Educause Security Discussion mailing list archives
Re: OCSP/HTTPS site issues? Certificate validation?
From: Jim Cheetham <jim.cheetham () OTAGO AC NZ>
Date: Tue, 24 Jan 2012 17:25:40 +1300
Excerpts from Seth Hall's message of Sun Jan 22 04:04:31 +1300 2012:
I attached text files with the URLs for OCSP and CRL endpoints for all of the certificates in Mozilla's root certificate bundle. http://service.diginotar.nl/crl/root/latestCRL.crl
I'm pretty sure that there's no good to be had with a Diginotar CA cert still in your machine. Check your updates :-) I mean, by all means send OCSP queries to them, and I hope that they answer "revoked" to every single one. But I think you'd be better off if the Diginotar root certificate simply wasn't on your system at all. -jim -- Jim Cheetham, Information Security, University of Otago, Dunedin, N.Z. ✉ jim.cheetham () otago ac nz ☏ +64 3 470 4670 ☏ m +64 21 227 0015 ⚷ OpenPGP: B50F BE3B D49B 3A8A 9CC3 8966 9374 82CD C982 0605 ✔ NZ BeSTGRID RAO ✔ CAcert.org Assurer
Attachment:
signature.asc
Description:
Current thread:
- OCSP/HTTPS site issues? Certificate validation? Shayne Ghere (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Jacobson, Dick (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Rich Graves (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 20)
- Re: OCSP/HTTPS site issues? Certificate validation? Seth Hall (Jan 21)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 22)
- Re: OCSP/HTTPS site issues? Certificate validation? Jim Cheetham (Jan 23)
- Re: OCSP/HTTPS site issues? Certificate validation? Seth Hall (Jan 25)
- Re: OCSP/HTTPS site issues? Certificate validation? Jeff Kell (Jan 20)