• Arthur Besse@lemmy.mlOP
      link
      fedilink
      English
      arrow-up
      7
      ·
      edit-2
      5 hours ago

      Their certificate was revoked (by their certificate authority, Actalis, part of the Aruba Group) on July 6. Presumably the CA was pressured to revoke it by the Italian and/or US government, and they will get a new certificate from someone else soon.

      There is a hexbear thread here about it; afaict there doesn’t appear to yet be any reporting about it. But in the CRL you can see it was revoked July 6:

      $ curl -s http://crl15.actalis.it/Repository/tls-subca-rsa-dv-2025/getLastCRL | openssl crl -noout -text |grep -A 4 02295E6BB25717C4652321F4ED9D2B29
          Serial Number: 02295E6BB25717C4652321F4ED9D2B29
              Revocation Date: Jul  6 13:54:09 2026 GMT
              CRL entry extensions:
                  X509v3 CRL Reason Code: 
                      Privilege Withdrawn
      

      The reason “Privilege Withdrawn” means it was the CA’s decision rather than their own.

      Because certificate revocation has never worked very well, many people can still access it (until their browser fetches the certificate revocation list, or checks OCSP, does some newfangled proprietary other thing i don’t understand…).