Skip to content

Instantly share code, notes, and snippets.

@hrbrmstr

hrbrmstr/crls.csv Secret

Last active August 29, 2015 14:00
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save hrbrmstr/b466f9348b6369990c05 to your computer and use it in GitHub Desktop.
Save hrbrmstr/b466f9348b6369990c05 to your computer and use it in GitHub Desktop.
Download ZIP
SANS CRL list, CSV-ified
Raw
crls.csv
URL CA
http://crl.godaddy.com/gds1-85.crl godaddy
http://crl3.digicert.com/sha2-ev-server-g1.crl digicert
http://crl3.digicert.com/ssca-g5.crl digicert
http://crl.startssl.com/crt2-crl.crl startssl
http://crl.usertrust.com/USERTrustLegacySecureServerCA.crl usertrust
http://gtssl-crl.geotrust.com/crls/gtssl.crl geotrust
http://crl.comodoca.com/COMODOExtendedValidationSecureServerCA.crl comodo
http://crl.comodoca.com/COMODOHigh-AssuranceSecureServerCA.crl comodo
http://crl.comodoca.com/COMODOSSLCA.crl comodo
http://crl.omniroot.com/PublicSureServerSV.crl omniroot
http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl verisign
http://gtssl2-crl.geotrust.com/gtssl2.crl geotrust
http://EVIntl-crl.verisign.com/EVIntl2006.crl verisign
http://SVRIntl-G3-crl.verisign.com/SVRIntlG3.crl verisign
http://EVSecure-crl.verisign.com/EVSecure2006.crl verisign
http://crl.globalsign.com/gs/gsdomainvalg2.crl globalsign
http://crl3.digicert.com/ca3-g27.crl globalsign
http://crl4.digicert.com/ca3-g27.crl digicert
http://crl4.digicert.com/sha2-ev-server-g1.crl digicert
http://pki.google.com/GIAG2.crl google
http://crl-ssl.certificat2.com/keynectis/class2keynectisca.crl keynetics
http://crl.godaddy.com/gdig2s1-42.crl godaddy
http://crl.microsoft.com/pki/mscorp/crl/MSIT%20Machine%20Auth%20CA%202(1).crl microsoft
http://mscrl.microsoft.com/pki/mscorp/crl/MSIT%20Machine%20Auth%20CA%202(1).crl microsoft
http://sd.symcb.com/sd.crl symcb
http://svr-sgc-crl.thawte.com/ThawteSGCG2.crl thawte
http://crl.entrust.net/level1c.crl entrust
http://crl.globalsign.com/gs/gsorganizationvalg2.crl globalsign
http://crl.godaddy.com/gds1-54.crl godaddy
http://crl.netsolssl.com/NetworkSolutions_CA.crl ns
http://crl2.netsolssl.com/NetworkSolutions_CA.crl ns
http://crl.comodoca.com/PositiveSSLCA2.crl comodo
http://rapidssl-crl.geotrust.com/crls/rapidssl.crl geotrust
http://crl.godaddy.com/gds1-74.crl godaddy
http://crl.godaddy.com/gds1-15.crl godaddy
http://crl.globessl.com/GlobeSSLDVCertificationAuthority.crl globessl
http://crl.e-szigno.hu/sslca.crl szigno
http://crl.usertrust.com/CrazyDomainsDVCertificationAuthority.crl usertrust
http://crl.trustwave.com/OVCA_L2.crl trustwave
http://crl.tcs.terena.org/TERENASSLCA.crl terena
http://crl.startssl.com/crt1-crl.crl startssl
http://crl.starfieldtech.com/sfs1-24.crl sfs
http://crl.starfieldtech.com/sfs1-23.crl sfs
http://crl3.digicert.com/ca3-g17.crl digicert
http://gtssldv-crl.geotrust.com/crls/gtssldv.crl geotrust
http://crl.siteblindadocerts.com/SSLBlindado.crl blinado
http://crl.ssl.com/SSLcomFreeSSLCA.crl sslcom
http://mscrl.microsoft.com/pki/mscorp/crl/Microsoft%20Secure%20Server%20Authority(8).crl microsoft
http://svr-dv-crl.thawte.com/ThawteDV.crl thawte
http://svr-ov-crl.thawte.com/ThawteOV.crl thawte
http://repo1.secomtrust.net/spcpp/pfw/pfwsr2ca/fullcrl.crl secomtrust
http://volusion-crl.digitalcertvalidation.com/crls/volusion.crl volusin
http://crl.godaddy.com/gds1-80.crl godaddy
http://crl.godaddy.com/gds1-81.crl godaddy
http://crl.godaddy.com/gds4-37.crl godaddy
http://crl.godaddy.com/gds4-39.crl godaddy
http://crl.godaddy.com/gds4-78.crl godaddy
http://crl.godaddy.com/gds4-82.crl godaddy
http://crl.godaddy.com/gds4-89.crl godaddy
http://crl.godaddy.com/gds4-90.crl godaddy
http://crl.godaddy.com/gds4-91.crl godaddy
http://crl.godaddy.com/gds4-92.crl godaddy
http://crl.incommon.org/InCommonServerCA.crl incommon
http://crl.innossl.com/InnoSSLTrustSignDVCertificationAuthority.crl innossl
http://crl.netsolssl.com/NetworkSolutionsDVServerCA.crl netolssl
http://certificates.godaddy.com/repository/godaddyextendedissuing3.crl godaddy
http://crl.buypass.no/crl/BPClass3CA1.crl buypass
http://crl.ca.vodafone.com/crl/VodafoneCorporateServices2009.crl vodaphone
http://crl.cacert.org/revoke.crl cacert
http://crl.comodoca.com/EssentialSSLCA.crl comodo
http://crl.comodoca.com/PositiveSSLCA.crl comodo
http://SVR1024SecureG2-crl.verisign.com/SVR1024SecureG2.crl verisign
http://SVRIntl-crl.verisign.com/SVRIntl.crl verisign
http://www.hasbro.com/pki/Hasbro%20Ent1%20CA.crl hasbro
http://www.certificat.com/crl/ACCERTINOMISSSL.crl certificat
http://www.ccwp.wrotapodlasia.pl/crl/netca.crl ccwp
http://www.intel.com/repository/CRL/Intel%20Intranet%20Basic%20Issuing%20CA%202B(1).crl intel
http://www.postsignum.cz/crl/pspublicca2.crl postsignum
http://sureseries-crl.cybertrust.ne.jp/SureServer/ctjpubcag2/cdp.crl cybertrust
Raw
openssl.txt
# CRL inspection on the command line
openssl crl -in <filename> -inform DER -text
# CRL DER to PEM
openssl crl -inform DER -outform PEM -in revoked.crl -out revoked.pem
Raw
readcrl.py
import OpenSSL
import sys
# pass in the PEM CRL file
CRLFile = sys.argv[1]
# read it in
with open(CRLFile, 'r') as crlfile:
CRL = "".join(crlfile.readlines())
# create the CRL object
parsedCRL = OpenSSL.crypto.load_crl(OpenSSL.crypto.FILETYPE_PEM, CRL)
# get all the 'revoked' entried
revoked = parsedCRL.get_revoked()
# print out each entry
for entry in revoked:
print f, entry.get_rev_date(), entry.get_reason()
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment