Revoked SSL certificateSSL Error - unable to read server certificate from fileSSL Certificate Warning with UCC Certificate and Multiple SANsCurl: unable to get local issuer certificate. How to debug?CA certificate trouble with Squid on CentOS7SSL certificate working in chrome but not openssl s_client or curlZevenet Load Balancer - SSL CertificateNginx - Redirect a bunch of domains to a single domain, with SSLFTP over SSL: Verify return code: 21 (unable to verify the first certificate)OpenVPN service, run as root:root instead of nobody:nogroup?Custom Certificate Authority not recognised on Windows server / Cert shows as “self signed”

LaTeX closing $ signs makes cursor jump

Why can't I see bouncing of a switch on an oscilloscope?

Why are 150k or 200k jobs considered good when there are 300k+ births a month?

If I cast Expeditious Retreat, can I Dash as a bonus action on the same turn?

How does strength of boric acid solution increase in presence of salicylic acid?

Why doesn't Newton's third law mean a person bounces back to where they started when they hit the ground?

Is it important to consider tone, melody, and musical form while writing a song?

What's the point of deactivating Num Lock on login screens?

Do I have a twin with permutated remainders?

A newer friend of my brother's gave him a load of baseball cards that are supposedly extremely valuable. Is this a scam?

Why does Kotter return in Welcome Back Kotter?

Dragon forelimb placement

Minkowski space

How old can references or sources in a thesis be?

What do you call a Matrix-like slowdown and camera movement effect?

What typically incentivizes a professor to change jobs to a lower ranking university?

An academic/student plagiarism

How much RAM could one put in a typical 80386 setup?

How did the USSR manage to innovate in an environment characterized by government censorship and high bureaucracy?

Can I ask the recruiters in my resume to put the reason why I am rejected?

Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws)

Have astronauts in space suits ever taken selfies? If so, how?

How do I create uniquely male characters?

Why dont electromagnetic waves interact with each other?



Revoked SSL certificate


SSL Error - unable to read server certificate from fileSSL Certificate Warning with UCC Certificate and Multiple SANsCurl: unable to get local issuer certificate. How to debug?CA certificate trouble with Squid on CentOS7SSL certificate working in chrome but not openssl s_client or curlZevenet Load Balancer - SSL CertificateNginx - Redirect a bunch of domains to a single domain, with SSLFTP over SSL: Verify return code: 21 (unable to verify the first certificate)OpenVPN service, run as root:root instead of nobody:nogroup?Custom Certificate Authority not recognised on Windows server / Cert shows as “self signed”






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








5















We're using Paypal SDK here:
https://github.com/paypal/PayPal-NET-SDK



To help handle our webhooks. We've started receiving the exceptions:



PayPal.PayPalException: Unable to verify the certificate(s) found at https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-8079afec
 at PayPal.CertificateManager.GetCertificatesFromUrl(String certUrl)
 at PayPal.Api.WebhookEvent.ValidateReceivedEvent(APIContext apiContext, NameValueCollection requestHeaders, String requestBody, String webhookId)


If we inspect the certificate file at https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-8079afec we get the file:




-----BEGIN CERTIFICATE----- MIIHdzCCBl+gAwIBAgIQBHtmc7f0ru/ozCsjsr2YyjANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDMyNzAwMDAwMFoXDTIxMDYwMjEy
MDAwMFowgfUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
EwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFBheVBhbCwgSW5jLjEYMBYGA1UECxMP
UGFydG5lciBTdXBwb3J0MSwwKgYDVQQDEyNtZXNzYWdldmVyaWZpY2F0aW9uY2Vy
dHMucGF5cGFsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKo
k6Zr7AuPwsMwaTfBmv/ECGHU1/hjZ9VAdOBuolrKGql+TZ3NfZsu62Me8sdPuCjJ
R/8KUCJ/FtyFs/gVreg63zDqZLsHLBAR+6OcJR3yOJX1W4Y0ABdMA0i+iZFh/iUx
HHq6CZCnPlS2lvzJaS2UrzJ+mkPhCn1u2NRzys8FSKj/rn9ZLnT7CfgVvzabzobW
GvpHdXk+I3UieKyLkxZxlqJGWKN5KVTbPLU10F7H8RdO0f7deqt3tXT7eHIeEmBQ
6FZUIb3kt6qe4jTugXMqeS4JUiH9mhJTX1bC3PRl2TsnyjqgzKZZNfBXs/3IDHST
RElxn0603HnsWiyxn/ECAwEAAaOCA4AwggN8MB8GA1UdIwQYMBaAFD3TUKXWoK3u
80pgCmXTIdT4+NYPMB0GA1UdDgQWBBSkuNmXUDoHVayujFb0oeloO61qIDAuBgNV
HREEJzAlgiNtZXNzYWdldmVyaWZpY2F0aW9uY2VydHMucGF5cGFsLmNvbTAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1Ud
HwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNl
cnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEy
LWV2LXNlcnZlci1nMi5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1sAgEwKjAoBggr
BgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAHBgVngQwBATCB
iAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5jcnQwDAYDVR0T
AQH/BAIwADCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHYAu9nfvB+KcbWTlCOX
qpJ7RzhXlQqrUugakJZkNo4e0YUAAAFpvJhEdQAABAMARzBFAiEAprZz2cWH2zV4
lymEVimmwQUTp6QpeVL6ruCjqr45cp8CIHE2SD079OeyVyXzbN6lcCPAQscdF+to
3rLMebtmZ10dAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFp
vJhE0QAABAMARjBEAiAboeCw/qNGNi/bQahj4LxufXCoLVDS7p60HpWwCzvo/gIg
C1MRFVPAjxQ8ZW1445+gO/YXt/mxRr1P2ZTGDaI2RKMAdQCHdb/nWXz4jEOZX73z
bv9WjUdWNv9KtWDBtOr/XqCDDwAAAWm8mEabAAAEAwBGMEQCIHGAUX3fYxOY0Kmf
5cE5rFdoBWkugpku5tdQdaHl3XkUAiBn0TtWXdCi2XC8AX9HsfmkUhNRxt0a4Qrc
aRHA2pEBsDANBgkqhkiG9w0BAQsFAAOCAQEAKstIrA+/RYCmv1tiaRwsnyfMeFa/
9axfNcqy/Ip3h4K9uk2R3h2QpOMm19a5+cdYssBXRULMes2Y7+7iCMSlEKug5lq7
1P3DpVZeqg4kkWvirE39Mrr894z9tuthVuDEkOZ99p8vJhoPWXqURCZNaBGTg7qI
xJh1zxoihRW8XYoP/ToX/wFolQcBU19PF25Sb2zx3aio7Nu6aNEAKWI/zavsDJWk
G5HgJsgsqRA2wJSIonhUL+g/Xpmiz0wrDWcj9py2tO6COUBkYwOPVW7DHm3yU7q7
pa7sNAPF/Rb0oxQMQ1lFwEBEIWaIlgRs34zNteZS3JZudGYjLiBvRGDoNA==
-----END CERTIFICATE-----




If we inspect the X509Chain of this certificate, it's invalid with the error:
FalseChain error: Revoked The certificate is revoked.



We're using Windows Server 2012 R2 Datacenter, is there any way to stop this exception from a server config point of view in any way at all?






ssl windows-server-2012-r2 ssl-certificate x509







share|improve this question






















  • Could you copy/paste this certificate in a .crt file, double click on it in Windows Explorer on your server and advise what certificate from a chain has been revoked. I have tested your certificate on my kept up-to-date Windows 10, and it found no problems. Also I tested the CRL list of a CA issued this certificate, and your certificate is not in that list

    – Sergey Nudnov
    yesterday












  • ups, my mistake, checked wrong CRL. Yes the certificate is indeed revoked just recently: ‎Tuesday, ‎April ‎2, ‎2019 4:03:37 PM. PayPal should take care on that

    – Sergey Nudnov
    yesterday

















5















We're using Paypal SDK here:
https://github.com/paypal/PayPal-NET-SDK



To help handle our webhooks. We've started receiving the exceptions:



PayPal.PayPalException: Unable to verify the certificate(s) found at https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-8079afec
 at PayPal.CertificateManager.GetCertificatesFromUrl(String certUrl)
 at PayPal.Api.WebhookEvent.ValidateReceivedEvent(APIContext apiContext, NameValueCollection requestHeaders, String requestBody, String webhookId)


If we inspect the certificate file at https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-8079afec we get the file:




-----BEGIN CERTIFICATE----- MIIHdzCCBl+gAwIBAgIQBHtmc7f0ru/ozCsjsr2YyjANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDMyNzAwMDAwMFoXDTIxMDYwMjEy
MDAwMFowgfUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
EwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFBheVBhbCwgSW5jLjEYMBYGA1UECxMP
UGFydG5lciBTdXBwb3J0MSwwKgYDVQQDEyNtZXNzYWdldmVyaWZpY2F0aW9uY2Vy
dHMucGF5cGFsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKo
k6Zr7AuPwsMwaTfBmv/ECGHU1/hjZ9VAdOBuolrKGql+TZ3NfZsu62Me8sdPuCjJ
R/8KUCJ/FtyFs/gVreg63zDqZLsHLBAR+6OcJR3yOJX1W4Y0ABdMA0i+iZFh/iUx
HHq6CZCnPlS2lvzJaS2UrzJ+mkPhCn1u2NRzys8FSKj/rn9ZLnT7CfgVvzabzobW
GvpHdXk+I3UieKyLkxZxlqJGWKN5KVTbPLU10F7H8RdO0f7deqt3tXT7eHIeEmBQ
6FZUIb3kt6qe4jTugXMqeS4JUiH9mhJTX1bC3PRl2TsnyjqgzKZZNfBXs/3IDHST
RElxn0603HnsWiyxn/ECAwEAAaOCA4AwggN8MB8GA1UdIwQYMBaAFD3TUKXWoK3u
80pgCmXTIdT4+NYPMB0GA1UdDgQWBBSkuNmXUDoHVayujFb0oeloO61qIDAuBgNV
HREEJzAlgiNtZXNzYWdldmVyaWZpY2F0aW9uY2VydHMucGF5cGFsLmNvbTAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1Ud
HwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNl
cnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEy
LWV2LXNlcnZlci1nMi5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1sAgEwKjAoBggr
BgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAHBgVngQwBATCB
iAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5jcnQwDAYDVR0T
AQH/BAIwADCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHYAu9nfvB+KcbWTlCOX
qpJ7RzhXlQqrUugakJZkNo4e0YUAAAFpvJhEdQAABAMARzBFAiEAprZz2cWH2zV4
lymEVimmwQUTp6QpeVL6ruCjqr45cp8CIHE2SD079OeyVyXzbN6lcCPAQscdF+to
3rLMebtmZ10dAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFp
vJhE0QAABAMARjBEAiAboeCw/qNGNi/bQahj4LxufXCoLVDS7p60HpWwCzvo/gIg
C1MRFVPAjxQ8ZW1445+gO/YXt/mxRr1P2ZTGDaI2RKMAdQCHdb/nWXz4jEOZX73z
bv9WjUdWNv9KtWDBtOr/XqCDDwAAAWm8mEabAAAEAwBGMEQCIHGAUX3fYxOY0Kmf
5cE5rFdoBWkugpku5tdQdaHl3XkUAiBn0TtWXdCi2XC8AX9HsfmkUhNRxt0a4Qrc
aRHA2pEBsDANBgkqhkiG9w0BAQsFAAOCAQEAKstIrA+/RYCmv1tiaRwsnyfMeFa/
9axfNcqy/Ip3h4K9uk2R3h2QpOMm19a5+cdYssBXRULMes2Y7+7iCMSlEKug5lq7
1P3DpVZeqg4kkWvirE39Mrr894z9tuthVuDEkOZ99p8vJhoPWXqURCZNaBGTg7qI
xJh1zxoihRW8XYoP/ToX/wFolQcBU19PF25Sb2zx3aio7Nu6aNEAKWI/zavsDJWk
G5HgJsgsqRA2wJSIonhUL+g/Xpmiz0wrDWcj9py2tO6COUBkYwOPVW7DHm3yU7q7
pa7sNAPF/Rb0oxQMQ1lFwEBEIWaIlgRs34zNteZS3JZudGYjLiBvRGDoNA==
-----END CERTIFICATE-----




If we inspect the X509Chain of this certificate, it's invalid with the error:
FalseChain error: Revoked The certificate is revoked.



We're using Windows Server 2012 R2 Datacenter, is there any way to stop this exception from a server config point of view in any way at all?






ssl windows-server-2012-r2 ssl-certificate x509







share|improve this question






















  • Could you copy/paste this certificate in a .crt file, double click on it in Windows Explorer on your server and advise what certificate from a chain has been revoked. I have tested your certificate on my kept up-to-date Windows 10, and it found no problems. Also I tested the CRL list of a CA issued this certificate, and your certificate is not in that list

    – Sergey Nudnov
    yesterday












  • ups, my mistake, checked wrong CRL. Yes the certificate is indeed revoked just recently: ‎Tuesday, ‎April ‎2, ‎2019 4:03:37 PM. PayPal should take care on that

    – Sergey Nudnov
    yesterday













5












5








5








We're using Paypal SDK here:
https://github.com/paypal/PayPal-NET-SDK



To help handle our webhooks. We've started receiving the exceptions:



PayPal.PayPalException: Unable to verify the certificate(s) found at https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-8079afec
 at PayPal.CertificateManager.GetCertificatesFromUrl(String certUrl)
 at PayPal.Api.WebhookEvent.ValidateReceivedEvent(APIContext apiContext, NameValueCollection requestHeaders, String requestBody, String webhookId)


If we inspect the certificate file at https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-8079afec we get the file:




-----BEGIN CERTIFICATE----- MIIHdzCCBl+gAwIBAgIQBHtmc7f0ru/ozCsjsr2YyjANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDMyNzAwMDAwMFoXDTIxMDYwMjEy
MDAwMFowgfUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
EwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFBheVBhbCwgSW5jLjEYMBYGA1UECxMP
UGFydG5lciBTdXBwb3J0MSwwKgYDVQQDEyNtZXNzYWdldmVyaWZpY2F0aW9uY2Vy
dHMucGF5cGFsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKo
k6Zr7AuPwsMwaTfBmv/ECGHU1/hjZ9VAdOBuolrKGql+TZ3NfZsu62Me8sdPuCjJ
R/8KUCJ/FtyFs/gVreg63zDqZLsHLBAR+6OcJR3yOJX1W4Y0ABdMA0i+iZFh/iUx
HHq6CZCnPlS2lvzJaS2UrzJ+mkPhCn1u2NRzys8FSKj/rn9ZLnT7CfgVvzabzobW
GvpHdXk+I3UieKyLkxZxlqJGWKN5KVTbPLU10F7H8RdO0f7deqt3tXT7eHIeEmBQ
6FZUIb3kt6qe4jTugXMqeS4JUiH9mhJTX1bC3PRl2TsnyjqgzKZZNfBXs/3IDHST
RElxn0603HnsWiyxn/ECAwEAAaOCA4AwggN8MB8GA1UdIwQYMBaAFD3TUKXWoK3u
80pgCmXTIdT4+NYPMB0GA1UdDgQWBBSkuNmXUDoHVayujFb0oeloO61qIDAuBgNV
HREEJzAlgiNtZXNzYWdldmVyaWZpY2F0aW9uY2VydHMucGF5cGFsLmNvbTAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1Ud
HwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNl
cnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEy
LWV2LXNlcnZlci1nMi5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1sAgEwKjAoBggr
BgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAHBgVngQwBATCB
iAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5jcnQwDAYDVR0T
AQH/BAIwADCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHYAu9nfvB+KcbWTlCOX
qpJ7RzhXlQqrUugakJZkNo4e0YUAAAFpvJhEdQAABAMARzBFAiEAprZz2cWH2zV4
lymEVimmwQUTp6QpeVL6ruCjqr45cp8CIHE2SD079OeyVyXzbN6lcCPAQscdF+to
3rLMebtmZ10dAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFp
vJhE0QAABAMARjBEAiAboeCw/qNGNi/bQahj4LxufXCoLVDS7p60HpWwCzvo/gIg
C1MRFVPAjxQ8ZW1445+gO/YXt/mxRr1P2ZTGDaI2RKMAdQCHdb/nWXz4jEOZX73z
bv9WjUdWNv9KtWDBtOr/XqCDDwAAAWm8mEabAAAEAwBGMEQCIHGAUX3fYxOY0Kmf
5cE5rFdoBWkugpku5tdQdaHl3XkUAiBn0TtWXdCi2XC8AX9HsfmkUhNRxt0a4Qrc
aRHA2pEBsDANBgkqhkiG9w0BAQsFAAOCAQEAKstIrA+/RYCmv1tiaRwsnyfMeFa/
9axfNcqy/Ip3h4K9uk2R3h2QpOMm19a5+cdYssBXRULMes2Y7+7iCMSlEKug5lq7
1P3DpVZeqg4kkWvirE39Mrr894z9tuthVuDEkOZ99p8vJhoPWXqURCZNaBGTg7qI
xJh1zxoihRW8XYoP/ToX/wFolQcBU19PF25Sb2zx3aio7Nu6aNEAKWI/zavsDJWk
G5HgJsgsqRA2wJSIonhUL+g/Xpmiz0wrDWcj9py2tO6COUBkYwOPVW7DHm3yU7q7
pa7sNAPF/Rb0oxQMQ1lFwEBEIWaIlgRs34zNteZS3JZudGYjLiBvRGDoNA==
-----END CERTIFICATE-----




If we inspect the X509Chain of this certificate, it's invalid with the error:
FalseChain error: Revoked The certificate is revoked.



We're using Windows Server 2012 R2 Datacenter, is there any way to stop this exception from a server config point of view in any way at all?






ssl windows-server-2012-r2 ssl-certificate x509







share|improve this question














We're using Paypal SDK here:
https://github.com/paypal/PayPal-NET-SDK



To help handle our webhooks. We've started receiving the exceptions:



PayPal.PayPalException: Unable to verify the certificate(s) found at https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-8079afec
 at PayPal.CertificateManager.GetCertificatesFromUrl(String certUrl)
 at PayPal.Api.WebhookEvent.ValidateReceivedEvent(APIContext apiContext, NameValueCollection requestHeaders, String requestBody, String webhookId)


If we inspect the certificate file at https://api.paypal.com/v1/notifications/certs/CERT-360caa42-fca2a594-8079afec we get the file:




-----BEGIN CERTIFICATE----- MIIHdzCCBl+gAwIBAgIQBHtmc7f0ru/ozCsjsr2YyjANBgkqhkiG9w0BAQsFADB1
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMTQwMgYDVQQDEytEaWdpQ2VydCBTSEEyIEV4dGVuZGVk
IFZhbGlkYXRpb24gU2VydmVyIENBMB4XDTE5MDMyNzAwMDAwMFoXDTIxMDYwMjEy
MDAwMFowgfUxHTAbBgNVBA8MFFByaXZhdGUgT3JnYW5pemF0aW9uMRMwEQYLKwYB
BAGCNzwCAQMTAlVTMRkwFwYLKwYBBAGCNzwCAQITCERlbGF3YXJlMRAwDgYDVQQF
EwczMDE0MjY3MQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTERMA8G
A1UEBxMIU2FuIEpvc2UxFTATBgNVBAoTDFBheVBhbCwgSW5jLjEYMBYGA1UECxMP
UGFydG5lciBTdXBwb3J0MSwwKgYDVQQDEyNtZXNzYWdldmVyaWZpY2F0aW9uY2Vy
dHMucGF5cGFsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMKo
k6Zr7AuPwsMwaTfBmv/ECGHU1/hjZ9VAdOBuolrKGql+TZ3NfZsu62Me8sdPuCjJ
R/8KUCJ/FtyFs/gVreg63zDqZLsHLBAR+6OcJR3yOJX1W4Y0ABdMA0i+iZFh/iUx
HHq6CZCnPlS2lvzJaS2UrzJ+mkPhCn1u2NRzys8FSKj/rn9ZLnT7CfgVvzabzobW
GvpHdXk+I3UieKyLkxZxlqJGWKN5KVTbPLU10F7H8RdO0f7deqt3tXT7eHIeEmBQ
6FZUIb3kt6qe4jTugXMqeS4JUiH9mhJTX1bC3PRl2TsnyjqgzKZZNfBXs/3IDHST
RElxn0603HnsWiyxn/ECAwEAAaOCA4AwggN8MB8GA1UdIwQYMBaAFD3TUKXWoK3u
80pgCmXTIdT4+NYPMB0GA1UdDgQWBBSkuNmXUDoHVayujFb0oeloO61qIDAuBgNV
HREEJzAlgiNtZXNzYWdldmVyaWZpY2F0aW9uY2VydHMucGF5cGFsLmNvbTAOBgNV
HQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMHUGA1Ud
HwRuMGwwNKAyoDCGLmh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9zaGEyLWV2LXNl
cnZlci1nMi5jcmwwNKAyoDCGLmh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9zaGEy
LWV2LXNlcnZlci1nMi5jcmwwSwYDVR0gBEQwQjA3BglghkgBhv1sAgEwKjAoBggr
BgEFBQcCARYcaHR0cHM6Ly93d3cuZGlnaWNlcnQuY29tL0NQUzAHBgVngQwBATCB
iAYIKwYBBQUHAQEEfDB6MCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2Vy
dC5jb20wUgYIKwYBBQUHMAKGRmh0dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9E
aWdpQ2VydFNIQTJFeHRlbmRlZFZhbGlkYXRpb25TZXJ2ZXJDQS5jcnQwDAYDVR0T
AQH/BAIwADCCAXwGCisGAQQB1nkCBAIEggFsBIIBaAFmAHYAu9nfvB+KcbWTlCOX
qpJ7RzhXlQqrUugakJZkNo4e0YUAAAFpvJhEdQAABAMARzBFAiEAprZz2cWH2zV4
lymEVimmwQUTp6QpeVL6ruCjqr45cp8CIHE2SD079OeyVyXzbN6lcCPAQscdF+to
3rLMebtmZ10dAHUAVhQGmi/XwuzT9eG9RLI+x0Z2ubyZEVzA75SYVdaJ0N0AAAFp
vJhE0QAABAMARjBEAiAboeCw/qNGNi/bQahj4LxufXCoLVDS7p60HpWwCzvo/gIg
C1MRFVPAjxQ8ZW1445+gO/YXt/mxRr1P2ZTGDaI2RKMAdQCHdb/nWXz4jEOZX73z
bv9WjUdWNv9KtWDBtOr/XqCDDwAAAWm8mEabAAAEAwBGMEQCIHGAUX3fYxOY0Kmf
5cE5rFdoBWkugpku5tdQdaHl3XkUAiBn0TtWXdCi2XC8AX9HsfmkUhNRxt0a4Qrc
aRHA2pEBsDANBgkqhkiG9w0BAQsFAAOCAQEAKstIrA+/RYCmv1tiaRwsnyfMeFa/
9axfNcqy/Ip3h4K9uk2R3h2QpOMm19a5+cdYssBXRULMes2Y7+7iCMSlEKug5lq7
1P3DpVZeqg4kkWvirE39Mrr894z9tuthVuDEkOZ99p8vJhoPWXqURCZNaBGTg7qI
xJh1zxoihRW8XYoP/ToX/wFolQcBU19PF25Sb2zx3aio7Nu6aNEAKWI/zavsDJWk
G5HgJsgsqRA2wJSIonhUL+g/Xpmiz0wrDWcj9py2tO6COUBkYwOPVW7DHm3yU7q7
pa7sNAPF/Rb0oxQMQ1lFwEBEIWaIlgRs34zNteZS3JZudGYjLiBvRGDoNA==
-----END CERTIFICATE-----




If we inspect the X509Chain of this certificate, it's invalid with the error:
FalseChain error: Revoked The certificate is revoked.



We're using Windows Server 2012 R2 Datacenter, is there any way to stop this exception from a server config point of view in any way at all?






ssl windows-server-2012-r2 ssl-certificate x509




ssl windows-server-2012-r2 ssl-certificate x509






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked yesterday









Tom GullenTom Gullen

834722




834722












  • Could you copy/paste this certificate in a .crt file, double click on it in Windows Explorer on your server and advise what certificate from a chain has been revoked. I have tested your certificate on my kept up-to-date Windows 10, and it found no problems. Also I tested the CRL list of a CA issued this certificate, and your certificate is not in that list

    – Sergey Nudnov
    yesterday












  • ups, my mistake, checked wrong CRL. Yes the certificate is indeed revoked just recently: ‎Tuesday, ‎April ‎2, ‎2019 4:03:37 PM. PayPal should take care on that

    – Sergey Nudnov
    yesterday

















  • Could you copy/paste this certificate in a .crt file, double click on it in Windows Explorer on your server and advise what certificate from a chain has been revoked. I have tested your certificate on my kept up-to-date Windows 10, and it found no problems. Also I tested the CRL list of a CA issued this certificate, and your certificate is not in that list

    – Sergey Nudnov
    yesterday












  • ups, my mistake, checked wrong CRL. Yes the certificate is indeed revoked just recently: ‎Tuesday, ‎April ‎2, ‎2019 4:03:37 PM. PayPal should take care on that

    – Sergey Nudnov
    yesterday
















Could you copy/paste this certificate in a .crt file, double click on it in Windows Explorer on your server and advise what certificate from a chain has been revoked. I have tested your certificate on my kept up-to-date Windows 10, and it found no problems. Also I tested the CRL list of a CA issued this certificate, and your certificate is not in that list

– Sergey Nudnov
yesterday






Could you copy/paste this certificate in a .crt file, double click on it in Windows Explorer on your server and advise what certificate from a chain has been revoked. I have tested your certificate on my kept up-to-date Windows 10, and it found no problems. Also I tested the CRL list of a CA issued this certificate, and your certificate is not in that list

– Sergey Nudnov
yesterday














ups, my mistake, checked wrong CRL. Yes the certificate is indeed revoked just recently: ‎Tuesday, ‎April ‎2, ‎2019 4:03:37 PM. PayPal should take care on that

– Sergey Nudnov
yesterday





ups, my mistake, checked wrong CRL. Yes the certificate is indeed revoked just recently: ‎Tuesday, ‎April ‎2, ‎2019 4:03:37 PM. PayPal should take care on that

– Sergey Nudnov
yesterday










2 Answers
2






active

oldest

votes


















3














As a temporary solution, you could add this certificate to the Trusted People store on your server.



To do so:



  • copy/paste certificate into a .crt file;

  • double click on it from Windows Explorer;

  • select Install Certificate;


  • Store Location: Local Machine;


  • Place all certificates in the following store;


  • Browse and select Trusted People store

No need to block anything on the Firewall.



Attention!



Doing so presents a security risk for your communications! Please apply your due diligence there






share|improve this answer










New contributor




Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Thank you! This has fixed the issue for now. I'll be looking to update to V2 of Paypal's official SDK when it's released.

    – Tom Gullen
    yesterday






  • 2





    Great idea. I mean it's well known that Paypal revokes certificates just for fun, so there's absolutely nothing that could go wrong by doing this. If there's really a benign reason why the cert was revoked it'd be nice to mention this. Otherwise this looks like an awful, awful idea. Assuming the certificate was leaked, you just enabled an attacker to MITM your payment infrastructure (and everything else that server ever does) - brilliant.

    – Voo
    yesterday












  • @Voo, thank you. Added a disclaimer to answer

    – Sergey Nudnov
    yesterday


















7














This is not an error. The certificate has been revoked by the certificate authority (digicert in this case).



You can test yourself at: https://decoder.link/ocsp



Somewhere in your SDK this certificate is used. Or it's presented to you by paypal. So either update your SDK or tell paypal to replace that certificate.



You could disable access to http://ocsp.digicert.com in your firewall to prevent the check of the CRL (certificate revocation list). But this is not a good idea.






share|improve this answer























  • Thanks, will update Paypal SDK to pre release candidate to see if that resolves the issue.

    – Tom Gullen
    yesterday






  • 2





    Disabling access to http://ocsp.digicert.com won't help anyway. Certificate has been verified by X509Certificate2.Verify method. I tried to set all crl3.digicert.com, crl4.digicert.com, ocsp.digicert.com names to 127.0.0.1 in the hosts file - and it has been returning False. When I imported certificate into the Trusted People store - verification was passed and returned True even with unblocked digicert.com names I listed above

    – Sergey Nudnov
    yesterday











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961681%2frevoked-ssl-certificate%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









3














As a temporary solution, you could add this certificate to the Trusted People store on your server.



To do so:



  • copy/paste certificate into a .crt file;

  • double click on it from Windows Explorer;

  • select Install Certificate;


  • Store Location: Local Machine;


  • Place all certificates in the following store;


  • Browse and select Trusted People store

No need to block anything on the Firewall.



Attention!



Doing so presents a security risk for your communications! Please apply your due diligence there






share|improve this answer










New contributor




Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Thank you! This has fixed the issue for now. I'll be looking to update to V2 of Paypal's official SDK when it's released.

    – Tom Gullen
    yesterday






  • 2





    Great idea. I mean it's well known that Paypal revokes certificates just for fun, so there's absolutely nothing that could go wrong by doing this. If there's really a benign reason why the cert was revoked it'd be nice to mention this. Otherwise this looks like an awful, awful idea. Assuming the certificate was leaked, you just enabled an attacker to MITM your payment infrastructure (and everything else that server ever does) - brilliant.

    – Voo
    yesterday












  • @Voo, thank you. Added a disclaimer to answer

    – Sergey Nudnov
    yesterday















3














As a temporary solution, you could add this certificate to the Trusted People store on your server.



To do so:



  • copy/paste certificate into a .crt file;

  • double click on it from Windows Explorer;

  • select Install Certificate;


  • Store Location: Local Machine;


  • Place all certificates in the following store;


  • Browse and select Trusted People store

No need to block anything on the Firewall.



Attention!



Doing so presents a security risk for your communications! Please apply your due diligence there






share|improve this answer










New contributor




Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.




















  • Thank you! This has fixed the issue for now. I'll be looking to update to V2 of Paypal's official SDK when it's released.

    – Tom Gullen
    yesterday






  • 2





    Great idea. I mean it's well known that Paypal revokes certificates just for fun, so there's absolutely nothing that could go wrong by doing this. If there's really a benign reason why the cert was revoked it'd be nice to mention this. Otherwise this looks like an awful, awful idea. Assuming the certificate was leaked, you just enabled an attacker to MITM your payment infrastructure (and everything else that server ever does) - brilliant.

    – Voo
    yesterday












  • @Voo, thank you. Added a disclaimer to answer

    – Sergey Nudnov
    yesterday













3












3








3







As a temporary solution, you could add this certificate to the Trusted People store on your server.



To do so:



  • copy/paste certificate into a .crt file;

  • double click on it from Windows Explorer;

  • select Install Certificate;


  • Store Location: Local Machine;


  • Place all certificates in the following store;


  • Browse and select Trusted People store

No need to block anything on the Firewall.



Attention!



Doing so presents a security risk for your communications! Please apply your due diligence there






share|improve this answer










New contributor




Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.










As a temporary solution, you could add this certificate to the Trusted People store on your server.



To do so:



  • copy/paste certificate into a .crt file;

  • double click on it from Windows Explorer;

  • select Install Certificate;


  • Store Location: Local Machine;


  • Place all certificates in the following store;


  • Browse and select Trusted People store

No need to block anything on the Firewall.



Attention!



Doing so presents a security risk for your communications! Please apply your due diligence there







share|improve this answer










New contributor




Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









share|improve this answer



share|improve this answer








edited yesterday





















New contributor




Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.









answered yesterday









Sergey NudnovSergey Nudnov

1565




1565




New contributor




Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.





New contributor





Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.






Sergey Nudnov is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.












  • Thank you! This has fixed the issue for now. I'll be looking to update to V2 of Paypal's official SDK when it's released.

    – Tom Gullen
    yesterday






  • 2





    Great idea. I mean it's well known that Paypal revokes certificates just for fun, so there's absolutely nothing that could go wrong by doing this. If there's really a benign reason why the cert was revoked it'd be nice to mention this. Otherwise this looks like an awful, awful idea. Assuming the certificate was leaked, you just enabled an attacker to MITM your payment infrastructure (and everything else that server ever does) - brilliant.

    – Voo
    yesterday












  • @Voo, thank you. Added a disclaimer to answer

    – Sergey Nudnov
    yesterday

















  • Thank you! This has fixed the issue for now. I'll be looking to update to V2 of Paypal's official SDK when it's released.

    – Tom Gullen
    yesterday






  • 2





    Great idea. I mean it's well known that Paypal revokes certificates just for fun, so there's absolutely nothing that could go wrong by doing this. If there's really a benign reason why the cert was revoked it'd be nice to mention this. Otherwise this looks like an awful, awful idea. Assuming the certificate was leaked, you just enabled an attacker to MITM your payment infrastructure (and everything else that server ever does) - brilliant.

    – Voo
    yesterday












  • @Voo, thank you. Added a disclaimer to answer

    – Sergey Nudnov
    yesterday
















Thank you! This has fixed the issue for now. I'll be looking to update to V2 of Paypal's official SDK when it's released.

– Tom Gullen
yesterday





Thank you! This has fixed the issue for now. I'll be looking to update to V2 of Paypal's official SDK when it's released.

– Tom Gullen
yesterday




2




2





Great idea. I mean it's well known that Paypal revokes certificates just for fun, so there's absolutely nothing that could go wrong by doing this. If there's really a benign reason why the cert was revoked it'd be nice to mention this. Otherwise this looks like an awful, awful idea. Assuming the certificate was leaked, you just enabled an attacker to MITM your payment infrastructure (and everything else that server ever does) - brilliant.

– Voo
yesterday






Great idea. I mean it's well known that Paypal revokes certificates just for fun, so there's absolutely nothing that could go wrong by doing this. If there's really a benign reason why the cert was revoked it'd be nice to mention this. Otherwise this looks like an awful, awful idea. Assuming the certificate was leaked, you just enabled an attacker to MITM your payment infrastructure (and everything else that server ever does) - brilliant.

– Voo
yesterday














@Voo, thank you. Added a disclaimer to answer

– Sergey Nudnov
yesterday





@Voo, thank you. Added a disclaimer to answer

– Sergey Nudnov
yesterday













7














This is not an error. The certificate has been revoked by the certificate authority (digicert in this case).



You can test yourself at: https://decoder.link/ocsp



Somewhere in your SDK this certificate is used. Or it's presented to you by paypal. So either update your SDK or tell paypal to replace that certificate.



You could disable access to http://ocsp.digicert.com in your firewall to prevent the check of the CRL (certificate revocation list). But this is not a good idea.






share|improve this answer























  • Thanks, will update Paypal SDK to pre release candidate to see if that resolves the issue.

    – Tom Gullen
    yesterday






  • 2





    Disabling access to http://ocsp.digicert.com won't help anyway. Certificate has been verified by X509Certificate2.Verify method. I tried to set all crl3.digicert.com, crl4.digicert.com, ocsp.digicert.com names to 127.0.0.1 in the hosts file - and it has been returning False. When I imported certificate into the Trusted People store - verification was passed and returned True even with unblocked digicert.com names I listed above

    – Sergey Nudnov
    yesterday















7














This is not an error. The certificate has been revoked by the certificate authority (digicert in this case).



You can test yourself at: https://decoder.link/ocsp



Somewhere in your SDK this certificate is used. Or it's presented to you by paypal. So either update your SDK or tell paypal to replace that certificate.



You could disable access to http://ocsp.digicert.com in your firewall to prevent the check of the CRL (certificate revocation list). But this is not a good idea.






share|improve this answer























  • Thanks, will update Paypal SDK to pre release candidate to see if that resolves the issue.

    – Tom Gullen
    yesterday






  • 2





    Disabling access to http://ocsp.digicert.com won't help anyway. Certificate has been verified by X509Certificate2.Verify method. I tried to set all crl3.digicert.com, crl4.digicert.com, ocsp.digicert.com names to 127.0.0.1 in the hosts file - and it has been returning False. When I imported certificate into the Trusted People store - verification was passed and returned True even with unblocked digicert.com names I listed above

    – Sergey Nudnov
    yesterday













7












7








7







This is not an error. The certificate has been revoked by the certificate authority (digicert in this case).



You can test yourself at: https://decoder.link/ocsp



Somewhere in your SDK this certificate is used. Or it's presented to you by paypal. So either update your SDK or tell paypal to replace that certificate.



You could disable access to http://ocsp.digicert.com in your firewall to prevent the check of the CRL (certificate revocation list). But this is not a good idea.






share|improve this answer













This is not an error. The certificate has been revoked by the certificate authority (digicert in this case).



You can test yourself at: https://decoder.link/ocsp



Somewhere in your SDK this certificate is used. Or it's presented to you by paypal. So either update your SDK or tell paypal to replace that certificate.



You could disable access to http://ocsp.digicert.com in your firewall to prevent the check of the CRL (certificate revocation list). But this is not a good idea.







share|improve this answer












share|improve this answer



share|improve this answer










answered yesterday









unNamedunNamed

1917




1917












  • Thanks, will update Paypal SDK to pre release candidate to see if that resolves the issue.

    – Tom Gullen
    yesterday






  • 2





    Disabling access to http://ocsp.digicert.com won't help anyway. Certificate has been verified by X509Certificate2.Verify method. I tried to set all crl3.digicert.com, crl4.digicert.com, ocsp.digicert.com names to 127.0.0.1 in the hosts file - and it has been returning False. When I imported certificate into the Trusted People store - verification was passed and returned True even with unblocked digicert.com names I listed above

    – Sergey Nudnov
    yesterday

















  • Thanks, will update Paypal SDK to pre release candidate to see if that resolves the issue.

    – Tom Gullen
    yesterday






  • 2





    Disabling access to http://ocsp.digicert.com won't help anyway. Certificate has been verified by X509Certificate2.Verify method. I tried to set all crl3.digicert.com, crl4.digicert.com, ocsp.digicert.com names to 127.0.0.1 in the hosts file - and it has been returning False. When I imported certificate into the Trusted People store - verification was passed and returned True even with unblocked digicert.com names I listed above

    – Sergey Nudnov
    yesterday
















Thanks, will update Paypal SDK to pre release candidate to see if that resolves the issue.

– Tom Gullen
yesterday





Thanks, will update Paypal SDK to pre release candidate to see if that resolves the issue.

– Tom Gullen
yesterday




2




2





Disabling access to http://ocsp.digicert.com won't help anyway. Certificate has been verified by X509Certificate2.Verify method. I tried to set all crl3.digicert.com, crl4.digicert.com, ocsp.digicert.com names to 127.0.0.1 in the hosts file - and it has been returning False. When I imported certificate into the Trusted People store - verification was passed and returned True even with unblocked digicert.com names I listed above

– Sergey Nudnov
yesterday





Disabling access to http://ocsp.digicert.com won't help anyway. Certificate has been verified by X509Certificate2.Verify method. I tried to set all crl3.digicert.com, crl4.digicert.com, ocsp.digicert.com names to 127.0.0.1 in the hosts file - and it has been returning False. When I imported certificate into the Trusted People store - verification was passed and returned True even with unblocked digicert.com names I listed above

– Sergey Nudnov
yesterday

















draft saved

draft discarded
















































Thanks for contributing an answer to Server Fault!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f961681%2frevoked-ssl-certificate%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Get product attribute by attribute group code in magento 2get product attribute by product attribute group in magento 2Magento 2 Log Bundle Product Data in List Page?How to get all product attribute of a attribute group of Default attribute set?Magento 2.1 Create a filter in the product grid by new attributeMagento 2 : Get Product Attribute values By GroupMagento 2 How to get all existing values for one attributeMagento 2 get custom attribute of a single product inside a pluginMagento 2.3 How to get all the Multi Source Inventory (MSI) locations collection in custom module?Magento2: how to develop rest API to get new productsGet product attribute by attribute group code ( [attribute_group_code] ) in magento 2

Image
Is it safe to keep the GPU on 100% utilization for a very long time? What happens when the drag force exceeds the weight of an object falling into earth? shebang or not shebang The unknown and unexplained in science fiction Are wands in any sort of book going to be too much like Harry Potter? How do I minimise waste on a flight? Concatenate all values of the same XML element using XPath/XQuery Did any early RISC OS precursor run on the BBC Micro? Single supply non-inverting amplifier using op amp Employee is self-centered and affects the team negatively Why always 4...dxc6 and not 4...bxc6 in the Ruy Lopez Exchange? TikZ/PGF draw algorithm Learning how to read schematics, questions about fractional voltage in schematic How can I test a shell script in a "safe environment" to avoid harm to my computer? A♭ major 9th chord in Bach is unexpectedly dissonant/jazzy What detail can Hubble see on Mars? Drug Testing and Prescribed Medications Justific
Read more

Category:9 (number) SubcategoriesMedia in category "9 (number)"Navigation menuUpload mediaGND ID: 4485639-8Library of Congress authority ID: sh85091979ReasonatorScholiaStatistics

Image
Natural numbersSquare numbersCategories requiring diffusion Help Category:9 (number) From Wikimedia Commons, the free media repository Jump to navigation Jump to search number: 9 (nine) instance of: natural number, deficient number, square number, composite number, odd number, centered cube number, centered octagonal number and nonagonal number other integers: -8 • -4 • -2 • -1 • 0 • 1 • 2 • 3 • 4 • 5 • 6 • 7 • 8 • 9 • 10 • 11 • 12 • 13 • 14 • 15 • 16 • 17 • 18 • 19 • 20 • 21 • 22 • 23 • 24 • 25 • 26 • 27 • 28 • 29 -20 • 0 • 10 • 20 • 30 • 40 • 50 • 60 • 70 • 80 • 90 • 100 • 110 • 120 • 130 • 140 • 150 • 160 • 170 • 180 • 190 • 200 This category has become too crowded. It should list very few images directly. Files should be moved to subcategories where appropriate. New subcategories can be created. Some files need to be moved elsewhere. Search for more categories: fulltext, Main Page, topics, meta categories. Please remove or replace this tag
Read more

Magento 2.3: How do i solve this, Not registered handle, on custom form?How can i rewrite TierPrice Block in Magento2magento 2 captcha not rendering if I override layout xmlmain.CRITICAL: Plugin class doesn't existMagento 2 : Problem while adding custom button order view page?Magento 2.2.5: Overriding Admin Controller sales/orderMagento 2.2.5: Add, Update and Delete existing products Custom OptionsMagento 2.3 : File Upload issue in UI Component FormMagento2 Not registered handleHow to configured Form Builder Js in my custom magento 2.3.0 module?Magento 2.3. How to create image upload field in an admin form

Image
2000s (or earlier) cyberpunk novel: dystopia, mega storm, omnipresent noise How important is it for multiple POVs to run chronologically? PhD: When to quit and move on? Motorcyle Chain needs to be cleaned every time you lube it? Why do most airliners have underwing engines, while business jets have rear-mounted engines? How to supply water to a coastal desert town with no rain and no freshwater aquifers? How come a desk dictionary be abridged? What's the big deal about the Nazgûl losing their horses? Is this standard Japanese employment negotiations, or am I missing something? Should I increase my 401(k) contributions, or increase my mortgage payments Is there a way to change the aspect ratio of a DNG file? Why is there paternal, for fatherly, fraternal, for brotherly, but no similar word for sons? What can a novel do that film and TV cannot? Is conquering your neighbors to fight a greater enemy a valid strategy? /api/sitecore is not working in CD server
Read more