I have at least one expired cert on a web site I can use for testing,
but that doesn't seem to be what you want. You want something
specifically marked as revoked, right?
So I just went to zerossl.com (what I use) and issued a revoke for a
cert. Zerossl's web site marks it as revoked. Of course that doesn't
affect the use of that cert on the web site, so I basically don't
understand what the use of "revoked" might be. If zerossl DID mark the
actual certificate file/key, I'll never know because there's no option
to download once revoked.
And just do Darren doesn't banish me, these are certs running on an x86
Linux box under my desk, but I'm thinking of moving them to a new z16.
It will have to be the new AGZ rack-mount in order to fit under my desk.
On 9/19/2023 3:37 PM, Charles Mills wrote:
Does anyone know of a server URL that will present a revoked certificate (for
my testing purposes)?
There are several that a Google search turns up but
- https://revoked.badssl.com/ is expired and expired certificates are never
revoked
- https://www.digicert.com/kb/digicert-root-certificates.htm has a bunch of
revoked test URLs but my client fails on the SNI name, not on revocation. I
guess I could add an option to make SNI optional but I would rather not do that.
Does anyone have another test site?
You should be able to test it with any browser (assuming it is an https site). If you try
to open the URL in your browser you should get a "revoked" error.
Thanks!
Charles
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
