Message-ID:

7 May, 2024: fms is rebuilding. Don't expect much in that section for quite a few days, maybe longer.

computers / alt.os.linux.mint / firefox security oddity

firefox security oddity

<upt7if$sag7$1@dont-email.me>

https://www.rocksolidbbs.com/computers/article-flat.php?id=7591&group=alt.os.linux.mint#7591

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: usenet.16@scottsonline.org.uk.invalid (Mike Scott)
Newsgroups: alt.os.linux.mint
Subject: firefox security oddity
Date: Tue, 6 Feb 2024 12:09:51 +0000
Organization: Scott family
Lines: 27
Message-ID: <upt7if$sag7$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 6 Feb 2024 12:09:51 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="fe1a0b0e18e9b780f5d04b223b762263";
logging-data="928263"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18kC0pNXLu0oFQu8+Tj8yE6I2iiH9D95OM="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:QVebqQTvbXfGjUhcoLHX8fdtSqg=
Content-Language: en-GB

by: Mike Scott - Tue, 6 Feb 2024 12:09 UTC

Hi all.

For one particular website, I find firefox refuses sometimes to load
pages, claiming "Peer’s Certificate has been revoked".

This seems to occur a bit intermittently - sometimes a page from the
site will load, but then reloading will cause the error.

OTOH chromium will load the site, although it moans about some scripts
and styles being on http and refuses to use those (the site as a whole
loads though).

Website in question is https://www.churchlangleychurch.org/ and I've
spoken to one of the maintainers who says he believes the security cert
is current.

Can anyone shed light on this behaviour please?

Thanks.

(ff 122.0 under mint, but it also happens with firefox running under
win10, so it seems not to be OS-related.)

--
Mike Scott
Harlow, England

Re: firefox security oddity

<SupwN.341371$xHn7.183941@fx14.iad>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7592&group=alt.os.linux.mint#7592

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx14.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.13.0
Reply-To: Nic@none.invalid
Subject: Re: firefox security oddity
Content-Language: en-US
Newsgroups: alt.os.linux.mint
References: <upt7if$sag7$1@dont-email.me>
From: Nic@none.invalid (Nic)
Organization: Arm Chair Observer
In-Reply-To: <upt7if$sag7$1@dont-email.me>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 39
Message-ID: <SupwN.341371$xHn7.183941@fx14.iad>
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Tue, 06 Feb 2024 12:21:06 UTC
Date: Tue, 6 Feb 2024 07:21:06 -0500
X-Received-Bytes: 2093

by: Nic - Tue, 6 Feb 2024 12:21 UTC

On 2/6/24 7:09 AM, Mike Scott wrote:
> Hi all.
>
> For one particular website, I find firefox refuses sometimes to load
> pages, claiming "Peer’s Certificate has been revoked".
>
> This seems to occur a bit intermittently - sometimes a page from the
> site will load, but then reloading will cause the error.
>
> OTOH chromium will load the site, although it moans about some scripts
> and styles being on http and refuses to use those (the site as a whole
> loads though).
>
> Website in question is https://www.churchlangleychurch.org/ and I've
> spoken to one of the maintainers who says he believes the security
> cert is current.
>
>
> Can anyone shed light on this behaviour please?
>
> Thanks.
>
> (ff 122.0 under mint, but it also happens with firefox running under
> win10, so it seems not to be OS-related.)
>
This what I Get

Secure Connection Failed

An error occurred during a connection to www.churchlangleychurch.org.
Peer’s Certificate has been revoked.

Error code: SEC_ERROR_REVOKED_CERTIFICATE

The page you are trying to view cannot be shown because the
authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.

FF 116.0.3 (64-bit)

Re: firefox security oddity

<upt9on$smco$1@dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7593&group=alt.os.linux.mint#7593

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: alan@invalid.com (Big Al)
Newsgroups: alt.os.linux.mint
Subject: Re: firefox security oddity
Date: Tue, 6 Feb 2024 07:47:19 -0500
Organization: A noiseless patient Spider
Lines: 60
Message-ID: <upt9on$smco$1@dont-email.me>
References: <upt7if$sag7$1@dont-email.me> <SupwN.341371$xHn7.183941@fx14.iad>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 6 Feb 2024 12:47:19 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="94a0cfafeccd0f61ff246797a9075572";
logging-data="940440"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/VG4WB7yDTSFyMOxuWi0iiIsz2tslo4Pg="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:HH/NoswbWT1U2fHwIg+A3q8hAh8=
Content-Language: en-US
In-Reply-To: <SupwN.341371$xHn7.183941@fx14.iad>

by: Big Al - Tue, 6 Feb 2024 12:47 UTC

On 2/6/24 07:21 AM, Nic wrote:
> On 2/6/24 7:09 AM, Mike Scott wrote:
>> Hi all.
>>
>> For one particular website, I find firefox refuses sometimes to load pages, claiming "Peer’s
>> Certificate has been revoked".
>>
>> This seems to occur a bit intermittently - sometimes a page from the site will load, but then
>> reloading will cause the error.
>>
>> OTOH chromium will load the site, although it moans about some scripts and styles being on http
>> and refuses to use those (the site as a whole loads though).
>>
>> Website in question is https://www.churchlangleychurch.org/ and I've spoken to one of the
>> maintainers who says he believes the security cert is current.
>>
>>
>> Can anyone shed light on this behaviour please?
>>
>> Thanks.
>>
>> (ff 122.0 under mint, but it also happens with firefox running under win10, so it seems not to be
>> OS-related.)
>>
> This what I Get
>
> Secure Connection Failed
>
> An error occurred during a connection to www.churchlangleychurch.org. Peer’s Certificate has been
> revoked.
>
> Error code: SEC_ERROR_REVOKED_CERTIFICATE
>
> The page you are trying to view cannot be shown because the authenticity of the received data
> could not be verified.
> Please contact the website owners to inform them of this problem.
>
> FF 116.0.3 (64-bit)
A drilldown on the small icon in the url bar allows inspection of page info.

Website Identity:
Owner: This website does not supply ownership information.

Tech Details:
Connection Not Encrypted
The page you are viewing was not encrypted before being transmitted over the Internet.
Information sent over the Internet without encryption can be seen by other people whit it is in
transit.
A help Button with this link:
https://support.mozilla.org/en-US/kb/firefox-page-info-window?as=u&utm_source=inproduct&redirectslug=Page+Info+window&redirectlocale=en-US#Security

(long link wraps)

Really does look like the website owner is not doing something right, or doesn't have total control
of site. Maybe he farms it out and doesn't really do more than content.
--
Linux Mint 21.2 Cinnamon
Al

Re: firefox security oddity

<upthqv$1et4j$1@solani.org>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7594&group=alt.os.linux.mint#7594

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!rocksolid2!news.neodome.net!weretis.net!feeder8.news.weretis.net!reader5.news.weretis.net!news.solani.org!.POSTED!not-for-mail
From: Monsieur@notreal.invalid (Monsieur)
Newsgroups: alt.os.linux.mint
Subject: Re: firefox security oddity
Date: Tue, 6 Feb 2024 16:05:02 +0100
Message-ID: <upthqv$1et4j$1@solani.org>
References: <upt7if$sag7$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 6 Feb 2024 15:05:03 -0000 (UTC)
Injection-Info: solani.org;
logging-data="1537171"; mail-complaints-to="abuse@news.solani.org"
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
Firefox/91.0 SeaMonkey/2.53.18.1
Cancel-Lock: sha1:0XzyArrraOYGrq75VSczmrsGCUI=
X-User-ID: eJwNwgcRwDAMBDBK3gNOnI/5Q2h1cg2OmxYe5usr7WKg1hqQvWsoTd46L4fQ3jio/g+pMOoDEnYQ5Q==
In-Reply-To: <upt7if$sag7$1@dont-email.me>

by: Monsieur - Tue, 6 Feb 2024 15:05 UTC

Mike Scott wrote:
> Hi all.
>
> For one particular website, I find firefox refuses sometimes to load
> pages, claiming "Peer’s Certificate has been revoked".
>
> This seems to occur a bit intermittently - sometimes a page from the
> site will load, but then reloading will cause the error.
>
> OTOH chromium will load the site, although it moans about some scripts
> and styles being on http and refuses to use those (the site as a whole
> loads though).
>
> Website in question is https://www.churchlangleychurch.org/ and I've
> spoken to one of the maintainers who says he believes the security cert
> is current.
>
>
> Can anyone shed light on this behaviour please?

The site does work in Opera with the VPN activated. All my other
browsers (LibreWolf, Seamonkey, Vivaldi) refuse the connection too.

Re: firefox security oddity

<uptn6r$vbu9$1@dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7595&group=alt.os.linux.mint#7595

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: gklein@parvos.nl (Gertjan Klein)
Newsgroups: alt.os.linux.mint
Subject: Re: firefox security oddity
Date: Tue, 6 Feb 2024 17:36:42 +0100
Organization: A noiseless patient Spider
Lines: 53
Message-ID: <uptn6r$vbu9$1@dont-email.me>
References: <upt7if$sag7$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 6 Feb 2024 16:36:43 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="5f015c4ea170281a93da7b76c9388fef";
logging-data="1028041"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19PDbLx5BBvXT0DgRk3iatV"
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:XfXjlWrUAZNcyMLoP1bQpD/4Wm4=
In-Reply-To: <upt7if$sag7$1@dont-email.me>
Content-Language: nl, en-US

by: Gertjan Klein - Tue, 6 Feb 2024 16:36 UTC

06-02-2024 om 13:09; Mike Scott:
> For one particular website, I find firefox refuses sometimes to load
> pages, claiming "Peer’s Certificate has been revoked".

The intermittent bit is surprising. Perhaps some pages were in cache?

> Website in question is https://www.churchlangleychurch.org/ and I've
> spoken to one of the maintainers who says he believes the security cert
> is current.

It is, in that it's not expired.

If you're on Linux you can do some digging. First, use OpenSSL to check
the certificate by connecting to the site:

$ openssl s_client -showcerts -servername www.churchlangleychurch.org
-connect www.churchlangleychurch.org:443 </dev/null

This gives lots of output, and everything appears to be in order. The
site certificate is shown in .pem format; copy that to a file (say
cert.pem), and display its contents to determine the certificate serial
number and revocation list location:

$ openssl x509 -noout -text -in cert.pem
[...]
Serial Number: 5158205243980326711 (0x4795a0570e012737)
[...]
Validity
Not Before: Apr 5 07:53:28 2023 GMT
Not After : May 6 07:53:28 2024 GMT
[...]
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.starfieldtech.com/sfig2s1-558.crl
[...]

Now we can check whether the certificate is revoked:

$ openssl crl -noout -text -in
http://crl.starfieldtech.com/sfig2s1-558.crl | grep -iA 4 4795a0570e012737
Serial Number: 4795A0570E012737
Revocation Date: Apr 8 13:22:23 2023 GMT
CRL entry extensions:
X509v3 CRL Reason Code:
Superseded

So, this certificate is indeed revoked, 3 days after its validity start
date, and the reason is "Superseded". Could it be that a new version of
the certificate has been issued, but not implemented properly?

Regards,
Gertjan.

Re: firefox security oddity

<upu6c5$1246r$1@dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7596&group=alt.os.linux.mint#7596

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@needed.invalid (Paul)
Newsgroups: alt.os.linux.mint
Subject: Re: firefox security oddity
Date: Tue, 6 Feb 2024 15:55:30 -0500
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <upu6c5$1246r$1@dont-email.me>
References: <upt7if$sag7$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 6 Feb 2024 20:55:33 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="0f794f504f3441f979fd8e319d1bf91b";
logging-data="1118427"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+iLa1iy3oA2XLYrrDv4BP1Cus8EYgI34w="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:B0dBbvGxMLZqt5wV6nKRtm8HN1M=
In-Reply-To: <upt7if$sag7$1@dont-email.me>
Content-Language: en-US

by: Paul - Tue, 6 Feb 2024 20:55 UTC

On 2/6/2024 7:09 AM, Mike Scott wrote:
> Hi all.
>
> For one particular website, I find firefox refuses sometimes to load pages, claiming "Peer’s Certificate has been revoked".
>
> This seems to occur a bit intermittently - sometimes a page from the site will load, but then reloading will cause the error.
>
> OTOH chromium will load the site, although it moans about some scripts and styles being on http and refuses to use those (the site as a whole loads though).
>
> Website in question is https://www.churchlangleychurch.org/ and I've spoken to one of the maintainers who says he believes the security cert is current.
>
>
> Can anyone shed light on this behaviour please?
>
> Thanks.
>
> (ff 122.0 under mint, but it also happens with firefox running under win10, so it seems not to be OS-related.)
>

A site owner, can get a hint here.

https://www.ssllabs.com/ssltest/analyze.html?d=churchlangleychurch.org

Issuer Starfield Secure Certificate Authority - G2
AIA: http://certificates.starfieldtech.com/repository/sfig2.crt

Revocation status Revoked INSECURE

Trusted No NOT TRUSTED (Why?)
Mozilla Apple Android Java Windows <=== trust failure, on these platforms

Paul

Re: firefox security oddity

<UGxwN.342722$xHn7.266661@fx14.iad>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7597&group=alt.os.linux.mint#7597

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!news.hispagatos.org!news.nntp4.net!weretis.net!feeder8.news.weretis.net!newsreader4.netcologne.de!news.netcologne.de!peer03.ams1!peer.ams1.xlned.com!news.xlned.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx14.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.13.0
Reply-To: Nic@none.invalid
Subject: Re: firefox security oddity
Newsgroups: alt.os.linux.mint
References: <upt7if$sag7$1@dont-email.me> <upu6c5$1246r$1@dont-email.me>
Content-Language: en-US
From: Nic@none.invalid (Nic)
Organization: Arm Chair Observer
In-Reply-To: <upu6c5$1246r$1@dont-email.me>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 49
Message-ID: <UGxwN.342722$xHn7.266661@fx14.iad>
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Tue, 06 Feb 2024 21:40:04 UTC
Date: Tue, 6 Feb 2024 16:40:04 -0500
X-Received-Bytes: 2585

by: Nic - Tue, 6 Feb 2024 21:40 UTC

On 2/6/24 3:55 PM, Paul wrote:
> On 2/6/2024 7:09 AM, Mike Scott wrote:
>> Hi all.
>>
>> For one particular website, I find firefox refuses sometimes to load pages, claiming "Peer’s Certificate has been revoked".
>>
>> This seems to occur a bit intermittently - sometimes a page from the site will load, but then reloading will cause the error.
>>
>> OTOH chromium will load the site, although it moans about some scripts and styles being on http and refuses to use those (the site as a whole loads though).
>>
>> Website in question is https://www.churchlangleychurch.org/ and I've spoken to one of the maintainers who says he believes the security cert is current.
>>
>>
>> Can anyone shed light on this behaviour please?
>>
>> Thanks.
>>
>> (ff 122.0 under mint, but it also happens with firefox running under win10, so it seems not to be OS-related.)
>>
> A site owner, can get a hint here.
>
> https://www.ssllabs.com/ssltest/analyze.html?d=churchlangleychurch.org
>
> Issuer Starfield Secure Certificate Authority - G2
> AIA: http://certificates.starfieldtech.com/repository/sfig2.crt
>
> Revocation status Revoked INSECURE
>
> Trusted No NOT TRUSTED (Why?)
> Mozilla Apple Android Java Windows <=== trust failure, on these platforms
>
> Paul
When I search for

Starfield Secure Certificate Authority, I get

C=US
ST=Arizona
L=Scottsdale
O=Starfield Technologies, Inc.
CN=Starfield Root Certificate Authority - G2

Maybe someday the inquiring roving eye can look into the lives of the
people who make up Starfield Authorities.

Starfield Secure Certificate Authority

Re: firefox security oddity

<4WxwN.142186$taff.134379@fx41.iad>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7598&group=alt.os.linux.mint#7598

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!nntp.comgw.net!peer03.ams4!peer.am4.highwinds-media.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!fx41.iad.POSTED!not-for-mail
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
Thunderbird/102.13.0
Reply-To: Nic@none.invalid
Subject: Re: firefox security oddity
Content-Language: en-US
Newsgroups: alt.os.linux.mint
References: <upt7if$sag7$1@dont-email.me> <upu6c5$1246r$1@dont-email.me>
<UGxwN.342722$xHn7.266661@fx14.iad>
From: Nic@none.invalid (Nic)
Organization: Arm Chair Observer
In-Reply-To: <UGxwN.342722$xHn7.266661@fx14.iad>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Lines: 113
Message-ID: <4WxwN.142186$taff.134379@fx41.iad>
X-Complaints-To: abuse(at)newshosting.com
NNTP-Posting-Date: Tue, 06 Feb 2024 21:56:16 UTC
Date: Tue, 6 Feb 2024 16:56:16 -0500
X-Received-Bytes: 4467

by: Nic - Tue, 6 Feb 2024 21:56 UTC

On 2/6/24 4:40 PM, Nic wrote:
> On 2/6/24 3:55 PM, Paul wrote:
>> On 2/6/2024 7:09 AM, Mike Scott wrote:
>>> Hi all.
>>>
>>> For one particular website, I find firefox refuses sometimes to load
>>> pages, claiming "Peer’s Certificate has been revoked".
>>>
>>> This seems to occur a bit intermittently - sometimes a page from the
>>> site will load, but then reloading will cause the error.
>>>
>>> OTOH chromium will load the site, although it moans about some
>>> scripts and styles being on http and refuses to use those (the site
>>> as a whole loads though).
>>>
>>> Website in question is https://www.churchlangleychurch.org/ and I've
>>> spoken to one of the maintainers who says he believes the security
>>> cert is current.
>>>
>>>
>>> Can anyone shed light on this behaviour please?
>>>
>>> Thanks.
>>>
>>> (ff 122.0 under mint, but it also happens with firefox running under
>>> win10, so it seems not to be OS-related.)
>>>
>> A site owner, can get a hint here.
>>
>> https://www.ssllabs.com/ssltest/analyze.html?d=churchlangleychurch.org
>>
>>     Issuer       Starfield Secure Certificate Authority - G2
>>     AIA: http://certificates.starfieldtech.com/repository/sfig2.crt
>>
>>     Revocation status    Revoked   INSECURE
>>
>>     Trusted              No   NOT TRUSTED (Why?)
>>                               Mozilla Apple Android Java Windows
>> <=== trust failure, on these platforms
>>
>>    Paul
> When I search for
>
> Starfield Secure Certificate Authority, I get
>
> C=US
> ST=Arizona
> L=Scottsdale
> O=Starfield Technologies, Inc.
> CN=Starfield Root Certificate Authority - G2
>
> Maybe someday the inquiring roving eye can look into the lives of the
> people who make up Starfield Authorities.
>
> Starfield Secure Certificate Authority
>
> Starfield Secure Certificate Authority
>
https://ssl-tools.net/subjects/14c0f884650ebfb1564d3da153a0d7f1c7c670a8
Experts and authorities can explain everything.

Fingerprints: |9565b778c8| |b51c067cee|

Issuer:
OU=Starfield Class 2 Certification Authority,O=Starfield
Technologies\, Inc.,C=US
CN=Starfield Root Certificate Authority - G2,O=Starfield
Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US
Serial:
3740804
0
Not valid before:
2014-01-01 07:00:00 UTC
2009-09-01 00:00:00 UTC
Not valid after:
2031-05-30 07:00:00 UTC
2037-12-31 23:59:59 UTC
Key size:
2048
Signature Algorithm:
sha256WithRSAEncryption

basicConstraints:
CA:TRUE
keyUsage:
Certificate Sign, CRL Sign
subjectKeyIdentifier:
7C:0C:32:1F:A7:D9:30:7F:C4:7D:68:A3:62:A8:A1:CE:AB:07:5B:27
authorityKeyIdentifier:
keyid:BF:5F:B7:D1:CE:DD:1F:86:F4:5B:55:AC:DC:D7:10:C2:0E:A9:88:E7
authorityInfoAccess:
OCSP - URI:http://ocsp.starfieldtech.com/
crlDistributionPoints:
Full Name: URI:http://crl.starfieldtech.com/sfroot.crl
certificatePolicies:
Policy: X509v3 Any Policy CPS:
https://certs.starfieldtech.com/repository/

Certificates

Fingerprint Issuer Serial Public Key Download Tools
9565b778c8a50eb4fefd45c8a658dde2411ead0a Starfield Class 2
Certification Authority
<https://ssl-tools.net/subjects/8bc19e845b981d61cf5469211a68b8e311336d90>
3740804 9565b778c8

b51c067cee2b0c3df855ab2d92f4fe39d4e70f0e self signed 0
b51c067cee

Graph

Re: firefox security oddity

<upvl3q$1citp$1@dont-email.me>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7599&group=alt.os.linux.mint#7599

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: usenet.16@scottsonline.org.uk.invalid (Mike Scott)
Newsgroups: alt.os.linux.mint
Subject: Re: firefox security oddity
Date: Wed, 7 Feb 2024 10:13:14 +0000
Organization: Scott family
Lines: 62
Message-ID: <upvl3q$1citp$1@dont-email.me>
References: <upt7if$sag7$1@dont-email.me> <upu6c5$1246r$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Wed, 7 Feb 2024 10:13:14 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="1f132880b2e4f99fc55b8c128f1cfb7a";
logging-data="1461177"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/f26JInX32v7yuNdAlIycurLnTf/zsTyA="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:/QjEu+/MwVAS9aZLRCYssfDhsPQ=
In-Reply-To: <upu6c5$1246r$1@dont-email.me>
Content-Language: en-GB

by: Mike Scott - Wed, 7 Feb 2024 10:13 UTC

On 06/02/2024 20:55, Paul wrote:
> On 2/6/2024 7:09 AM, Mike Scott wrote:
>> Hi all.
>>
>> For one particular website, I find firefox refuses sometimes to load pages, claiming "Peer’s Certificate has been revoked".
>>
>> This seems to occur a bit intermittently - sometimes a page from the site will load, but then reloading will cause the error.
>>
>> OTOH chromium will load the site, although it moans about some scripts and styles being on http and refuses to use those (the site as a whole loads though).
>>
>> Website in question is https://www.churchlangleychurch.org/ and I've spoken to one of the maintainers who says he believes the security cert is current.
>>
>>
>> Can anyone shed light on this behaviour please?
>>
>> Thanks.
>>
>> (ff 122.0 under mint, but it also happens with firefox running under win10, so it seems not to be OS-related.)
>>
>
> A site owner, can get a hint here.
>
> https://www.ssllabs.com/ssltest/analyze.html?d=churchlangleychurch.org
>
> Issuer Starfield Secure Certificate Authority - G2
> AIA: http://certificates.starfieldtech.com/repository/sfig2.crt
>
> Revocation status Revoked INSECURE
>
> Trusted No NOT TRUSTED (Why?)
> Mozilla Apple Android Java Windows <=== trust failure, on these platforms
>
> Paul

My thanks to all for responses, and especially to you and to Gertjan for
the concrete information.

I've taken a look (although to my decades out-of-date knowledge it's all
a tad complex) and passed the info back to the site maintainers (who are
possible worse of than I in that respect).

Two questions though:

I'm not clear what
> Trusted No NOT TRUSTED (Why?)
> Mozilla Apple Android Java Windows
<=== trust failure, on these platforms

implies.

And how come it all works /sometimes/? If the cert is dead, should https
not fail solidly?

Thanks again.

--
Mike Scott
Harlow, England

Re: firefox security oddity

<slrnus6mjh.2h7.dan@djph.net>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=7600&group=alt.os.linux.mint#7600

copy link Newsgroups: alt.os.linux.mint

Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: dan@djph.net (Dan Purgert)
Newsgroups: alt.os.linux.mint
Subject: Re: firefox security oddity
Date: Wed, 7 Feb 2024 10:24:49 -0000 (UTC)
Organization: A noiseless patient Spider
Lines: 15
Message-ID: <slrnus6mjh.2h7.dan@djph.net>
References: <upt7if$sag7$1@dont-email.me> <upu6c5$1246r$1@dont-email.me>
<upvl3q$1citp$1@dont-email.me>
Injection-Date: Wed, 7 Feb 2024 10:24:49 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="da4f0619a788f67e104d3c4d80ac925d";
logging-data="1462855"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19kXgtw89sdVpd1IwsWDkMQlJ1kUJA/J78="
User-Agent: slrn/1.0.3 (Linux)
Cancel-Lock: sha1:sT7obO7hc0H8ooLta739+Rf+4Wk=

by: Dan Purgert - Wed, 7 Feb 2024 10:24 UTC

Subject	Author
firefox security oddity	Mike Scott
Re: firefox security oddity	Nic
Re: firefox security oddity	Big Al
Re: firefox security oddity	Monsieur
Re: firefox security oddity	Gertjan Klein
Re: firefox security oddity	Paul
Re: firefox security oddity	Nic
Re: firefox security oddity	Nic
Re: firefox security oddity	Mike Scott
Re: firefox security oddity	Dan Purgert