• Arthur Besse@lemmy.mlOP
          link
          fedilink
          English
          arrow-up
          7
          ·
          edit-2
          5 hours ago

          Their certificate was revoked (by their certificate authority, Actalis, part of the Aruba Group) on July 6. Presumably the CA was pressured to revoke it by the Italian and/or US government, and they will get a new certificate from someone else soon.

          There is a hexbear thread here about it; afaict there doesn’t appear to yet be any reporting about it. But in the CRL you can see it was revoked July 6:

          $ curl -s http://crl15.actalis.it/Repository/tls-subca-rsa-dv-2025/getLastCRL | openssl crl -noout -text |grep -A 4 02295E6BB25717C4652321F4ED9D2B29
              Serial Number: 02295E6BB25717C4652321F4ED9D2B29
                  Revocation Date: Jul  6 13:54:09 2026 GMT
                  CRL entry extensions:
                      X509v3 CRL Reason Code: 
                          Privilege Withdrawn
          

          The reason “Privilege Withdrawn” means it was the CA’s decision rather than their own.

          Because certificate revocation has never worked very well, many people can still access it (until their browser fetches the certificate revocation list, or checks OCSP, does some newfangled proprietary other thing i don’t understand…).