November 9, 2015
Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses. In 2012, the Certificate Authority/Browser Forum banned the use of such designations for certs issued after Nov. 1, 2015. The decision was meant to cut off a common practice of CAs issuing certificates for internal servers that were not unique and exposed networks to man-in-the-middle attacks and other risks.
Related Posts Let’s Encrypt Hits Another Free HTTPS Milestone October 20, 2015 , 3:30 pm Practical SHA-1 Collision Months, Not Years, Away October 9, 2015 , 10:00 am First Let’s Encrypt Free Certificate Goes Live September 15, 2015 , 3:17 pm Comodo senior research and development scientist Rob Stradling wrote in a post to the CA/B forum that last Thursday it discovered that its CA system had issued the offending certs.
