: Example of live site with trusted, signed but revoked certificate? I'm drawing up some documentation for users with the intent on educating them on certificate revocation. I would like to include

@Moriarity557

I have just tried to log-in to this website for a legitimate, large British insurance company and their certificate is invalid:
www.axa.co.uk/insurance/myaxaspace (12:02 GMT, 10th April 2011)

Firefox says that the certificate is "not trusted because no issuer chain was provided", but I'm not sure if this is what you're after.

Vote Up Vote Down

@Welton855

The revoked certificate of Mozilla Addons and its corresponding keyfiles are available in the wild. So you could test it yourself. For this experiment, you need to point the addons.mozilla.org domain to the IP address of your test server.

The private key file is 27 lines long and can be found at erratasec.blogspot.com/2011/03/verifying-comodo-hackers-key.html. The certifate can be downloaded from www.multiupload.com/J9I8NFWPT0.
If you're running a server on your local machine (localhost), change the hosts file, so addons.mozilla.org points to 127.0.0.1. Use the key and certificate files above for your server.

Instructions using the openssl command on Ubuntu/Linux:


Put the keyfile in moz.pem and the certificate in moz.crt.
Add 127.0.0.1 addons.mozilla.org to /etc/hosts
Start a HTTPS server using the openssl s_server command:

sudo openssl s_server -cert moz.crt -key moz.pem -accept 443 -www

Go to your browser and take screenshots, copy text, etc.
When done, remove the entry from /etc/hosts.


An (tested) Linux shell script can be found at pastebin.com/DRE32SFR. Download it and execute it as root (required for binding to port 443 and editing /etc/hosts)

The next screenshots below are taken on Ubuntu 10.10 in Mozilla Firefox (without the patch) using the above instructions.

Firefox with CRL's enabled gives a warning:


Opening Firefox with CRL checking disabled to simulate an unreachable CRL server opens the page without a gasp:

Vote Up Vote Down