Closed christhompson closed 4 years ago
@christhompson Microsoft has a internal cert generator that allows them internally to get SHA1 certs, for example update.microsoft.com was renewed with a SHA1 cert in May 2020 and that expired and was replaced with a 384 cert in April of this year. This is not useful, this is just to let you know that it is still possible to get a SHA1 somewhere.
http://web.archive.org/web/20210426032119/ssllabs.com/ssltest/analyze.html?d=www.update.microsoft.com Here is the link to the web archive.
@sydia1103 IIUC that cert is not publicly trusted/part of the WebPKI -- it is only used for Windows Update.
invalid-expected-sct
has expired with no way to renew it (replaced byno-sct
). Similarly,sha1-intermediate
will expire on May 30, 2020, and CAs can no longer issue new ones using SHA-1. This moves both to the "Defunct" section of the homepage and removes them from the dashboard.Fixes #416