[Info-vax] forum.vmssoftware.com/
Johnny Billquist
bqt at softjar.se
Mon Sep 11 10:06:27 EDT 2023
On 2023-09-11 10:02, David Wade wrote:
> On 11/09/2023 03:34, Arne Vajhøj wrote:
>> On 9/10/2023 9:56 PM, Arne Vajhøj wrote:
>>> There is something going on with that site.
>>>
>>> I tried again.
>>>
>>> FF gives cert revoked every time now.
>>>
>>> Chrome works. And say that cert expire Tuesday, September 19, 2023 at
>>> 7:59:59 PM.
>>
>> I tried via work.
>>
>> Chrome works.
>>
>> FF does not work but gives a different error:
>>
>> "Bad Server Certificate" and certificate expiration is 11-Nov-2284
>> 07:08:23.
>>
>> WTF??
>>
>> Arne
>>
>>
> Every certificate contains a URL for a certificate revocation list
> (CRL). So if a certificate is compromised, for example because its
> private key is stolen, it can be revoked.
What kind of broken scheme is that? You get an URL and are supposed to
check if something is ok based on this? How hard would it be to direct
that to somewhere else and fake things?
> What you are seeing is the fact that Chrome and Edge don't check the CRL
> but FF does
Which is bad, but also shows how much you can trust certificates or
sites, based on your browser approving of them.
Johnny
More information about the Info-vax
mailing list