Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. nsp>
  3. outages
paypal.com certificate revoked?
outages at outages
Oct 14, 2022, 2:41 PM
Post #1 of 5 (421 views)
Permalink
Firefox says:

Secure Connection Failed

An error occurred during a connection to paypal.com. Peer’s Certificate has been revoked.

Error code: SEC_ERROR_REVOKED_CERTIFICATE

OCSP checker says:

https://www.certificatetools.com/ocsp-checker

Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, sandbox.paypal.com, paypal.me, cash2india.com
OCSP URI http://ocsp.digicert.com
Next Update Oct 21 18:12:02 2022 GMT
This Update Oct 14 18:57:02 2022 GMT
Cert Status revoked
Produced At Oct 14 19:13:05 2022 GMT
Response Type Basic OCSP Response
OCSP Response Status successful (0x0)
OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce
_______________________________________________
Outages mailing list
Outages@outages.org
https://puck.nether.net/mailman/listinfo/outages
Re: paypal.com certificate revoked? [ In reply to ]
outages at outages
Oct 14, 2022, 3:12 PM
Post #2 of 5 (421 views)
Permalink
I get a good response now, with Produced At Oct 14 19:18:25 2022

-george

Sent from my iPhone

> On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages <outages@outages.org> wrote:
>
> ?Firefox says:
>
> Secure Connection Failed
>
> An error occurred during a connection to paypal.com. Peer’s Certificate has been revoked.
>
> Error code: SEC_ERROR_REVOKED_CERTIFICATE
>
> OCSP checker says:
>
> https://www.certificatetools.com/ocsp-checker
>
> Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, sandbox.paypal.com, paypal.me, cash2india.com
> OCSP URI http://ocsp.digicert.com
> Next Update Oct 21 18:12:02 2022 GMT
> This Update Oct 14 18:57:02 2022 GMT
> Cert Status revoked
> Produced At Oct 14 19:13:05 2022 GMT
> Response Type Basic OCSP Response
> OCSP Response Status successful (0x0)
> OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce
> _______________________________________________
> Outages mailing list
> Outages@outages.org
> https://puck.nether.net/mailman/listinfo/outages
_______________________________________________
Outages mailing list
Outages@outages.org
https://puck.nether.net/mailman/listinfo/outages
Re: paypal.com certificate revoked? [ In reply to ]
outages at outages
Oct 14, 2022, 3:14 PM
Post #3 of 5 (421 views)
Permalink
yep same here on a newish iMac.

Safari seems ok and Firefox on my iPhone is not complaining either

William Kern

PixelGate Network

On 10/14/22 2:41 PM, Chuck Anderson via Outages wrote:
> Firefox says:
>
> Secure Connection Failed
>
> An error occurred during a connection to paypal.com. Peer’s Certificate has been revoked.
>
> Error code: SEC_ERROR_REVOKED_CERTIFICATE
>
> OCSP checker says:
>
> https://www.certificatetools.com/ocsp-checker
>
> Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com, buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com, sandbox.paypal.com, paypal.me, cash2india.com
> OCSP URI http://ocsp.digicert.com
> Next Update Oct 21 18:12:02 2022 GMT
> This Update Oct 14 18:57:02 2022 GMT
> Cert Status revoked
> Produced At Oct 14 19:13:05 2022 GMT
> Response Type Basic OCSP Response
> OCSP Response Status successful (0x0)
> OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce
> _______________________________________________
> Outages mailing list
> Outages@outages.org
> https://puck.nether.net/mailman/listinfo/outages
_______________________________________________
Outages mailing list
Outages@outages.org
https://puck.nether.net/mailman/listinfo/outages
Re: paypal.com certificate revoked? [ In reply to ]
outages at outages
Oct 14, 2022, 3:23 PM
Post #4 of 5 (421 views)
Permalink
I'm getting a "revoked" OCSP response for the cert currently used by
paypal.com, but a good response for www.paypal.com. The naked domain is
using OCSP stapling and is serving an older valid response, which is
probably why it's still working even on browsers that are configured to
check for certificate revocation.

The two certificates are https://crt.sh/?id=7746738574 (revoked, used by
paypal.com) and https://crt.sh/?id=7754586913 (valid, used by www.paypal.com
).

-Alex

On Fri, Oct 14, 2022 at 5:14 PM George Herbert via Outages <
outages@outages.org> wrote:

> I get a good response now, with Produced At Oct 14 19:18:25 2022
>
> -george
>
> Sent from my iPhone
>
> > On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages <
> outages@outages.org> wrote:
> >
> > ?Firefox says:
> >
> > Secure Connection Failed
> >
> > An error occurred during a connection to paypal.com. Peer’s Certificate
> has been revoked.
> >
> > Error code: SEC_ERROR_REVOKED_CERTIFICATE
> >
> > OCSP checker says:
> >
> > https://www.certificatetools.com/ocsp-checker
> >
> > Domain Name(s) paypal.com, paypal-workplace.com, xoom-experience.com,
> buyindiaonline.com, paypal-experience.com, xoom.com, venmo-experience.com,
> sandbox.paypal.com, paypal.me, cash2india.com
> > OCSP URI http://ocsp.digicert.com
> > Next Update Oct 21 18:12:02 2022 GMT
> > This Update Oct 14 18:57:02 2022 GMT
> > Cert Status revoked
> > Produced At Oct 14 19:13:05 2022 GMT
> > Response Type Basic OCSP Response
> > OCSP Response Status successful (0x0)
> > OpenSSL Command openssl ocsp -sha1 -issuer ca.crt -cert
> cert.crt -header host=ocsp.digicert.com -url http://ocsp.digicert.com
> -text -CAfile ca.crt -no_nonce
> > _______________________________________________
> > Outages mailing list
> > Outages@outages.org
> > https://puck.nether.net/mailman/listinfo/outages
> _______________________________________________
> Outages mailing list
> Outages@outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
Re: paypal.com certificate revoked? [ In reply to ]
outages at outages
Oct 14, 2022, 3:42 PM
Post #5 of 5 (421 views)
Permalink
ok, paypal.com 302s to www.paypal.com


# curl -I https://paypal.com
HTTP/1.1 302 Moved Temporarily
Content-Type: text/html
Content-Length: 161
Connection: keep-alive
Location: https://www.paypal.com/
Strict-Transport-Security: max-age=31536000; includeSubDomains

So firefox must be checking the cert first before the redirect.

But other browsers may be processing the 302 THEN checking and seeing
the valid www.paypal.com

-bill

On 10/14/22 3:23 PM, Alex Cohn via Outages wrote:
> I'm getting a "revoked" OCSP response for the cert currently used by
> paypal.com <http://paypal.com>, but a good response for www.paypal.com
> <http://www.paypal.com>. The naked domain is using OCSP stapling and
> is serving an older valid response, which is probably why it's still
> working even on browsers that are configured to check for certificate
> revocation.
>
> The two certificates are https://crt.sh/?id=7746738574 (revoked, used
> by paypal.com <http://paypal.com>) and https://crt.sh/?id=7754586913
> (valid, used by www.paypal.com <http://www.paypal.com>).
>
> -Alex
>
> On Fri, Oct 14, 2022 at 5:14 PM George Herbert via Outages
> <outages@outages.org> wrote:
>
> I get a good response now, with Produced At Oct 14 19:18:25 2022
>
> -george
>
> Sent from my iPhone
>
> > On Oct 14, 2022, at 2:43 PM, Chuck Anderson via Outages
> <outages@outages.org> wrote:
> >
> > ?Firefox says:
> >
> > Secure Connection Failed
> >
> > An error occurred during a connection to paypal.com
> <http://paypal.com>. Peer’s Certificate has been revoked.
> >
> > Error code: SEC_ERROR_REVOKED_CERTIFICATE
> >
> > OCSP checker says:
> >
> > https://www.certificatetools.com/ocsp-checker
> >
> > Domain Name(s) paypal.com <http://paypal.com>,
> paypal-workplace.com <http://paypal-workplace.com>,
> xoom-experience.com <http://xoom-experience.com>,
> buyindiaonline.com <http://buyindiaonline.com>,
> paypal-experience.com <http://paypal-experience.com>, xoom.com
> <http://xoom.com>, venmo-experience.com
> <http://venmo-experience.com>, sandbox.paypal.com
> <http://sandbox.paypal.com>, paypal.me <http://paypal.me>,
> cash2india.com <http://cash2india.com>
> > OCSP URI http://ocsp.digicert.com
> > Next Update    Oct 21 18:12:02 2022 GMT
> > This Update    Oct 14 18:57:02 2022 GMT
> > Cert Status    revoked
> > Produced At    Oct 14 19:13:05 2022 GMT
> > Response Type    Basic OCSP Response
> > OCSP Response Status  successful (0x0)
> > OpenSSL Command          openssl ocsp -sha1 -issuer ca.crt -cert
> cert.crt -header host=ocsp.digicert.com <http://ocsp.digicert.com>
> -url http://ocsp.digicert.com -text -CAfile ca.crt -no_nonce
> > _______________________________________________
> > Outages mailing list
> > Outages@outages.org
> > https://puck.nether.net/mailman/listinfo/outages
> _______________________________________________
> Outages mailing list
> Outages@outages.org
> https://puck.nether.net/mailman/listinfo/outages
>
>
> _______________________________________________
> Outages mailing list
> Outages@outages.org
> https://puck.nether.net/mailman/listinfo/outages

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal