Entrust Certification Authority - L1M

Entrust Certification Authority - L1M is a publicly trusted intermediate certificate authority operated by Entrust, Inc. and chained to Entrust Root Certification Authority - G2. It is recognized by all mainstream browsers and operating system trust stores, so the certificate itself is not a phishing indicator - the same intermediate signs millions of legitimate sites. phishunt only flags the specific domains listed below as suspicious; Entrust Certification Authority - L1M as a CA is fine.

Entrust, Inc. issues RSA domain-validated certificates automatically and at no cost (or very low cost), which is the exact workflow scammers need to put HTTPS on a throwaway domain. Domain validation only proves that the requester controls the domain name, not that the site behind it is trustworthy. phishunt lists the specific domains currently flagged below — those are the suspicious ones, not Entrust Certification Authority - L1M itself.

In a desktop browser, click the padlock in the address bar and open the certificate viewer. Confirm the issuer chain ends at Entrust Root Certification Authority - G2, that the subject matches the domain you expect, and that the notAfter date has not passed. A valid Entrust Certification Authority - L1M certificate only proves TLS was negotiated correctly — always verify the domain name itself belongs to the service you intended to visit.

Entrust Certification Authority - L1M and its siblings (Entrust Certification Authority - L1K) share the same operator (Entrust, Inc.) and roll up to the same root (Entrust Root Certification Authority - G2). CAs rotate multiple intermediates so that if one key ever has to be revoked, the damage is contained. As a user, you can treat all of them as the same trust anchor.