Blacklisted certificates
Jochen Neumeister
joneum at FreeBSD.org
Wed Mar 31 11:26:09 UTC 2021
Am 31.03.21 um 13:02 schrieb Christoph Moench-Tegeder:
> ## Jochen Neumeister (joneum at FreeBSD.org):
>
>> Why are this certificates blacklisted?
> Various reasons:
> - Symantec (which owned Thawte and VeriSign back in the time) made
> the news in a bad way:
> https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/
> - some certificates are simply expired
> - some certificates use SHA-1 ("sha1WithRSAEncryption") which is
> beyond deprecated
> - and basically "whatever Mozilla did", as the certificates are
> imported from NSS.
how can I ignore the certificates now? So now everyone has this problem
with an update
Greetings
Jochen
More information about the freebsd-current
mailing list