[Dev] wiki.tizen.org https certificate revoked (was Re: Cynara + DBUS)

Rafał Krypa r.krypa at samsung.com
Wed Apr 30 17:39:20 GMT 2014


On 2014-04-30 19:08, Rafał Krypa wrote:
> On 2014-04-30 17:11, Schaufler, Casey wrote:
>> Hmm. I see the same thing from outside the Intel firewall, while access from inside Intel works just fine. No, it's not just you.
> Are you using the same browsers inside and outside the firewall? I can see the revocation message in Firefox and MSIE, but Chromium doesn't report it.
>
> Either way the certificate seems to be revoked by issuer, StartSSL.

I found a dumb way to work around this problem. Mapping crl.startssl.com and ocsp.startssl.com to 127.0.0.1 in /etc/hosts works for me.

> I have checked it with openssl command line, using both CRL and OCSP:
>
> ### Get the wiki.tizen.org server certificate
> $ openssl s_client -connect wiki.tizen.org:443 -showcerts  </dev/null 2>/dev/null | grep -m1 BEGIN -A100 | openssl x509 -text >server.pem

By the way, it seems odd that s_client doesn't inform that server certificate is revoked. I tried passing "-crl_check -crl_check_all" options, but it didn't cause any certificate error.


More information about the Dev mailing list