Welcome! Log In Create A New Profile

Re: Firefox says Peer's Certificate has been revoked

Forum List Message List New Topic Print View

Maxim Dounin

December 20, 2010 07:06PM

Hello!

On Mon, Dec 20, 2010 at 01:29:08PM -0800, David Newman wrote:

> When attempting https connections to the server mail.cvcbike.org that
> previously ran Apache and now runs nginx with the same certs, Firefox
> browsers return this error:
>
> Peer's Certificate has been revoked.
>
> (Error code: sec_error_revoked_certificate)
>
> Other browsers (IE, Safari, Chrome) work without errors, and this
> previously worked with Apache.

Most likely in other browsers you've disabled (or not enabled,
and it's not enabled by default) certificate revocation checking.

[...]

> # openssl x509 -noout -text -in server.crt
>
> Certificate:
> Data:
> Version: 3 (0x2)
> Serial Number:
> a4:78:72:a4:4c:b2

[...]

> Validity
> Not Before: Nov 23 20:13:13 2009 GMT
> Not After : Oct 14 14:03:22 2012 GMT
> Subject: O=mail3.networktest.com, OU=Domain Control Validated,
> CN=mail3.networktest.com

[...]

> X509v3 CRL Distribution Points:
> URI:http://crl.godaddy.com/gds1-11.crl

It looks like revocation list in question includes this
certificate:

$ openssl crl -text -noout -inform DER -in gds1-11.crl
....
Serial Number: A47872A44CB2
Revocation Date: Jan 19 04:12:03 2010 GMT
CRL entry extensions:
X509v3 CRL Reason Code:
Cessation Of Operation
....

So your cert was revoked almost a year ago. I would worry about
browsers where it works - as it shouldn't.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Firefox says Peer's Certificate has been revoked	David Newman	December 20, 2010 04:32PM
Re: Firefox says Peer's Certificate has been revoked	Igor Sysoev	December 20, 2010 04:44PM
Re: Firefox says Peer's Certificate has been revoked	David Newman	December 20, 2010 06:38PM
Re: Firefox says Peer's Certificate has been revoked	David Newman	December 20, 2010 07:04PM
Re: Firefox says Peer's Certificate has been revoked	Cliff Wells	December 20, 2010 07:20PM
Re: Firefox says Peer's Certificate has been revoked	David J.	December 20, 2010 08:06PM
Re: Firefox says Peer's Certificate has been revoked	Maxim Dounin	December 20, 2010 10:44PM
Multiple certs on one server (was: Re: Firefox says Peer's Certificate has been revoked)	David Newman	December 22, 2010 12:22AM
Re: Multiple certs on one server	David J.	December 31, 2010 07:30AM
Re: Firefox says Peer's Certificate has been revoked	António P. P. Almeida	December 20, 2010 08:44PM
Re: Firefox says Peer's Certificate has been revoked	Cliff Wells	December 21, 2010 10:50PM
Re: Firefox says Peer's Certificate has been revoked	Maxim Dounin	December 20, 2010 07:06PM
Re: Firefox says Peer's Certificate has been revoked	David Newman	December 20, 2010 07:06PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 208

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018