Open shankerwangmiao opened 2 years ago
Thanks for the report. untrusted-root
and self-signed
should be replaced now, but no-sct
and revoked
are waiting on validation with our CA -- hopefully I can get those updated very soon.
Hello, https://1000-sans.badssl.com expired yesterday as well, can you fix it too?
The following have also expired: https://no-subject.badssl.com/ https://no-common-name.badssl.com/
Hi, any update on this?
no-sct
should now be updated with a new certificate.1000/10000-sans unfortunately break most CA provisioning panels, so they require custom issuance and we have not been able to get these reissued yet. Do let me know if these are critical to any particular test suites (we do not use these in any of our manual testing flows) and I can see if we can come up with a more sustainable solution for renewing these yearly.
no-subject and no-common-name are known (tracked in Issue #447)
The new certificate for revoked.badssl.com
is now in Chrome's CRLSet and the server certificate has updated to match.
@christhompson I can help maintain some of these certificates, if needed, on behalf of Mozilla. My email address is bwilson@mozilla.com. Please reach out to me over email to discuss how I can help.
@christhompson, These domains still have expired certificates:
Are there any plans to update certificates for them?
https://reversed-chain.badssl.com/ also expired.
As the CA Program Manager at Mozilla, I have connections with Certification Authorities that issue these kinds of certificates. I'm sure I can get valid certificates from these CAs, as long as they do not violate the current CABF Baseline Requirements.
I can get these certificates issued for:
https://1000-sans.badssl.com/
https://no-subject.badssl.com/
https://no-common-name.badssl.com/
Who is maintaining the webserver?
Thanks for the offer @BenWilson-Mozilla -- I've sent you an email to discuss further.
BTW I think sha384.badssl.com
and sha512.badssl.com
expired on Friday.
BTW I think
sha384.badssl.com
andsha512.badssl.com
expired on Friday.
That's correct. See #501
The following certificates have expired recently:
https://self-signed.badssl.com
And https://no-sct.badssl.com will expire in several days.