## Jochen Neumeister (joneum_at_FreeBSD.org): > Why are this certificates blacklisted? Various reasons: - Symantec (which owned Thawte and VeriSign back in the time) made the news in a bad way: https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/ - some certificates are simply expired - some certificates use SHA-1 ("sha1WithRSAEncryption") which is beyond deprecated - and basically "whatever Mozilla did", as the certificates are imported from NSS. Regards, Christoph -- Spare SpaceReceived on Wed Mar 31 2021 - 09:02:26 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:27 UTC