• Arthur Besse@lemmy.mlOP
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    5 hours ago

    Their certificate was revoked (by their certificate authority, Actalis, part of the Aruba Group) on July 6. Presumably the CA was pressured to revoke it by the Italian and/or US government, and they will get a new certificate from someone else soon.

    There is a hexbear thread here about it; afaict there doesn’t appear to yet be any reporting about it. But in the CRL you can see it was revoked July 6:

    $ curl -s http://crl15.actalis.it/Repository/tls-subca-rsa-dv-2025/getLastCRL | openssl crl -noout -text |grep -A 4 02295E6BB25717C4652321F4ED9D2B29
        Serial Number: 02295E6BB25717C4652321F4ED9D2B29
            Revocation Date: Jul  6 13:54:09 2026 GMT
            CRL entry extensions:
                X509v3 CRL Reason Code: 
                    Privilege Withdrawn
    

    The reason “Privilege Withdrawn” means it was the CA’s decision rather than their own.

    Because certificate revocation has never worked very well, many people can still access it (until their browser fetches the certificate revocation list, or checks OCSP, does some newfangled proprietary other thing i don’t understand…).