Overview

• Cloudflare says Fina CA issued 12 unauthorized certificates for the 1.1.1.1 resolver between February 2024 and August 2025, identified this week via Certificate Transparency reports.
• All certificates were revoked on September 4 UTC after Cloudflare notified Fina and root program operators, and Microsoft began deploying a quick disallow mechanism.
• Fina told Cloudflare the issuances were for production‑environment testing and said the private keys remained under its control and were destroyed, a claim Cloudflare cannot verify.
• Cloudflare’s review found the certificates included unregistered or fictitious names and lacked proper domain/IP control validation, violating CA/Browser Forum requirements and Fina’s own policy.
• Exposure was limited to clients that trust Fina by default—Microsoft and an EU trust service—while Google, Apple, and Mozilla root stores do not; Cloudflare is tightening CT monitoring and triage and found no evidence of BGP hijacking or malicious use.