[EwanToo]

I don't think this leak has included their own certificate authority key to allow you to generate your own key signed by the CA (which thinq claims), just the private key for the website, but it's certainly embarrassing for them.

They seem to have modified all the files in the directory overnight, and removed the offending www.certigna.fr files from http://www.certigna.fr/crl/ (unless the website has an archived directory that the thinq.co.uk writer was looking at)

[yuhong]

Well, unfortunately there are also other .pem files in the list.

[EwanToo]

But that doesn't mean their CA trusted root key has been disclosed - sure, the pem files could contain their trusted root key, but they normally wouldn't.

For example, the file named certigna.pem exists on most Linux machines, it's the public key not the private one, look at the ca-certificates package on debian.