March 29, 2021

Certificate Transparency question: Cert only in Submariner yet accepted by Chrome


Hi!

I’ve found a strange CT situation with the SSL certificate for [www.michelin.fr](https://www.michelin.fr) which I don’t understand:

* [crt.sh](https://crt.sh/?id=4187000593) shows that recent pre-certs were logged in different logs, including this pre-cert for the currently used certificate
* the certificate currently in use by the website is only registered with Submariner, a log which is supposed to mean that the Root is not trusted (if I understand correctly)
* yet the certificate is accepted by Chrome and others, and it’s a very public website

Can someone with deeper understanding of CT help me? In this strange situation, should the certificate be trusted? or not?

Here’s the crt.sh for the current cert : [https://crt.sh/?id=4208557599](https://crt.sh/?id=4208557599)
Any idea?

(I’m working on a CT related project and I was using michelin.fr as a test: I’m not related to this company)

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.