While reconning a target I found an “Entrust Authority Enrollment Server for Web” instance which shows around two dozens of certificates for DEV, TEST and PROD environment. The instance is not secured so I can see among other things Issuer, Valid from, Serial Number, Subject Key Identifier and the part between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- for each certificate.
I am not sure if this is really an issue and whether the certificates are even intended to be public.
On a different subdomain at the same target I found a public directory which also includes (different) certificates for download (.cer, .der and .crl filetypes). Some of them has names like RootCA.cer.
Thanks for your opinion and help!