must-staple.badssl.com

[april]

Related to #17 , Firefox Nightly now has support for the TLS must-staple extension.

It would be great to add must-staple.badssl.com, so we can use it as a test site. I'm talking with our COMODO contact, to see if they can issue a cert with the proper extension.

If they can, do you mind me sending an email looping in him, your The SSL Store guy, and yourself? Or is there another way that you would prefer me to handle it?

[lgarron]

Since 1000[0]-sans worked well, I leave it up to you. :-)

[selecadm]

Publicly-trusted certificates are now online: https://must-staple.serverhello.com https://must-staple-no-ocsp.serverhello.com

[april]

@lgarron, how's it going on requesting a cert with must-staple? Comodo certainly supports it through their usual channels these days. :)

[bhushan5640]

must-staple.badssl.com certificate doesn't seem to have must-staple extension. Is it configured properly, any update?

[april]

I don't think it's yet implemented, hence the error.

[lgarron]

No update, it's just not a priority.

If you look at the certificate you get when you visit https://must-staple.badssl.com/, you'll find that it's our fallback certificate.

[yegle]

I recently visited a website with Must-Staple but no OCSP staple information. This result in a very hard to understand ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome.

It would be great if there's a must-staple-no-ocsp.badssl.com to test with the error.