Answer the question
In order to leave comments, you need to log in
Why does the FSB site (fsb.ru) not use https and how to check revoked certificates by name?
Now it's easy to see that sites like fsb.ru or kremlin.ru are only accessible via http.
The news explains this very briefly, and claims that 35 certificates have been revoked:
This is an unprecedented step, American IT businessman Michael Talan told GORDON
https://gordonua.com/news/politics/it-biznesmen-iz...
Other sources mention this, but in fact they simply reprint this news, refer to it. But after all, we are techies and we are discussing a technical event, besides, as you know, scientists often rape journalists (it would be permissible for them to confuse “withdrawn” and “not extended”, and confuse 35 with 53 or 350). Is it possible that such a significant technical event left only a barely noticeable "humanitarian trace" - an oral statement by an IT businessman to a Ukrainian publication in an article with a click-bait headline?
Is there any way to technically verify that the fsb.ru certificate has been revoked (or maybe they just decided not to use it themselves)? Is there a source for this somewhere? Any threads/tickets on github, verisign or mozilla twitter statements, maybe all revoked certificates are posted somewhere? At worst - if they are revoked in accordance with some American law - that is, is this law / decree listing these 35 certificates in the public domain?
Answer the question
In order to leave comments, you need to log in
Well, Yaroslavishche, American laws are far from always found in the public domain - you know highley likes ... But CRL - you can check, we don’t have so many large CAs - thawte, comodo, globalsign ... It is unlikely that there was certificate from LE :)
UPD: Nothing will work. The CRL contains only a serial number and a revocation code :) Of course, people who have a certificate can check it - but others most likely can't :)
UPD2 (large):
Well, I was interested in the question, and here are my thoughts.
The article is, of course, bullshit. The site fsb.ru, like kremlin.ru, never had certificates, you can check this with the all-knowing Google - verification service. The service does not find anything - that is, there was nothing. That is, I assume that all these "35 revoked certificates" actually never existed, and the sites mentioned never had certificates.
That is, it turns out that an American is piZDit ... as a real American should be now :) But nevertheless, oddly enough, he is right!
Because the problem is real. Take, for example, Yandex.
The certificate was issued by the Yandex internal CA:
CN = Yandex CA
OU = Yandex Certification Authority
O = Yandex LLC
C = RU
CN = Certum Trusted Network CA
OU = Certum Certification Authority
O = Unizeto Technologies S.A.
C = PL
Issuer:
CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL
CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL
Serial:
196157293353240526643865071022521293608
279744
47728425367563953368335862826026879003
9458922105397704934246893660916578283
Not valid before:
2008-10-22 12:07:37 UTC
Not valid after:
2027-06-10 10:46:39 UTC
2029-12-31 12:07:37 UTC
2025-12-30 23:59:59 UTC
Key size:
2048
Signature Algorithm:
sha256WithRSAEncryption
sha1WithRSAEncryption
basicConstraints:
CA:TRUE
subjectKeyIdentifier:
08:76:CD:CB:07:FF:24:F6:C5:CD:ED:BB:90:BC:E2:84:37:46:75:F7
authorityKeyIdentifier:
DirName:/C=PL/O=Unizeto Sp. z o.o./CN=Certum CAserial:01:00:20
keyUsage:
Certificate Sign, CRL Sign
crlDistributionPoints:
Full Name: URI:http://crl.certum.pl/ca.crl
authorityInfoAccess:
OCSP - URI:http://subca.ocsp-certum.comCA Issuers - URI:http://repository.certum.pl/ca.cer
certificatePolicies:
Policy: X509v3 Any Policy CPS: http://www.certum.pl/CPS
Policy: X509v3 Any Policy CPS: https://www.certum.pl/CPS
"However, the official portals of the President of Russia kremlin.ru , the State Duma www.duma.gov.ru , the Federal Security Service of Russia www.fsb.ru , and the Security Council of the Russian Federation www.scrf.gov.ru
have not yet been puzzled by the security of the transmitted information ."
https:/ /roskomsvoboda.org/31159/ - 08/15/2017
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question