3

One of my client's is having a problem that is vexing both their system admin and godaddy support, who say that everything is correct and this error should not be happening. Their SSL certificate is valid and seems to be correctly installed:

http://www.sslshopper.com/ssl-checker.html#hostname=moocho.com

It also works find on IE and Chrome. However, on firefox users are getting this error (firefox 7 users seem to get the error on every single page load):

Firefox SSL Error

Relevant History: Last week (about 7-10 days ago) they were using a different certificate that was revoked. However, they received a new SSL Cert on 9/5 or 9/6, and this is the one that is currently installed.

I think this might have something to do with the OCSP service that firefox uses to check certificate authenticity. Could that service have cached data from when the old cert was revoked, and hence still be reporting that moocho.com has a revoked cert? If so, is there any way to fix this problem?

If not, what is causing this error?

Thanks!

Jonah
  • 15,806
  • 22
  • 87
  • 161
  • I don't think this will end up being the solution in this case, but to eliminate the possibility, have you checked the client machine's system date? – Pekka Sep 11 '11 at 16:14
  • I always use wireshark to diagnose network problems. You can see the SSL client hello, see the server response with the certificate, see the OCSP protocol, and so on. It should allow you to pinpoint the problem. – President James K. Polk Sep 12 '11 at 02:15
  • I just went there with IE, FF 6.0.2 on Mac Snow Leopard, and Chrome on Snow Leopard and each one said "revoked certificate". With wireshark I see no OCSP protocol occurring, but instead a 375k byte CRL is being downloaded, and then the revocation message appears. – President James K. Polk Sep 12 '11 at 02:48

1 Answers1

5

This is not a false positive. If you look at the warning message closely, it refers to moochomoocho.com, not moocho.com. The certificate on https://moochomoocho.com/ is indeed revoked and other browsers show it as well. The fact that you don't see a warning in other browsers might be because the only content being loaded from moochomoocho.com is the favicon of the page - other browsers drop it silently instead of alerting the user.

Wladimir Palant
  • 56,865
  • 12
  • 98
  • 126