You’d think a Certification Authority (CA) would take their job seriously,
particularly after the disastrous news on the Comodo breakins, but that
is apparently not the case.
When Tony pointed out this
morning that Certigna had a key file lying around,
I thought he was kidding. Unfortunately I didn’t take a screen shot of the
directory listing, but I found
one. Here it is in
all its glory.
I did, however, grab the two files.
The key belongs to a server certificate (the file www.certigna.fr.crt in the same
directory) which has expired:
The key file itself is encrypted with a passphrase:
In spite of the key being protected, the security of this Certification Authority
is disastrous, though they call themselves experts. From the Certigna Web site:
Composée d’experts reconnus, l’équipe se concentre essentiellement sur le
développement de deux axes : la sécurité internet …
They should be punished by having their CA certificate removed
from Web browsers.