RejectedCAs.md (828B)
- # Rejected Certificate Authorities
- ## GlobalSign
- ### Custom CAs
- - <https://www.globalsign.com/en/custom-ca-private-pki> seems to allow man-in-the-middle ("SSL/TLS Inspection/Decryption") which should only be done with a special non-trusted certificates.
- - Cross-signs other CAs, which while interesting for allowing new CA, ultimately means having to trust all the cross-signed CAs
- ## COMODO
- Brands:
- - Francisco Partners Management, L.P.
- - Xcitium
- - Sectigo
- - CodeGuard
- Or Sectigo with their re-branding.
- Notorious in terms of controversies, shouldn't be present in any decent CA list. <https://en.wikipedia.org/wiki/Comodo_Cybersecurity>
- ## ZeroSSL
- The certificate they use <https://crt.sh/?caid=158799> is a child certificate of Sertigo/COMODO.
- Looks very suspicious, normally a new CA should only get cross-signed.