[outages] paypal.com certificate revoked?

Alex Cohn alex at alexcohn.com
Fri Oct 14 18:23:41 EDT 2022


I'm getting a "revoked" OCSP response for the cert currently used by
paypal.com, but a good response for www.paypal.com. The naked domain is
using OCSP stapling and is serving an older valid response, which is
probably why it's still working even on browsers that are configured to
check for certificate revocation.

The two certificates are https://crt.sh/?id=7746738574 (revoked, used by
paypal.com) and https://crt.sh/?id=7754586913 (valid, used by www.paypal.com
).

-Alex

On Fri, Oct 14, 2022 at 5:14 PM George Herbert via Outages <
outages at outages.org> wrote:

> I get a good response now, with Produced At Oct 14 19:18:25 2022
>
> -george
>
> Sent from my iPhone
>
> > On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages <
> outages at outages.org> wrote:
> >
> > Firefox says:
> >
> > Secure Connection Failed
> >
> > An error occurred during a connection to paypal.com. Peer’s Certificate
> has been revoked.
> >
> > Error code: SEC_ERROR_REVOKED_CERTIFICATE
> >
> > OCSP checker says:
> >
> > https://www.certificatetools.com/ocsp-checker
> >
> > Domain Name(s)    paypal.com, paypal-workplace.com, xoom-experience.com,
> buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com,
> sandbox.paypal.com, paypal.me, cash2india.com
> > OCSP URI    http://ocsp.digicert.com
> > Next Update    Oct 21 18:12:02 2022 GMT
> > This Update    Oct 14 18:57:02 2022 GMT
> > Cert Status    revoked
> > Produced At    Oct 14 19:13:05 2022 GMT
> > Response Type    Basic OCSP Response
> > OCSP Response Status  successful (0x0)
> > OpenSSL Command          openssl ocsp -sha1 -issuer ca.crt -cert
> cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com
> -text -CAfile ca.crt -no_nonce
> > _______________________________________________
> > Outages mailing list
> > Outages at outages.org
> > https://puck.nether.net/mailman/listinfo/outages
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20221014/4faf49a5/attachment.htm>


More information about the Outages mailing list