: certificate-...@googlegroups.com <certificate-...@googlegroups.com> on behalf of Syed Farhan <syedfa...@gmail.com>
Sent: 07 October 2021 15:50
To: certificate-transparency <certificate-...@googlegroups.com>
Subject: CT certs with invalid roots

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.

--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/certificate-transparency/515443ea-f33b-47a9-bb2b-14914616eb6an%40googlegroups.com.

Reply all

Reply to author

Forward

0 new messages