[Dev] wiki.tizen.org https certificate revoked (was Re: Cynara + DBUS)

Rafał Krypa r.krypa at samsung.com
Wed Apr 30 17:08:48 GMT 2014


On 2014-04-30 17:11, Schaufler, Casey wrote:
> Hmm. I see the same thing from outside the Intel firewall, while access from inside Intel works just fine. No, it's not just you.

Are you using the same browsers inside and outside the firewall? I can see the revocation message in Firefox and MSIE, but Chromium doesn't report it.

Either way the certificate seems to be revoked by issuer, StartSSL. I have checked it with openssl command line, using both CRL and OCSP:

### Get the wiki.tizen.org server certificate
$ openssl s_client -connect wiki.tizen.org:443 -showcerts  </dev/null 2>/dev/null | grep -m1 BEGIN -A100 | openssl x509 -text >server.pem
### URIs for CRL and OCSP verification are specified in the cert


### Checking CRL
$ wget -q http://crl.startssl.com/crt2-crl.crl
$ grep Serial server.pem
        Serial Number: 83679 (0x146df)
$ openssl crl  -in crt2-crl.crl -inform der -text | grep -i 146df -A1
    Serial Number: 0146DF
        Revocation Date: Apr 25 18:36:55 2014 GMT


### Checking OCSP
$ wget -q http://aia.startssl.com/certs/sub.class2.server.ca.crt
$ openssl x509 -in sub.class2.server.ca.crt -inform der -text > issuer.pem
$ openssl ocsp -CAfile issuer.pem -issuer issuer.pem -cert server.pem -url http://ocsp.startssl.com/sub/class2/server/ca -header "HOST" "ocsp.startssl.com" -no_nonce
Response verify OK
server.pem: revoked
    This Update: Apr 30 12:28:51 2014 GMT
    Next Update: May  2 12:28:51 2014 GMT
    Revocation Time: Apr 25 18:36:55 2014 GMT


>> -----Original Message-----
>> From: Jussi Laako [mailto:jussi.laako at linux.intel.com]
>> Sent: Wednesday, April 30, 2014 1:26 AM
>> To: Schaufler, Casey
>> Cc: José Bollo; Lukasz Wojciechowski; dev at lists.tizen.org
>> Subject: Re: [Dev] Cynara + DBUS
>>
>> On 24.4.2014 19:23, Schaufler, Casey wrote:
>>>> https://wiki.tizen.org/wiki/Security/Smack_setting_of_DBUS
>> Anybody knows when this is going to be fixed, or is it just me?
>>
>> "An error occurred during a connection to wiki.tizen.org. Peer's Certificate
>> has been revoked."


More information about the Dev mailing list