logo

ca-certificates

Unnamed repository; edit this file 'description' to name the repository. git clone https://anongit.hacktivis.me/git/ca-certificates.git/
commit: 271825a8044d2f66c9148c1bad66936ff56735f5
parent a9db522851fa9a73045c39951390e61cbec21081
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Tue, 23 Sep 2025 19:20:40 +0200

RejectedCAs.md: GlobalSign no longer allows custom emails

Diffstat:

MRejectedCAs.md4----
1 file changed, 0 insertions(+), 4 deletions(-)

diff --git a/RejectedCAs.md b/RejectedCAs.md @@ -1,10 +1,6 @@ # Rejected Certificate Authorities ## GlobalSign -### Proprietary verification - -Even post-ACME, they still support non-standard verifications, in fact in September 2014 they added the non-standard ability to set custom emails via DNS TXT records: <https://support.globalsign.com/ssl/ssl-certificates-life-cycle/using-dns-txt-records-specifying-domain-approver-emails> - ### Custom CAs - <https://www.globalsign.com/en/custom-ca-private-pki> seems to allow man-in-the-middle ("SSL/TLS Inspection/Decryption") which should only be done with a special non-trusted certificates.