Certificate Transparency site not triggering correct interstitial

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.

https://badssl.com

Apache License 2.0

2.84k stars 191 forks source link

Certificate Transparency site not triggering correct interstitial #358

Closed livvielin closed 5 years ago

livvielin commented 6 years ago

https://invalid-expected-sct.badssl.com/ triggers the NET::ERR_CERT_SYMANTEC_LEGACY interstitial in newer versions of Chrome.

christhompson commented 6 years ago

As a workaround for testing, the Symantec distrust can be disabled using the --disable-features="LegacySymantecPKI" flag passed to Chrome on the command-line.

@april Do you know who to contact to re-issue this certificate? I'm happy to make a new CSR if needed.

FranklinYu commented 5 years ago

Any update?

april commented 5 years ago

I do, I think! Sorry I missed the initial notification on this, but I'll shoot you the contact info when I get back to work next week. :)

RJPercival commented 5 years ago

This has been somewhat superceded by #372 (the certificate expired).

christhompson commented 5 years ago

We've added no-sct.badssl.com to hit this use case. We likely won't be able to get a new invalid sct cert, so closing this out.