It doesn't comply with one or more root store policies (which all incorporate the Baseline Requirements by reference, which incorporate various specs, such as RFC5280, by reference).
There are countless examples of non-compliant certificates documented in the Bugzilla component I linked above. A recent example: a certificate which was backdated by more than 48 hours, in violation of section 7.1.2.7 of the Baseline Requirements: https://bugzilla.mozilla.org/show_bug.cgi?id=2016672
alt Hacker News
It doesn't comply with one or more root store policies (which all incorporate the Baseline Requirements by reference, which incorporate various specs, such as RFC5280, by reference).
Mozilla root store policy: https://www.mozilla.org/en-US/about/governance/policies/secu...
Chrome root store policy: https://googlechrome.github.io/chromerootprogram/
Apple root store policy: https://www.apple.com/certificateauthority/ca_program.html
Baseline Requirements: https://github.com/cabforum/servercert/blob/main/docs/BR.md
There are countless examples of non-compliant certificates documented in the Bugzilla component I linked above. A recent example: a certificate which was backdated by more than 48 hours, in violation of section 7.1.2.7 of the Baseline Requirements: https://bugzilla.mozilla.org/show_bug.cgi?id=2016672