PHP :: Bug #65965 :: *.php.net uses revoked SSL certificate

Bug #65965	*.php.net uses revoked SSL certificate
Submitted:	2013-10-25 09:43 UTC	Modified:	2013-10-27 02:01 UTC
From:	thoger at redhat dot com	Assigned:	bjori (profile)
Status:	Closed	Package:	Website problem
PHP Version:	Irrelevant	OS:
Private report:	No	CVE-ID:	None

View Developer Edit

Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.

Password:

Status:
Package:
Bug Type:
Summary:
From:	thoger at redhat dot com
New email:
PHP Version:		OS:

New Comment:

[2013-10-25 09:43 UTC] thoger at redhat dot com

Description:
------------
SSL certificates used by php.net sites that use https (e.g. bugs or wiki) has been revoked by issuing CA.

Test script:
---------------
Connect to https://bugs.php.net or https://wiki.php.net with a browser with OCSP checks enabled (e.g. in Firefox, see Preferences -> Advanced -> Certificates -> Validation).  Firefox reports:

  Peer's Certificate has been revoked.
  (Error code: sec_error_revoked_certificate)


Alternatively:

$ openssl x509 -in php.net.crt -subject -issuer -serial -dates -noout
subject= /OU=Domain Control Validated/OU=PositiveSSL Wildcard/CN=*.php.net
issuer= /C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA Limited/CN=PositiveSSL CA 2
serial=8F7A08C3AACA243CE107AC4842C1E89F
notBefore=Jun  3 00:00:00 2013 GMT
notAfter=Jun  2 23:59:59 2016 GMT

$ wget http://crl.comodoca.com/PositiveSSLCA2.crl

$ openssl crl -in PositiveSSLCA2.crl -inform DER -text | grep -A1 8F7A08C3AACA243CE107AC4842C1E89F
    Serial Number: 8F7A08C3AACA243CE107AC4842C1E89F
        Revocation Date: Oct 25 01:11:59 2013 GMT

$ openssl ocsp -issuer PositiveSSLCA2.pem.crt -cert php.net.crt -url http://ocsp.usertrust.com 
php.net.crt: revoked
	This Update: Oct 25 01:13:02 2013 GMT
	Next Update: Oct 29 01:13:02 2013 GMT
	Revocation Time: Oct 25 01:11:59 2013 GMT

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports

[2013-10-25 10:12 UTC] thoger at redhat dot com

Sorry, I missed this:
http://php.net/archive/2013.php#id2013-10-24-2

[2013-10-26 11:33 UTC] dyctator at hotmail dot com

From http://php.net/archive/2013.php#id2013-10-24-2

"We are in the process of getting a new certificate, and expect to restore access to php.net sites that require SSL (including bugs.php.net and wiki.php.net)"

https://edit.php.net/ is also affected (Only Firefox).

[2013-10-27 02:01 UTC] bjori@php.net

-Status: Open +Status: Closed -Assigned To: +Assigned To: bjori

[2013-10-27 02:01 UTC] bjori@php.net

Yes, the certificate was revoked by our request.

	php.net \| support \| documentation \| report a bug \| advanced search \| search howto \| statistics \| random bug \| login
go to bug id or search bugs for


Copyright © 2001-2024 The PHP Group All rights reserved.	Last updated: Sat Dec 21 12:01:31 2024 UTC