I'm getting a "revoked" OCSP response for the cert currently used by paypal.com, but a good response for www.paypal.com. The naked domain is using OCSP stapling and is serving an older valid response, which is probably why it's still working even on browsers that are configured to check for certificate revocation. The two certificates are https://crt.sh/?id=7746738574 (revoked, used by paypal.com) and https://crt.sh/?id=7754586913 (valid, used by www.paypal.com ). -Alex On Fri, Oct 14, 2022 at 5:14 PM George Herbert via Outages < outages@outages.org> wrote:
I get a good response now, with Produced At Oct 14 19:18:25 2022
-george
Sent from my iPhone
On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages < outages@outages.org> wrote:
Firefox says:
Secure Connection Failed
An error occurred during a connection to paypal.com. Peer’s Certificate has been revoked.
Error code: SEC_ERROR_REVOKED_CERTIFICATE
OCSP checker says:
https://www.certificatetools.com/ocsp-checker
Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, sandbox.paypal.com, paypal.me, cash2india.com OCSP URI http://ocsp.digicert.com Next Update Oct 21 18:12:02 2022 GMT This Update Oct 14 18:57:02 2022 GMT Cert Status revoked Produced At Oct 14 19:13:05 2022 GMT Response Type Basic OCSP Response OCSP Response Status successful (0x0) OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages