[outages] paypal.com certificate revoked?

William Kern wkern at pixelgate.net
Fri Oct 14 18:42:17 EDT 2022 

ok, paypal.com 302s to www.paypal.com


# curl -I https://paypal.com
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: https://www.paypal.com/
Strict-Transport-Security: max-age=31536000; includeSubDomains

So firefox must be checking the cert first before the redirect.

But other browsers may be processing the 302 THEN checking and seeing 
the valid www.paypal.com

-bill

On 10/14/22 3:23 PM, Alex Cohn via Outages wrote:
> I'm getting a "revoked" OCSP response for the cert currently used by 
> paypal.com <http://paypal.com>, but a good response for www.paypal.com 
> <http://www.paypal.com>. The naked domain is using OCSP stapling and 
> is serving an older valid response, which is probably why it's still 
> working even on browsers that are configured to check for certificate 
> revocation.
>
> The two certificates are https://crt.sh/?id=7746738574 (revoked, used 
> by paypal.com <http://paypal.com>) and https://crt.sh/?id=7754586913 
> (valid, used by www.paypal.com <http://www.paypal.com>).
>
> -Alex
>
> On Fri, Oct 14, 2022 at 5:14 PM George Herbert via Outages 
> <outages at outages.org> wrote:
>
>     I get a good response now, with Produced At Oct 14 19:18:25 2022
>
>     -george
>
>     Sent from my iPhone
>
>     > On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages
>     <outages at outages.org> wrote:
>     >
>     > Firefox says:
>     >
>     > Secure Connection Failed
>     >
>     > An error occurred during a connection to paypal.com
>     <http://paypal.com>. Peer’s Certificate has been revoked.
>     >
>     > Error code: SEC_ERROR_REVOKED_CERTIFICATE
>     >
>     > OCSP checker says:
>     >
>     > https://www.certificatetools.com/ocsp-checker
>     >
>     > Domain Name(s) paypal.com <http://paypal.com>,
>     paypal-workplace.com <http://paypal-workplace.com>,
>     xoom-experience.com <http://xoom-experience.com>,
>     buyindiaonline.com <http://buyindiaonline.com>,
>     paypal-experience.com <http://paypal-experience.com>, xoom.com
>     <http://xoom.com>, venmo-experience.com
>     <http://venmo-experience.com>, sandbox.paypal.com
>     <http://sandbox.paypal.com>, paypal.me <http://paypal.me>,
>     cash2india.com <http://cash2india.com>
>     > OCSP URI http://ocsp.digicert.com
>     > Next Update    Oct 21 18:12:02 2022 GMT
>     > This Update    Oct 14 18:57:02 2022 GMT
>     > Cert Status    revoked
>     > Produced At    Oct 14 19:13:05 2022 GMT
>     > Response Type    Basic OCSP Response
>     > OCSP Response Status  successful (0x0)
>     > OpenSSL Command          openssl ocsp -sha1 -issuer ca.crt -cert
>     cert.crt -header host=ocsp.digicert.com <http://ocsp.digicert.com>
>     -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce
>     > _______________________________________________
>     > Outages mailing list
>     > Outages at outages.org
>     > https://puck.nether.net/mailman/listinfo/outages
>     _______________________________________________
>     Outages mailing list
>     Outages at outages.org
>     https://puck.nether.net/mailman/listinfo/outages
>
>
> _______________________________________________
> Outages mailing list
> Outages at outages.org
> https://puck.nether.net/mailman/listinfo/outages
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/outages/attachments/20221014/9451839f/attachment-0001.htm>

More information about the Outages mailing list