Example of live site with trusted, signed but revoked certificate?

Question

I'm drawing up some documentation for users with the intent on educating them on certificate revocation. I would like to include screen shots of browsers to demonstrate the user experience when encountering a revoked cert. The revocation can occur via either OCSP or CRL.

I've tried digging around CRLs, but they list the serial number of a certificate and don't provide a URL for me to try connecting.

Could someone provide a URL to a live site with a non-self-signed but revoked cert? Or perhaps there's a way to look up certs in a CRL and cross reference them to a URL?

Brent Writes Code · Answer 1 · 2016-09-16T22:57:38.593

15

Here's a second in case anyone else stumbles upon this question (my company firewall blocks port 2443 outbound):

https://revoked.grc.com/

EDIT: This is a VERY belated update, but I just discovered:

https://badssl.com/

Which, at least for me, has everything I needed to test.

edited Sep 16 '16 at 22:57

answered Nov 17 '14 at 23:11

Brent Writes Code

281
2
7

I wanted to see, how curl command works for self signed certificate. https://self-signed.badssl.com/ helped me in understanding the same. – PraveenKumar Lalasangi Sep 14 '19 at 17:30

score 11 · Accepted Answer · answered Apr 04 '11 at 15:02

11

Does this one fit the bill? https://test-sspev.verisign.com:2443/test-SSPEV-revoked-verisign.html

answered Apr 04 '11 at 15:02

mahnsc

1,776
13
11

That will fit the bill! Thanks. Although there's a funny port number assigned to the URL, the user experience should be the same, allowing for good documentation with screenshots of what users will encounter with Firefox, Safari, IE, etc. – flumignan Apr 04 '11 at 16:36
Note that this is an EV certificate. Some browsers check revocation lists for EV certs but not for non-EV certs. It would be good to have one that wasn't an EV cert to also test with. See e.g. http://news.netcraft.com/archives/2013/05/13/how-certificate-revocation-doesnt-work-in-practice.html – David Eison Apr 12 '14 at 18:21
2

The certificate for this site is now expired :( – Felipe Mosso Dec 07 '16 at 10:28

score 3 · Answer 3 · edited Jan 24 '18 at 13:57

3

The DigiCert Trusted Root Authority Certificates page contains links to hosts with revoked certificates (look for the text “Demo Sites for Root” on that page).

You can find a revoked EV certificate under DigiCert High Assurance EV Root CA → Demo Sites for Root → Revoked.

edited Jan 24 '18 at 13:57

Andrew Schulman

8,561
21
31
47

answered Jan 24 '18 at 13:36

hasseg

131
3

score 0 · Answer 4 · answered Sep 12 '22 at 22:41

0

List of testing web pages with valid, expired or revoked TLS certificates: https://crt.sh/test-websites

answered Sep 12 '22 at 22:41

L.R.

765
6
11

Example of live site with trusted, signed but revoked certificate?

4 Answers4