net/data/ssl/blacklist/README.md - Issue 2109913004: Require Certificate Transparency for Symantec-operated roots

Side by Side Diff: net/data/ssl/blacklist/README.md

Issue 2109913004: Require Certificate Transparency for Symantec-operated roots (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@wire_up_policy

Patch Set: NaCL Created 4 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

« no previous file with comments | « no previous file | net/data/ssl/certificates/README » ('j') | no next file with comments »

OLD	NEW
1 # Certificate Blacklist	1 # Certificate Blacklist

2	2

3 This directory contains a number of certificates and public keys which are	3 This directory contains a number of certificates and public keys which are

4 considered blacklisted within Chromium-based products.	4 considered blacklisted within Chromium-based products.

5	5

6 When applicable, additional information and the full certificate or key	6 When applicable, additional information and the full certificate or key

7 are included.	7 are included.

8	8

9 ## Compromises & Misissuances	9 ## Compromises & Misissuances

10	10

11 ### Comodo	11 ### Comodo

12	12

13 For details, see <https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html>,	13 For details, see <https://www.comodo.com/Comodo-Fraud-Incident-2011-03-23.html>,

14 <https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up />,	14 <https://blog.mozilla.org/security/2011/03/25/comodo-certificate-issue-follow-up />,

15 and <https://technet.microsoft.com/en-us/library/security/2524375.aspx>.	15 and <https://technet.microsoft.com/en-us/library/security/2524375.aspx>.

16	16

17 As the result of a compromise of a partner RA of Comodo, nine certificates were	17 As the result of a compromise of a partner RA of Comodo, nine certificates were

18 misissued, for a variety of online services.	18 misissued, for a variety of online services.

19	19

20 * <2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem>	20 * [2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem](2a369 9deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem)

21 * <4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem>	21 * [4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem](4bf6b b839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem)

22 * <79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem>	22 * [79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem](79f69 a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem)

23 * <8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem>	23 * [8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem](8290c c3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem)

24 * <933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem>	24 * [933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem](933f7 d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem)

25 * <9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem>	25 * [9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem](9532e 8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem)

26 * <be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem>	26 * [be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem](be144 b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem)

27 * <ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem>	27 * [ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem](ead61 0e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem)

28 * <f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem>	28 * [f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem](f8a5f f189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem)

29	29

30 ### DigiNotar	30 ### DigiNotar

31	31

32 For details, see <https://googleonlinesecurity.blogspot.com/2011/08/update-on-at tempted-man-in-middle.html>	32 For details, see <https://googleonlinesecurity.blogspot.com/2011/08/update-on-at tempted-man-in-middle.html>

33 and <https://en.wikipedia.org/wiki/DigiNotar>.	33 and <https://en.wikipedia.org/wiki/DigiNotar>.

34	34

35 As a result of a complete CA compromise, the following certificates (and	35 As a result of a complete CA compromise, the following certificates (and

36 their associated public keypairs) are revoked.	36 their associated public keypairs) are revoked.

37	37

38 * <0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem>	38 * [0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem](0d136 e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem)

39 * <294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem>	39 * [294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem](294f5 5ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem)

40 * <31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem>	40 * [31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem](31c8f d37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem)

41 * <3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem>	41 * [3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem](39469 01f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem)

42 * <450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem>	42 * [450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem](450f1 b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem)

43 * <4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem>	43 * [4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem](4fee0 163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem)

44 * <8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem>	44 * [8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem](8a1bd 21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem)

45 * <9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem>	45 * [9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem](9ed8f 9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem)

46 * <a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem>	46 * [a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem](a686f ee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem)

47 * <b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem>	47 * [b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem](b8686 723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem)

48 * <fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem>	48 * [fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem](fdedb 5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem)

49	49

50 ### India CCA	50 ### India CCA

51	51

52 For details, see <https://googleonlinesecurity.blogspot.com/2014/07/maintaining- digital-certificate-security.html>	52 For details, see <https://googleonlinesecurity.blogspot.com/2014/07/maintaining- digital-certificate-security.html>

53 and <https://technet.microsoft.com/en-us/library/security/2982792.aspx>	53 and <https://technet.microsoft.com/en-us/library/security/2982792.aspx>

54	54

55 An unknown number of misissued certificates were issued by a sub-CA of	55 An unknown number of misissued certificates were issued by a sub-CA of

56 India CCA, the India NIC. Due to the scope of the misissuance, the sub-CA	56 India CCA, the India NIC. Due to the scope of the misissuance, the sub-CA

57 was wholly revoked, and India CCA was constrained to a subset of India's	57 was wholly revoked, and India CCA was constrained to a subset of India's

58 ccTLD namespace.	58 ccTLD namespace.

59	59

60 * <67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem>	60 * [67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem](67ed4 b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem)

61 * <a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem>	61 * [a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem](a8e1d fd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem)

62 * <e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem>	62 * [e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem](e4f9a 3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem)

63	63

64 ### Trustwave	64 ### Trustwave

65	65

66 For details, see <https://www.trustwave.com/Resources/SpiderLabs-Blog/Clarifying -The-Trustwave-CA-Policy-Update/>	66 For details, see <https://www.trustwave.com/Resources/SpiderLabs-Blog/Clarifying -The-Trustwave-CA-Policy-Update/>

67 and <https://bugzilla.mozilla.org/show_bug.cgi?id=724929>	67 and <https://bugzilla.mozilla.org/show_bug.cgi?id=724929>

68	68

69 Two certificates were issued by Trustwave for use in enterprise	69 Two certificates were issued by Trustwave for use in enterprise

70 Man-in-the-Middle. The following public key was used for both certificates,	70 Man-in-the-Middle. The following public key was used for both certificates,

71 and is revoked.	71 and is revoked.

72	72

73 * <32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key>	73 * [32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key](32ecc 96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key)

74	74

75 ### TurkTrust	75 ### TurkTrust

76	76

77 For details, see <https://googleonlinesecurity.blogspot.com/2013/01/enhancing-di gital-certificate-security.html>	77 For details, see <https://googleonlinesecurity.blogspot.com/2013/01/enhancing-di gital-certificate-security.html>

78 and <https://web.archive.org/web/20130326152502/http://turktrust.com.tr/kamuoyu- aciklamasi.2.html>	78 and <https://web.archive.org/web/20130326152502/http://turktrust.com.tr/kamuoyu- aciklamasi.2.html>

79	79

80 As a result of a software configuration issue, two certificates were misissued	80 As a result of a software configuration issue, two certificates were misissued

81 by Turktrust that failed to properly set the basicConstraints extension.	81 by Turktrust that failed to properly set the basicConstraints extension.

82 Because these certificates can be used to issue additional certificates, they	82 Because these certificates can be used to issue additional certificates, they

83 have been revoked.	83 have been revoked.

84	84

85 * <372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem>	85 * [372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem](37244 7c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem)

86 * <42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem>	86 * [42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem](42187 727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem)

87	87

88 ## Private Key Leakages	88 ## Private Key Leakages

89	89

90 ### Cyberoam	90 ### Cyberoam

91	91

92 For details, see <https://blog.torproject.org/blog/security-vulnerability-found- cyberoam-dpi-devices-cve-2012-3372>	92 For details, see <https://blog.torproject.org/blog/security-vulnerability-found- cyberoam-dpi-devices-cve-2012-3372>

93	93

94 Device manufacturer Cyberoam used the same private key for all devices by	94 Device manufacturer Cyberoam used the same private key for all devices by

95 default, which subsequently leaked and is included below. The associated	95 default, which subsequently leaked and is included below. The associated

96 public key is blacklisted.	96 public key is blacklisted.

97	97

98 * <1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key>	98 * [1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key](1af56 c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key)

99	99

100 ### Dell	100 ### Dell

101	101

102 For details, see <http://www.dell.com/support/article/us/en/19/SLN300321>	102 For details, see <http://www.dell.com/support/article/us/en/19/SLN300321>

103 and <http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2 015/11/23/response-to-concerns-regarding-edellroot-certificate>	103 and <http://en.community.dell.com/dell-blogs/direct2dell/b/direct2dell/archive/2 015/11/23/response-to-concerns-regarding-edellroot-certificate>

104	104

105 The private keys for both the eDellRoot and DSDTestProvider certificates were	105 The private keys for both the eDellRoot and DSDTestProvider certificates were

106 trivially extracted, and thus their associated public keys are	106 trivially extracted, and thus their associated public keys are

107 blacklisted.	107 blacklisted.

108	108

109 * <0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem>	109 * [0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem](0f912 fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem)

110 * <ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem>	110 * [ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem](ec30c 9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem)

111	111

112 ### sslip.io	112 ### sslip.io

113	113

114 For details, see <https://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certifi cate-for-every-ip-address>	114 For details, see <https://blog.pivotal.io/labs/labs/sslip-io-a-valid-ssl-certifi cate-for-every-ip-address>

115	115

116 A subscriber of Comodo's acquired a wildcard certificate for sslip.io, and	116 A subscriber of Comodo's acquired a wildcard certificate for sslip.io, and

117 then subsequently published the private key, as a means for developers	117 then subsequently published the private key, as a means for developers

118 to avoid having to acquire certificates.	118 to avoid having to acquire certificates.

119	119

120 As the private key could be used to intercept all communications to this	120 As the private key could be used to intercept all communications to this

121 domain, the associated public key was blacklisted.	121 domain, the associated public key was blacklisted.

122	122

123 * <f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem>	123 * [f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem](f3bae 5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem)

124	124

125 ### xs4all.nl	125 ### xs4all.nl

126	126

127 For details, see <https://raymii.org/s/blog/How_I_got_a_valid_SSL_certificate_fo r_my_ISPs_main_website.html>	127 For details, see <https://raymii.org/s/blog/How_I_got_a_valid_SSL_certificate_fo r_my_ISPs_main_website.html>

128	128

129 A user of xs4all was able to register a reserved email address that can be	129 A user of xs4all was able to register a reserved email address that can be

130 used to cause certificate issuance, as described in the CA/Browser Forum's	130 used to cause certificate issuance, as described in the CA/Browser Forum's

131 Baseline Requirements, and then subsequently published the private key.	131 Baseline Requirements, and then subsequently published the private key.

132	132

133 * <83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem>	133 * [83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem](83618 f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem)

134	134

135 ## Miscellaneous	135 ## Miscellaneous

136	136

137 ### DigiCert	137 ### DigiCert

138	138

139 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1242758> and	139 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1242758> and

140 <https://bugzilla.mozilla.org/show_bug.cgi?id=1224104>	140 <https://bugzilla.mozilla.org/show_bug.cgi?id=1224104>

141	141

142 These two intermediates were retired by DigiCert, and blacklisted for	142 These two intermediates were retired by DigiCert, and blacklisted for

143 robustness at their request.	143 robustness at their request.

144	144

145 * <159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem>	145 * [159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem](159ca 03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem)

146 * <b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem>	146 * [b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem](b8c1b 957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem)

147	147

148 ### Hacking Team	148 ### Hacking Team

149	149

150 The following keys were reported as used by Hacking Team to compromise users,	150 The following keys were reported as used by Hacking Team to compromise users,

151 and are blacklisted for robustness.	151 and are blacklisted for robustness.

152	152

153 * <c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key>	153 * [c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key](c4387 d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key)

154 * <ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key>	154 * [ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key](ea08c 8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key)

155	155

156 ### live.fi	156 ### live.fi

157	157

158 For details, see <https://technet.microsoft.com/en-us/library/security/3046310.a spx>	158 For details, see <https://technet.microsoft.com/en-us/library/security/3046310.a spx>

159	159

160 A user of live.fi was able to register a reserved email address that can be	160 A user of live.fi was able to register a reserved email address that can be

161 used to cause certificate issuance, as described in the CA/Browser Forum's	161 used to cause certificate issuance, as described in the CA/Browser Forum's

162 Baseline Requirements. This was not intended by Microsoft, the operators of	162 Baseline Requirements. This was not intended by Microsoft, the operators of

163 live.fi, but conformed to the Baseline Requirements. It was blacklisted for	163 live.fi, but conformed to the Baseline Requirements. It was blacklisted for

164 robustness.	164 robustness.

165	165

166 * <c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem>	166 * [c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem](c67d7 22c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem)

167	167

168 ### SECOM	168 ### SECOM

169	169

170 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1188582>	170 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1188582>

171	171

172 This intermediate certificate was retired by SECOM, and blacklisted for	172 This intermediate certificate was retired by SECOM, and blacklisted for

173 robustness at their request.	173 robustness at their request.

174	174

175 * <817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem>	175 * [817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem](817d4 e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem)

176	176

177 ### Symantec	177 ### Symantec

178	178

179 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=966060>	179 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=966060>

180	180

181 These three intermediate certificates were retired by Symantec, and	181 These three intermediate certificates were retired by Symantec, and

182 blacklisted for robustness at their request.	182 blacklisted for robustness at their request.

183	183

184 * <1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem>	184 * [1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem](1f17f 2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem)

185 * <3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem>	185 * [3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem](3e264 92e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem)

186 * <7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem>	186 * [7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem](7abd7 2a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem)

187	187

188 ### T-Systems	188 ### T-Systems

189	189

190 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1076940>	190 For details, see <https://bugzilla.mozilla.org/show_bug.cgi?id=1076940>

191	191

192 This intermediate certificate was retired by T-Systems, and blacklisted	192 This intermediate certificate was retired by T-Systems, and blacklisted

193 for robustness at their request.	193 for robustness at their request.

194	194

195 * <f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem>	195 * [f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem](f4a59 84324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem)

OLD	NEW