360浏览器根证书计划 Says: 所有的终端用户证书必须：包含有效的OCSP URL、AIA URL和CRL URL，以及由CA/Browser Forum Baseline Requirements所定义的适用OIDs。 In english: All subscribers certs must: Provides valid OCSP URL, AIA URL and CRL URL, and OIDs defined in CA/Browser Forum Baseline Requirements. But all let’s encrypt subscriber…

Thanks for bringing this up. It appears that 360 Browser has not updated their root program requirements in many years, and hasn't kept up with the latest changes both to the Baseline Requirements, and to the policies enforced in code by Chromium (on which 360 Browser is based). We'll follow up with…

LE side didn't do much but 360 browser added it in their trust store 2022 (when LE only had OSCP without CRL) [image] The 360 Browser Trust Store has added ISRG Root Certificates Issuance Policy H…

[image] davidzhao: Provides valid OCSP URL, AIA URL and CRL URL Well, previously no CRL URL was provided within the subscriber certificates, so it seems LE wasn't compliant to begin with? I know LE started operating CRLs for end user certs at some point, but these URIs weren't actually embed…

Let’s Encrypt Violates 360 Browser CA Policy

Feature Requests

orangepizza October 28, 2025, 11:40pm 2

LE side didn't do much but 360 browser added it in their trust store 2022 (when LE only had OSCP without CRL)

Topic		Replies	Views
Add ISRG Root to 360 Browser trust store Feature Requests	7	1756	February 4, 2021
根证书尚未加入360浏览器根证书信任计划 Issuance Policy	8	3766	January 21, 2020
Plea to extend Let's Encrypt support to OCSP Help	53	1150	June 9, 2025
How to get cert with CRL not OCSP Issuance Tech	8	1603	October 20, 2024
OCSP URL not included in LE-issued certificate Help	3	281	June 13, 2025

Let’s Encrypt Violates 360 Browser CA Policy

Related topics