Bug#639744: Compromised certificates for *.google.com issued by DigiNotar Root CA
On Thu, Sep 01, 2011 at 11:37:41PM -0500, Raphael Geissert wrote:
> On Thursday 01 September 2011 17:47:57 Mike Hommey wrote:
> > On Thu, Sep 01, 2011 at 02:06:39PM -0500, Raphael Geissert wrote:
> > > Unless other certificates were signed with another CA, at least the
> > > *.google.com one should fail now. The chain of the the public
> > > *.google.com cert is:
> > >
> > > Issuer: C=NL, O=DigiNotar, CN=DigiNotar Root CA
> > > Subject: C=NL, O=DigiNotar, CN=DigiNotar Public CA 2025
> > >
> > > Issuer: C=NL, O=DigiNotar, CN=DigiNotar Public CA 2025
> > > Subject: C=US, O=Google Inc, L=Mountain View/serialNumber=PK000229200002,
> > > CN=*.google.com
> >
> > AIUI, the DigiNotar Public CA 2025 is cross signed by Entrust.
>
> Do you have a copy of that one?
http://www.diginotar.nl/LinkClick.aspx?fileticket=lSCwDq6q038%3d&tabid=308
It looks like it's not cross-signed.
Mike
Reply to: