Hello,
Just thought I'd report some findings about the quality of the "Test Website - Revoked" field values. This is in the context of using this data for testing revocation software. Please let me know if there is a more suitable venue for this, thanks! Certificate is not actually revoked (probably because it is also expired): - "Microsoft RSA Root Certificate Authority 2017" - https://rvkrsaroot2017.pki.microsoft.com/ - "Microsoft ECC Root Certificate Authority 2017" - https://rvkeccroot2017.pki.microsoft.com/ (both of these have a single CRL referenced in their CRLDP extension, and they are valid and fresh but also empty. Most likely because the certs are also expired, see below.) CRL is outdated: - "AffirmTrust Commercial" - https://revokedcommercial.affirmtrust.com/ (next_update=2025-09-18T06:36:15+00:00) - "AffirmTrust Networking" - https://revokednetworking.affirmtrust.com/ (next_update=2025-09-18T06:36:15+00:00) - "AffirmTrust Premium" - https://revokedpremium.affirmtrust.com/ (next_update=2025-09-18T06:37:15+00:00) - "AffirmTrust Premium ECC" - https://revokedpremiumecc.affirmtrust.com/ (next_update=2025-09-18T06:36:15+00:00) Not in CT (realize this is not required by BRs, but would be nice if these sites were otherwise accepted by browsers except for being revoked): - "SecureSign Root CA12" - https://ss12-revoked.managedpki.ne.jp - "SecureSign Root CA14" - https://ss14-revoked.managedpki.ne.jp - "SecureSign Root CA15" - https://ss15-revoked.managedpki.ne.jp - "BJCA Global Root CA1" - https://demossl-rsa-revoked.bjca.org.cn - "BJCA Global Root CA2" - https://demossl-ecc-revoked.bjca.org.cn - "Entrust Root Certification Authority - G2" - https://entrustrootcertificationauthorityg2.sectigo.com:444 Fails to handshake with rustls, openssl 3, boringssl and firefox: - "Entrust Root Certification Authority - EC1" - https://entrustrootcertificationauthorityec1.sectigo.com:444 Certificate is expired because server is configured with wrong certificate: replies with certificate for expired4ktlsr2022.affirmtrust.com - "AffirmTrust Commercial" - https://revokedcommercial.affirmtrust.com/ Certificate is expired: - "AffirmTrust Networking" - https://revokednetworking.affirmtrust.com/ - "AffirmTrust Premium" - https://revokedpremium.affirmtrust.com/ - "AffirmTrust Premium ECC" - https://revokedpremiumecc.affirmtrust.com/ - "Microsoft ECC Root Certificate Authority 2017" - https://rvkeccroot2017.pki.microsoft.com/ - "Microsoft RSA Root Certificate Authority 2017" - https://rvkrsaroot2017.pki.microsoft.com/ Server is misconfigured and does not include intermediate certificates: - "TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1" - https://testsslrevoked.kamusm.gov.tr/ - "Actalis Authentication Root CA" - https://ssltest-revoked.actalis.it/ CRL DP server quoted in issuer not working: - "Microsoft ECC Root Certificate Authority 2017" - CRL DP is http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Root%20Certificate%20Authority%202017.crl but this server returns HTTP 403 with wget UA Thanks, Joe -- You received this message because you are subscribed to the Google Groups "CCADB Public" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/ccadb.org/d/msgid/public/bd10d8e5-84c6-49fe-a776-9ef23ed5a4bfn%40ccadb.org.
