Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add revoked intermediate subdomain #136

Open
rugk opened this issue Jan 2, 2016 · 4 comments
Open

Add revoked intermediate subdomain #136

rugk opened this issue Jan 2, 2016 · 4 comments

Comments

@rugk
Copy link
Contributor

rugk commented Jan 2, 2016

See https://revoked-intermediate.serverhello.com/ for an example.

@rugk rugk changed the title Revoked intermediate Add revoked intermediate subdomain Jan 2, 2016
@lgarron
Copy link
Collaborator

lgarron commented Jan 3, 2016

Hmm, revoked certs are tricky, and intermediates doubly so. How did https://revoked-intermediate.serverhello.com/ get a cert revoked intermediate, and what's the story behind the revocation?

Also, revocation on its own usually doesn't trigger a failure (with notable exceptions, e.g. EV in Chrome and must-staple), although I at least want to get revoked.badssl.com (#30) into Chrome's CRLSet at some point.

@rugk
Copy link
Contributor Author

rugk commented Jan 3, 2016

@selecadm
Copy link

selecadm commented Jan 3, 2016

This cert was issued after intermediate revocation but before SHA1 was disallowed.

Now all I can come up with is pinging @robstradling, whether it's possible to issue SHA2 from SHA1 discounted intermediate, or create and then revoke new intermediate. The second option would be much better, considering it would be the first intermediate in chain. My setup makes use of cross-signing.

@gdubicki
Copy link

+1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

5 participants