tree: 4542b4273be6b95ee623db3a765921ab922ea1ad [path history] [tgz]
  1. 0d136e439f0ab6e97f3a02a540da9f0641aa554e1d66ea51ae2920d51b2f7217.pem
  2. 0f912fd7be760be25afbc56bdc09cd9e5dcc9c6f6a55a778aefcb6aa30e31554.pem
  3. 159ca03a88897c8f13817a212629df84ce824709492b8c9adb8e5437d2fc72be.pem
  4. 1af56c98ff043ef92bebff54cebb4dd67a25ba956c817f3e6dd3c1e52eb584c1.key
  5. 1c01c6f4dbb2fefc22558b2bca32563f49844acfc32b7be4b0ff599f9e8c7af7.pem
  6. 1f17f2cbb109f01c885c94d9e74a48625ae9659665d6d7e7bc5a10332976370f.pem
  7. 294f55ef3bd7244c6ff8a68ab797e9186ec27582751a791515e3292e48372d61.pem
  8. 2a3699deca1e9fd099ba45de8489e205977c9f2a5e29d5dd747381eec0744d71.pem
  9. 31c8fd37db9b56e708b03d1f01848b068c6da66f36fb5d82c008c6040fa3e133.pem
  10. 32ecc96f912f96d889e73088cd031c7ded2c651c805016157a23b6f32f798a3b.key
  11. 372447c43185c38edd2ce0e9c853f9ac1576ddd1704c2f54d96076c089cb4227.pem
  12. 3946901f46b0071e90d78279e82fababca177231a704be72c5b0e8918566ea66.pem
  13. 3e26492e20b52de79e15766e6cb4251a1d566b0dbfb225aa7d08dda1dcebbf0a.pem
  14. 42187727be39faf667aeb92bf0cc4e268f6e2ead2cefbec575bdc90430024f69.pem
  15. 450f1b421bb05c8609854884559c323319619e8b06b001ea2dcbb74a23aa3be2.pem
  16. 4bf6bb839b03b72839329b4ea70bb1b2f0d07e014d9d24aa9cc596114702bee3.pem
  17. 4fee0163686ecbd65db968e7494f55d84b25486d438e9de558d629d28cd4d176.pem
  18. 67ed4b703d15dc555f8c444b3a05a32579cb7599bd19c9babe10c584ea327ae0.pem
  19. 79f69a47cfd6c4b4ceae8030d04b49f6171d3b5d6c812f58d040e586f1cb3f14.pem
  20. 7abd72a323c9d179c722564f4e27a51dd4afd24006b38a40ce918b94960bcf18.pem
  21. 817d4e05063d5942869c47d8504dc56a5208f7569c3d6d67f3457cfe921b3e29.pem
  22. 8290cc3fc1c3aac3239782c141ace8f88aeef4e9576a43d01867cf19d025be66.pem
  23. 83618f932d6947744d5ecca299d4b2820c01483947bd16be814e683f7436be24.pem
  24. 8a1bd21661c60015065212cc98b1abb50dfd14c872a208e66bae890f25c448af.pem
  25. 933f7d8cda9f0d7c8bfd3c22bf4653f4161fd38ccdcf66b22e95a2f49c2650f8.pem
  26. 9532e8b504964331c271f3f5f10070131a08bf8ba438978ce394c34feeae246f.pem
  27. 9ed8f9b0e8e42a1656b8e1dd18f42ba42dc06fe52686173ba2fc70e756f207dc.pem
  28. a686fee577c88ab664d0787ecdfff035f4806f3de418dc9e4d516324fff02083.pem
  29. a8e1dfd9cd8e470aa2f443914f931cfd61c323e94d75827affee985241c35ce5.pem
  30. b8686723e415534bc0dbd16326f9486f85b0b0799bf6639334e61daae67f36cd.pem
  31. b8c1b957c077ea76e00b0f45bff5ae3acb696f221d2e062164fe37125e5a8d25.pem
  32. be144b56fb1163c49c9a0e6b5a458df6b29f7e6449985960c178a4744624b7bc.pem
  33. c4387d45364a313fbfe79812b35b815d42852ab03b06f11589638021c8f2cb44.key
  34. c67d722c1495be02cbf9ef1159f5ca4aa782dc832dc6aa60c9aa076a0ad1e69d.pem
  35. e28393773da845a679f2080cc7fb44a3b7a1c3792cb7eb7729fdcb6a8d99aea7.pem
  36. e4f9a3235df7330255f36412bc849fb630f8519961ec3538301deb896c953da5.pem
  37. ea08c8d45d52ca593de524f0513ca6418da9859f7b08ef13ff9dd7bf612d6a37.key
  38. ead610e6e90b439f2ecb51628b0932620f6ef340bd843fca38d3181b8f4ba197.pem
  39. ec30c9c3065a06bb07dc5b1c6b497f370c1ca65c0f30c08e042ba6bcecc78f2c.pem
  40. f3bae5e9c0adbfbfb6dbf7e04e74be6ead3ca98a5604ffe591cea86c241848ec.pem
  41. f4a5984324de98bd979ef181a100cf940f2166173319a86a0d9d7c8fac3b0a8f.pem
  42. f8a5ff189fedbfe34e21103389a68340174439ad12974a4e8d4d784d1f3a0faa.pem
  43. fdedb5bdfcb67411513a61aee5cb5b5d7c52af06028efc996cc1b05b1d6cea2b.pem

Certificate Blacklist

This directory contains a number of certificates and public keys which are considered blacklisted within Chromium-based products.

When applicable, additional information and the full certificate or key are included.

Compromises & Misissuances

China Internet Network Information Center (CNNIC)

For details, see

As a result of misissuance of a sub-CA certificate, CNNIC end-entity certificates were temporarily whitelisted, and then trust in the root fully removed.


For details, see,, and

As the result of a compromise of a partner RA of Comodo, nine certificates were misissued, for a variety of online services.


For details, see and

As a result of a complete CA compromise, the following certificates (and their associated public keypairs) are revoked.

India CCA

For details, see and

An unknown number of misissued certificates were issued by a sub-CA of India CCA, the India NIC. Due to the scope of the misissuance, the sub-CA was wholly revoked, and India CCA was constrained to a subset of India's ccTLD namespace.


For details, see and

Two certificates were issued by Trustwave for use in enterprise Man-in-the-Middle. The following public key was used for both certificates, and is revoked.


For details, see and

As a result of a software configuration issue, two certificates were misissued by Turktrust that failed to properly set the basicConstraints extension. Because these certificates can be used to issue additional certificates, they have been revoked.

Private Key Leakages


For details, see

Device manufacturer Cyberoam used the same private key for all devices by default, which subsequently leaked and is included below. The associated public key is blacklisted.


For details, see and

The private keys for both the eDellRoot and DSDTestProvider certificates were trivially extracted, and thus their associated public keys are blacklisted.

For details, see

A subscriber of Comodo's acquired a wildcard certificate for, and then subsequently published the private key, as a means for developers to avoid having to acquire certificates.

As the private key could be used to intercept all communications to this domain, the associated public key was blacklisted.

For details, see

A user of xs4all was able to register a reserved email address that can be used to cause certificate issuance, as described in the CA/Browser Forum's Baseline Requirements, and then subsequently published the private key.



For details, see and

These two intermediates were retired by DigiCert, and blacklisted for robustness at their request.

Hacking Team

The following keys were reported as used by Hacking Team to compromise users, and are blacklisted for robustness.

For details, see

A user of was able to register a reserved email address that can be used to cause certificate issuance, as described in the CA/Browser Forum's Baseline Requirements. This was not intended by Microsoft, the operators of, but conformed to the Baseline Requirements. It was blacklisted for robustness.


For details, see

This intermediate certificate was retired by SECOM, and blacklisted for robustness at their request.


For details, see

These three intermediate certificates were retired by Symantec, and blacklisted for robustness at their request.


For details, see

This intermediate certificate was retired by T-Systems, and blacklisted for robustness at their request.