Last active
October 13, 2016 16:43
-
-
Save philr/4e65c8e1d0a1357ae7f6133f749b4324 to your computer and use it in GitHub Desktop.
GlobalSign revoked intermediate certificate OCSP response
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Hypertext Transfer Protocol | |
| GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8DYx HTTP/1.1\r\n | |
| Host: ocsp.globalsign.com\r\n | |
| \r\n | |
| [Full request URI: http://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6%2BMgGqMQQUYHtmGkUNl8qJUC99BM00qP%2F8%2FUsCCwQAAAAAAURO8DYx] | |
| [HTTP request 1/1] | |
| [Response in frame: 114] | |
| Hypertext Transfer Protocol | |
| HTTP/1.1 200 OK\r\n | |
| Date: Thu, 13 Oct 2016 14:19:59 GMT\r\n | |
| Content-Type: application/ocsp-response\r\n | |
| Content-Length: 1542\r\n | |
| Connection: keep-alive\r\n | |
| Last-Modified: Thu, 13 Oct 2016 11:10:54 GMT\r\n | |
| Expires: Mon, 17 Oct 2016 11:10:54 GMT\r\n | |
| ETag: "e131d8c327835258b02db07c3423447995baeae0"\r\n | |
| Cache-Control: max-age=345599,public,no-transform,must-revalidate\r\n | |
| CF-Cache-Status: HIT\r\n | |
| Vary: Accept-Encoding\r\n | |
| Server: cloudflare-nginx\r\n | |
| CF-RAY: 2f136e0265a5356c-LHR\r\n | |
| \r\n | |
| [HTTP response 1/1] | |
| [Time since request: 0.007262000 seconds] | |
| [Request in frame: 111] | |
| Online Certificate Status Protocol | |
| responseStatus: successful (0) | |
| responseBytes | |
| ResponseType Id: 1.3.6.1.5.5.7.48.1.1 (id-pkix-ocsp-basic) | |
| BasicOCSPResponse | |
| tbsResponseData | |
| responderID: byKey (2) | |
| byKey: e37565882ed5c6e6c0244931e9019de402c9644f | |
| producedAt: 2016-10-13 11:10:54 (UTC) | |
| responses: 1 item | |
| SingleResponse | |
| certID | |
| hashAlgorithm (SHA-1) | |
| Algorithm Id: 1.3.14.3.2.26 (SHA-1) | |
| issuerNameHash: b757b5b69c07f81623138e90c92a0ebe3201aa31 | |
| issuerKeyHash: 607b661a450d97ca89502f7d04cd34a8fffcfd4b | |
| serialNumber: 0x040000000001444ef03631 | |
| certStatus: revoked (1) | |
| thisUpdate: 2016-10-13 11:10:54 (UTC) | |
| nextUpdate: 2016-10-17 11:10:54 (UTC) | |
| signatureAlgorithm (sha1WithRSAEncryption) | |
| Algorithm Id: 1.2.840.113549.1.1.5 (sha1WithRSAEncryption) | |
| Padding: 0 | |
| signature: 2e54f96d7b93c1a301296c6a45244387a56edb96f60d0c51... | |
| certs: 1 item | |
| Certificate (id-at-commonName=GlobalSign OCSP for Root R1 - Signer 1.2,id-at-organizationName=GlobalSign nv-sa,id-at-countryName=BE) |
Nope. You are not the only one.
So according to GlobalSign they had an issue with their CRL and that listed the AlphaSSL certificate as revoked. They have supposedly fixed this now, but I am still seeing this issue with Microsoft IE Edge (there were reports of Chrome having issues as well, but I am unable to replicate those).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Interesting; looks like I'm not the only one investigating this. 💃