I'm getting a "revoked" OCSP response for the cert currently used by paypal.com, but a good response for www.paypal.com. The naked domain is using OCSP stapling and is serving an older valid response, which is probably why it's still working even on browsers that are configured to check for certificate revocation.
The two certificates are https://crt.sh/?id=7746738574 (revoked, used by paypal.com) and https://crt.sh/?id=7754586913 (valid, used by www.paypal.com ). -Alex On Fri, Oct 14, 2022 at 5:14 PM George Herbert via Outages < [email protected]> wrote: > I get a good response now, with Produced At Oct 14 19:18:25 2022 > > -george > > Sent from my iPhone > > > On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages < > [email protected]> wrote: > > > > Firefox says: > > > > Secure Connection Failed > > > > An error occurred during a connection to paypal.com. Peer’s Certificate > has been revoked. > > > > Error code: SEC_ERROR_REVOKED_CERTIFICATE > > > > OCSP checker says: > > > > https://www.certificatetools.com/ocsp-checker > > > > Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, > buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, > sandbox.paypal.com, paypal.me, cash2india.com > > OCSP URI http://ocsp.digicert.com > > Next Update Oct 21 18:12:02 2022 GMT > > This Update Oct 14 18:57:02 2022 GMT > > Cert Status revoked > > Produced At Oct 14 19:13:05 2022 GMT > > Response Type Basic OCSP Response > > OCSP Response Status successful (0x0) > > OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert > cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com > -text -CAfile ca.crt -no_nonce > > _______________________________________________ > > Outages mailing list > > [email protected] > > https://puck.nether.net/mailman/listinfo/outages > _______________________________________________ > Outages mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/outages >
_______________________________________________ Outages mailing list [email protected] https://puck.nether.net/mailman/listinfo/outages
