Open fmotrifork opened 4 years ago
I'll look into regenerating these. In the meantime, https://self-signed.badssl.com and https://untrusted-root.badssl.com cover these cases generally. These specific bad roots are primarily for testing specific blocklisting of these certificates/roots in user agents (e.g., Chrome had special handling for Superfish for a while, although that has since been removed).
For what it's worth, the intermediate certificate COMODO SSL CA
will expire in less than 24h, it is used at least on the https://sha1-intermediate.badssl.com/ domain.
For what it's worth, the intermediate certificate
COMODO SSL CA
will expire in less than 24h, it is used at least on the https://sha1-intermediate.badssl.com/ domain.
sha1-intermediate.badssl.com will be moved to the Defunct section with #445 since we can no longer get new certs with SHA-1 signatures (they are banned by the baseline requirements).
(This is separate from the known-bad certs, which use publicly-known keys, and should be able to be regenerated, it's just lower priority as we already cover the general case.)
The last 2 you listed are covered by #413 and #414.
The following just expired at 2020-05-15:
These expired last year on 2019-09-06:
I believe that it is very valuable to have at least a couple of bad roots or self signed certs to test against, that does not fail the tests for being expired. Is it possible to renew these?