Until November 11, 2015, publicly-trusted CAs were allowed to issue certificates for internal names and reserved IP addresses. All certificates of this nature had to be revoked by October 1, 2016.
More details here: https://cabforum.org/internal-names/ Patrick On 09.12.17 20:42, Lewis Resmond via dev-security-policy wrote: > Hello, > > I was researching about some older routers by Telekom, and I found out that > some of them had SSL certificates for their (LAN) configuration interface, > issued by Verisign for the fake-domain "speedport.ip". > > They (all?) are logged here: https://crt.sh/?q=speedport.ip > > I wonder, since this domain and even the TLD is non-existing, how could > Verisign sign these? Isn't this violating the rules, if they sign anything > just because a router factory tells them to do so? > > Although they are all expired since several years, I am interested how this > could happen, and if such incidents of signing non-existing domains could > still happen today. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy > _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
