• Arthur Besse@lemmy.mlOP
            link
            fedilink
            English
            arrow-up
            7
            ·
            edit-2
            5 hours ago

            Their certificate was revoked (by their certificate authority, Actalis, part of the Aruba Group) on July 6. Presumably the CA was pressured to revoke it by the Italian and/or US government, and they will get a new certificate from someone else soon.

            There is a hexbear thread here about it; afaict there doesn’t appear to yet be any reporting about it. But in the CRL you can see it was revoked July 6:

            $ curl -s http://crl15.actalis.it/Repository/tls-subca-rsa-dv-2025/getLastCRL | openssl crl -noout -text |grep -A 4 02295E6BB25717C4652321F4ED9D2B29
                Serial Number: 02295E6BB25717C4652321F4ED9D2B29
                    Revocation Date: Jul  6 13:54:09 2026 GMT
                    CRL entry extensions:
                        X509v3 CRL Reason Code: 
                            Privilege Withdrawn
            

            The reason “Privilege Withdrawn” means it was the CA’s decision rather than their own.

            Because certificate revocation has never worked very well, many people can still access it (until their browser fetches the certificate revocation list, or checks OCSP, does some newfangled proprietary other thing i don’t understand…).