## Jochen Neumeister (jon...@freebsd.org): > Why are this certificates blacklisted?
Various reasons: - Symantec (which owned Thawte and VeriSign back in the time) made the news in a bad way: https://www.theregister.com/2017/09/12/chrome_66_to_reject_symantec_certs/ - some certificates are simply expired - some certificates use SHA-1 ("sha1WithRSAEncryption") which is beyond deprecated - and basically "whatever Mozilla did", as the certificates are imported from NSS. Regards, Christoph -- Spare Space _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
