Questions tagged [revoked]

12 questions
17
votes
2 answers

Does reissuing an SSL certificate invalidate the previously-issued certificate?

I used the "reissue certificate" functionality at a SSL certificate vendor (RapidSSL, FWIW) to get a new certificate - in doing so, I created and used a new private key and pass phrase. Will the re-issuance of this certificate cause the…
Cooper
  • 271
  • 1
  • 2
  • 4
13
votes
4 answers

Example of live site with trusted, signed but revoked certificate?

I'm drawing up some documentation for users with the intent on educating them on certificate revocation. I would like to include screen shots of browsers to demonstrate the user experience when encountering a revoked cert. The revocation can occur…
flumignan
  • 347
  • 2
  • 9
4
votes
1 answer

What happens when a public-CA "code signing" certificate is revoked?

Specifically: Once the certificate is added to the public-CA CRL, how will Windows handle executables signed with that certificate?
Leor
  • 93
  • 5
2
votes
2 answers

Unrevoke a certificate which was revoked with a status different from Certificate Hold

Is there a way to unrevoke a revoked certificate, which was revoked with the “Superseded” reason code? I'm using the Certification Authority provided with Windows Server 2008 SP2.
Ondrej Tucny
  • 404
  • 1
  • 7
  • 25
1
vote
0 answers

How does certutil determine that a cert is revoked

I'm testing that an x509 certificate can be correctly determined to be revoked. I'm taking the cert from https://revoked.badssl.com and verifying it via certutil. When my system is online, it seems to pull the CRL and determine that it is revoked. I…
1
vote
1 answer

Why does SQLclient still allow encrypted connection with revoked cert?

We are implementing SQL 2014 encrypted connections in the near future. I want to do my due diligence and confirm the cert validation process. I also want to use the trustservercertificate=false option. I want all connections to actually use cert…
MattRDude
  • 11
  • 3
1
vote
0 answers

Revoking client certificate two way authentication

can we revoke a client certificate by serial (we are using mutual authentication)? we tried revoking a certificate using the certificate file but the revocation date is not set to the current date . it is set after 3 hours or so. can anybody…
Steve
  • 255
  • 2
  • 11
1
vote
1 answer

OpenVPN client self-sign cert, revoke on elsewhere?

I've got myself into a pretty messy situation: I generated a clients self-signed certificate on server A, with server A being the CA. I then copied the self-signed certificate (.crt, .key) to server B, which is also a CA by itself. I started using…
tw79
  • 31
  • 1
  • 4
1
vote
2 answers

Is OpenVPN revoke (CLR blacklist) computation effective? How much keys can I safely revoke?

We are building a system where we will have to black-list OpenVPN keys quite a lot. Hence the question: is OpenVPN algorithm for blacklisting keys computation effective? How much keys can I safely revoke before OpenVPN requires too much resources…
user46747
1
vote
1 answer

OpenSSL invalid revocation date / update CRL?

I have an index.txt file where I changed the value of a certificate - whose certificate file I do not have - from V to R to revoke it. The index.txt looks as follows exemplarily: V 220303095424Z 123456 unknown /bla R 220303104529Z …
Ferit
  • 111
  • 3
0
votes
1 answer

Apache 2.2.14: SSLCARevocation location

I am installing a .crl in my apache config. It looks like this: VirtualHost default DocumentRoot "web" ServerName example.com SSLEngine on SSLCertificateFile "cert.crt" SSLCertificateKeyFile "key.key" SSLCertificateChainFile…
Doc
0
votes
4 answers

FireFox detects Revoked Certificate, IE does not

Our exchange web access is secured by an SSL certificate. When I try to visit the web access in FireFox (v2 and v3.5), I get: Secure Connection Failed An error occurred during a connection to www.example.net.au. Peer's Certificate has been…
Mark Henderson
  • 68,316
  • 31
  • 175
  • 255