←back to thread

A Brazilian CA trusted only by Microsoft has issued a certificate for google.com

(follow.agwa.name)
482 points sanqui | 1 comments | 30 Nov 24 21:35 UTC | HN request time: 0.206s | source
Show context
leonidasv ◴[01 Dec 24 01:49 UTC] No.42285504[source]
ICP-Brasil officially stopped emitting public-facing SSL/TLS certificates in October: https://www.gov.br/iti/pt-br/assuntos/noticias/indice-de-not...

This is pretty bad. Someone circunvented the ban on emitting public certificates but also disrespected Google's CAA rules. Hope this CA gets banned on Microsoft OSes for good.

replies(2): >>42285566 #>>42293773 #
1. march_happy ◴[02 Dec 24 06:54 UTC] No.42293773[source]
Checked certlm.msc, a hot fix seems to be already pushed as I can't see ICP Brasil under Trusted Root Certification.