Firefox says Peer's Certificate has been revoked
mdounin at mdounin.ru
Tue Dec 21 03:00:03 MSK 2010
On Mon, Dec 20, 2010 at 01:29:08PM -0800, David Newman wrote:
> When attempting https connections to the server mail.cvcbike.org that
> previously ran Apache and now runs nginx with the same certs, Firefox
> browsers return this error:
> Peer's Certificate has been revoked.
> (Error code: sec_error_revoked_certificate)
> Other browsers (IE, Safari, Chrome) work without errors, and this
> previously worked with Apache.
Most likely in other browsers you've disabled (or not enabled,
and it's not enabled by default) certificate revocation checking.
> # openssl x509 -noout -text -in server.crt
> Version: 3 (0x2)
> Serial Number:
> Not Before: Nov 23 20:13:13 2009 GMT
> Not After : Oct 14 14:03:22 2012 GMT
> Subject: O=mail3.networktest.com, OU=Domain Control Validated,
> X509v3 CRL Distribution Points:
It looks like revocation list in question includes this
$ openssl crl -text -noout -inform DER -in gds1-11.crl
Serial Number: A47872A44CB2
Revocation Date: Jan 19 04:12:03 2010 GMT
CRL entry extensions:
X509v3 CRL Reason Code:
Cessation Of Operation
So your cert was revoked almost a year ago. I would worry about
browsers where it works - as it shouldn't.
More information about the nginx