Update `subdomain-revoked.pem`. Addresses #404.

chromium / badssl.com

:lock: Memorable site for testing clients against bad SSL configs.

https://badssl.com

Apache License 2.0

2.81k stars 190 forks source link

Update `subdomain-revoked.pem`. Addresses #404. #410

Closed lgarron closed 4 years ago

lgarron commented 4 years ago

Since the previous certificate was, well... revoked, we can't get a cert with the same private key. We'll have to add the new key to the revocation lists before this works.

See https://bugzilla.mozilla.org/show_bug.cgi?id=1300236 for the Mozilla process last time. @april, could you handle this?
@christhompson, could you handle the SPKI denylist in Google?

lgarron commented 4 years ago

@ericlaw1979, any chance you could get this key/cert added to Microsoft's CRL? :-D

christhompson commented 4 years ago

This is now deployed. I've landed CLs to update the preloaded blocklist in Chrome and the CRLSet component. It may take ~1 day of the CRLSet to push out and reach most Chrome installs, so for now revoked.badssl.com may appear marked "Secure" in Chrome.