commit: 271825a8044d2f66c9148c1bad66936ff56735f5
parent a9db522851fa9a73045c39951390e61cbec21081
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Tue, 23 Sep 2025 19:20:40 +0200
RejectedCAs.md: GlobalSign no longer allows custom emails
Diffstat:
1 file changed, 0 insertions(+), 4 deletions(-)
diff --git a/RejectedCAs.md b/RejectedCAs.md
@@ -1,10 +1,6 @@
# Rejected Certificate Authorities
## GlobalSign
-### Proprietary verification
-
-Even post-ACME, they still support non-standard verifications, in fact in September 2014 they added the non-standard ability to set custom emails via DNS TXT records: <https://support.globalsign.com/ssl/ssl-certificates-life-cycle/using-dns-txt-records-specifying-domain-approver-emails>
-
### Custom CAs
- <https://www.globalsign.com/en/custom-ca-private-pki> seems to allow man-in-the-middle ("SSL/TLS Inspection/Decryption") which should only be done with a special non-trusted certificates.