christhompson
commented
4 years ago We've added https://no-sct.badssl.com/ to address this test case. We likely won't be able to get a new invalid sct cert, so closing this.
Closed kjiregt845gj closed 4 years ago
christhompson
commented
4 years ago We've added https://no-sct.badssl.com/ to address this test case. We likely won't be able to get a new invalid sct cert, so closing this.
kjiregt845gj
commented
4 years ago Hey @christhompson Yeah it makes sense that CAs won't allow you to push bad hashes into the "SCT List" field (certificate extension) of the certificate, but DigiCert had no problem with issuing a certificate without CT? Or perhaps they did log it but just didn't add the hashes to the certificate? I'd like to generate a similar certificate and Let's encrypt don't support it, so I'd like to get more info please
Hey guys,
The Certificate Transparency page (invalid-expected-sct) has an expired certificate and thus, it fails for the wrong reason.
https://invalid-expected-sct.badssl.com/