Revoked site's SSL certificate is no longer revoked by Chromium

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.

https://badssl.com

Apache License 2.0

2.86k stars 194 forks source link

Revoked site's SSL certificate is no longer revoked by Chromium #360

Open FlorianObermayer opened 6 years ago

FlorianObermayer commented 6 years ago

When I open the page https://revoked.badssl.com (after flushing my user data revocation) in Chrome, I can see the page's content and the certificate appears to be valid.

FlorianObermayer commented 6 years ago

closing it as it works by now again.

lgarron commented 6 years ago

The cert in question is expired, which means that the error is non-deterministic depending on platform and other factors.

Ideally, we should get a new cert with the same public key, or follow the same process with a new keypair.