paypal.com certificate revoked?

Firefox says: Secure Connection Failed An error occurred during a connection to paypal.com. Peer’s Certificate has been revoked. Error code: SEC_ERROR_REVOKED_CERTIFICATE OCSP checker says: https://www.certificatetools.com/ocsp-checker Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, sandbox.paypal.com, paypal.me, cash2india.com OCSP URI http://ocsp.digicert.com Next Update Oct 21 18:12:02 2022 GMT This Update Oct 14 18:57:02 2022 GMT Cert Status revoked Produced At Oct 14 19:13:05 2022 GMT Response Type Basic OCSP Response OCSP Response Status successful (0x0) OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce

I get a good response now, with Produced At Oct 14 19:18:25 2022 -george Sent from my iPhone
On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages <outages@outages.org> wrote:
Firefox says:
Secure Connection Failed
An error occurred during a connection to paypal.com. Peer’s Certificate has been revoked.
Error code: SEC_ERROR_REVOKED_CERTIFICATE
OCSP checker says:
https://www.certificatetools.com/ocsp-checker
Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, sandbox.paypal.com, paypal.me, cash2india.com OCSP URI http://ocsp.digicert.com Next Update Oct 21 18:12:02 2022 GMT This Update Oct 14 18:57:02 2022 GMT Cert Status revoked Produced At Oct 14 19:13:05 2022 GMT Response Type Basic OCSP Response OCSP Response Status successful (0x0) OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages

I'm getting a "revoked" OCSP response for the cert currently used by paypal.com, but a good response for www.paypal.com. The naked domain is using OCSP stapling and is serving an older valid response, which is probably why it's still working even on browsers that are configured to check for certificate revocation. The two certificates are https://crt.sh/?id=7746738574 (revoked, used by paypal.com) and https://crt.sh/?id=7754586913 (valid, used by www.paypal.com ). -Alex On Fri, Oct 14, 2022 at 5:14 PM George Herbert via Outages < outages@outages.org> wrote:
I get a good response now, with Produced At Oct 14 19:18:25 2022
-george
Sent from my iPhone
On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages < outages@outages.org> wrote:
Firefox says:
Secure Connection Failed
An error occurred during a connection to paypal.com. Peer’s Certificate has been revoked.
Error code: SEC_ERROR_REVOKED_CERTIFICATE
OCSP checker says:
https://www.certificatetools.com/ocsp-checker
Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, sandbox.paypal.com, paypal.me, cash2india.com OCSP URI http://ocsp.digicert.com Next Update Oct 21 18:12:02 2022 GMT This Update Oct 14 18:57:02 2022 GMT Cert Status revoked Produced At Oct 14 19:13:05 2022 GMT Response Type Basic OCSP Response OCSP Response Status successful (0x0) OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages

ok, paypal.com 302s to www.paypal.com # curl -I https://paypal.com HTTP/1.1 302 Moved Temporarily Content-Type: text/html Content-Length: 161 Connection: keep-alive Location: https://www.paypal.com/ Strict-Transport-Security: max-age=31536000; includeSubDomains So firefox must be checking the cert first before the redirect. But other browsers may be processing the 302 THEN checking and seeing the valid www.paypal.com -bill On 10/14/22 3:23 PM, Alex Cohn via Outages wrote:
I'm getting a "revoked" OCSP response for the cert currently used by paypal.com <http://paypal.com>, but a good response for www.paypal.com <http://www.paypal.com>. The naked domain is using OCSP stapling and is serving an older valid response, which is probably why it's still working even on browsers that are configured to check for certificate revocation.
The two certificates are https://crt.sh/?id=7746738574 (revoked, used by paypal.com <http://paypal.com>) and https://crt.sh/?id=7754586913 (valid, used by www.paypal.com <http://www.paypal.com>).
-Alex
On Fri, Oct 14, 2022 at 5:14 PM George Herbert via Outages <outages@outages.org> wrote:
I get a good response now, with Produced At Oct 14 19:18:25 2022
-george
Sent from my iPhone
> On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages <outages@outages.org> wrote: > > Firefox says: > > Secure Connection Failed > > An error occurred during a connection to paypal.com <http://paypal.com>. Peer’s Certificate has been revoked. > > Error code: SEC_ERROR_REVOKED_CERTIFICATE > > OCSP checker says: > > https://www.certificatetools.com/ocsp-checker > > Domain Name(s) paypal.com <http://paypal.com>, paypal-workplace.com <http://paypal-workplace.com>, xoom-experience.com <http://xoom-experience.com>, buyindiaonline.com <http://buyindiaonline.com>, paypal-experience.com <http://paypal-experience.com>, xoom.com <http://xoom.com>, venmo-experience.com <http://venmo-experience.com>, sandbox.paypal.com <http://sandbox.paypal.com>, paypal.me <http://paypal.me>, cash2india.com <http://cash2india.com> > OCSP URI http://ocsp.digicert.com > Next Update Oct 21 18:12:02 2022 GMT > This Update Oct 14 18:57:02 2022 GMT > Cert Status revoked > Produced At Oct 14 19:13:05 2022 GMT > Response Type Basic OCSP Response > OCSP Response Status successful (0x0) > OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com <http://ocsp.digicert.com> -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce > _______________________________________________ > Outages mailing list > Outages@outages.org > https://puck.nether.net/mailman/listinfo/outages _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages

yep same here on a newish iMac. Safari seems ok and Firefox on my iPhone is not complaining either William Kern PixelGate Network On 10/14/22 2:41 PM, Chuck Anderson via Outages wrote:
Firefox says:
Secure Connection Failed
An error occurred during a connection to paypal.com. Peer’s Certificate has been revoked.
Error code: SEC_ERROR_REVOKED_CERTIFICATE
OCSP checker says:
https://www.certificatetools.com/ocsp-checker
Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, sandbox.paypal.com, paypal.me, cash2india.com OCSP URI http://ocsp.digicert.com Next Update Oct 21 18:12:02 2022 GMT This Update Oct 14 18:57:02 2022 GMT Cert Status revoked Produced At Oct 14 19:13:05 2022 GMT Response Type Basic OCSP Response OCSP Response Status successful (0x0) OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
participants (4)
-
Alex Cohn
-
Chuck Anderson
-
George Herbert
-
William Kern