This is in 12.2-RELEASE, which is not an option yet. This is an enhancement request rather than a bug, but if there’s a way to specify enhancement request in the menus, I’m overlooking it. It would be nice if the GlobalSign certificates were disambiguated. I realize that’s their fault for hiding the names under OU rather than CN…
I will need to think on this one... unfortunately I didn't actually look at the output of `certctl list` all that much when I took it over, besides just grabbing a random cert from the list to try blacklisting. I also note that some others are suboptimal: f081611a.0 subject=C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2 Certification Authority This one has no commonName, so we fail and just print the entire subject. The output of `certctl -v list` gives a nice preview for what it would look like if we were to do that for all, which is also not spectacular. OTOH, it feels wrong to special-case GlobalSign.
(In reply to Kyle Evans from comment #1) I agree on the wrong with the special case.