Andrew AyerSep 3, 2025
Hey look, another certificate authority trusted ONLY by Microsoft is issuing certificates without validation (1.1.1.1/Cloudflare DNS in this case): https://crt.sh/?sha256=D42B028468E73795365102058CBCD350AD0A0B9CA7073C5362A570C5EC208A92
(h/t Hacker News user JXzVB0iA)
crt.sh | d42b028468e73795365102058cbcd350ad0a0b9ca7073c5362a570c5ec208a92

Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)

Show threadAndrew AyerSep 4, 2025
The first rogue 1.1.1.1 certificate was issued by Fina and logged to Certificate Transparency over a year ago.
AFAICT, the first person to notice any of this was Hacker News user JXzVB0iA, two days ago: https://news.ycombinator.com/item?id=45089708
This morning, it was reported to the certificate-transparency mailing list, with attribution to JXzVB0iA.
A few hours later, it was reported to the mozilla-dev-security-policy mailing list, without attribution.
Then Dan Goodin wrote his article, citing the mozilla-dev-security-policy post.
Very surprising that Cloudflare did not notice given they operate a CT monitor.
Fina Root CA signs certificates for 1.1.1.1 | Hacker News

Show threadDr. Christopher KunzSep 4, 2025
@agwa While we're at it, is Oracle aware that Fina has also issued a certificate for 2.2.2.2 six days ago which is still valid and unrevoked? https://crt.sh/?id=20583047050
crt.sh | 20583047050

Free CT Log Certificate Search Tool from Sectigo (formerly Comodo CA)

Show threadEckes Sep 5, 2025
@christopherkunz do we know what Flow in their registration process even allows this, and why are they still in operation (to that extend the Revolution reason seems nice foreshadowing)
Show threadDr. Christopher KunzSep 5, 2025

@eckes I don't think that this CA has any public registration process, they seem to be a federal institution in Croatia. The certificates seem to be "test" certificates, and the CA has answered Cloudflare's questions with "there was an error during certificate generation".

Cloudflare has found some pretty strong words for that behavior in their blog.

Show threadEckes 
@christopherkunz interesting, that’s a good use for CT if companies think they can be irresponsible (if it was not malicious, given the meaning of DoT and DoHTTPS with those Certs)
Sep 5, 2025 at 2:17pmWeb
Show threadDr. Christopher KunzSep 5, 2025
@eckes Honestly, CT is awesome. The visibility it gives researchers and other stakeholders is invaluable. Also, it's good for CTI of all sorts and a lifesaver for seemingly simple tasks like "is this a fake online shop?"