logo

ca-certificates

Unnamed repository; edit this file 'description' to name the repository. git clone https://anongit.hacktivis.me/git/ca-certificates.git/

RejectedCAs.md (828B)


  1. # Rejected Certificate Authorities
  2. ## GlobalSign
  3. ### Custom CAs
  4. - <https://www.globalsign.com/en/custom-ca-private-pki> seems to allow man-in-the-middle ("SSL/TLS Inspection/Decryption") which should only be done with a special non-trusted certificates.
  5. - Cross-signs other CAs, which while interesting for allowing new CA, ultimately means having to trust all the cross-signed CAs
  6. ## COMODO
  7. Brands:
  8. - Francisco Partners Management, L.P.
  9. - Xcitium
  10. - Sectigo
  11. - CodeGuard
  12. Or Sectigo with their re-branding.
  13. Notorious in terms of controversies, shouldn't be present in any decent CA list. <https://en.wikipedia.org/wiki/Comodo_Cybersecurity>
  14. ## ZeroSSL
  15. The certificate they use <https://crt.sh/?caid=158799> is a child certificate of Sertigo/COMODO.
  16. Looks very suspicious, normally a new CA should only get cross-signed.