Hi Ben, DN: CN=Cartão de Cidadão 001, OU=ECEstado, O=SCEE - Sistema de Certificação Electrónica do Estado, C=PT
Downloading the issuer (https://crt.sh/?id=8949008) and then running: openssl ocsp -issuer 8949008.crt -serial 101010101010101101010101010 -no_nonce -url http://ocsp.root.cartaodecidadao.pt/publico/ocsp -noverify gives this response: 101010101010101101010101010: good This Update: Nov 14 23:59:47 2017 GMT So this does not appear to be resolved. DN: C=PT, O=SCEE, CN=ECRaizEstado The SCEE root for the Government of Portugal is now responding with unknown/revoked statuses. DN: C=PT, O=MULTICERT - Serviços de Certificação Electrónica S.A., OU=Accredited Certification Authority, CN=MULTICERT Certification Authority 002 Download https://crt.sh/?id=8642581 and run: openssl ocsp -issuer 8642581.crt -serial 101010101010101101010101010 -no_nonce -url http://ocsp.multicert.com/ocsp -noverify and openssl ocsp -issuer 8642581.crt -serial 101010101010101101010101010 -no_nonce -url http://ocsp.multicert.com/procsp -noverify and the responses are: 101010101010101101010101010: good This Update: Nov 15 00:03:40 2017 GMT Next Update: Nov 15 00:03:40 2017 GMT 101010101010101101010101010: good This Update: Nov 15 00:03:58 2017 GMT Next Update: Nov 15 00:03:58 2017 GMT Not fixed. DN: C=PT, O=MULTICERT - Serviços de Certificação Electrónica S.A., OU=Entidade de Certificação Credenciada, CN=MULTICERT - Entidade de Certificação 001 (Issuer: https://crt.sh/?id=128496365) openssl ocsp -issuer 128496365.crt -serial 1010101010101010101002101010 -no_nonce -noverify -url http://ocsp.multicert.com/ocsp 1010101010101010101002101010: good This Update: Nov 15 00:15:45 2017 GMT Next Update: Nov 15 00:15:45 2017 GMT Also not fixed. I believe Kathleen has opened bugzilla issues for these so it would probably be good to copy this correspondence there as well. -Paul On November 15, 2017 at 6:50:43 AM, Ben Wilson (ben.wil...@digicert.com) wrote: Could someone re-check Multicert and SCEE? (See below.) They have indicated to us that they have now patched their OCSP responder systems. DN: CN=Cartão de Cidadão 001, OU=ECEstado, O=SCEE - Sistema de Certificação Electrónica do Estado, C=PT Example cert: https://crt.sh/?id=12729446 OCSP URI: http://ocsp.root.cartaodecidadao.pt/publico/ocsp DN: C=PT, O=MULTICERT - Serviços de Certificação Electrónica S.A., OU=Accredited Certification Authority, CN=MULTICERT Certification Authority 002 Example cert: https://crt.sh/?id=117934576 OCSP URI: http://ocsp.multicert.com/ocsp OCSP URI: http://ocsp.multicert.com/procsp DN: C=PT, O=MULTICERT - Serviços de Certificação Electrónica S.A., OU=Entidade de Certificação Credenciada, CN=MULTICERT - Entidade de Certificação 001 Example cert: https://crt.sh/?id=11653177 OCSP URI: http://ocsp.multicert.com/ocsp DigiCert/Government of Portugal, Sistema de Certificação Electrónica do Estado (SCEE) / Electronic Certification System of the State: DN: C=PT, O=SCEE, CN=ECRaizEstado Example cert: https://crt.sh/?id=8322256 OCSP URI: http://ocsp.ecee.gov.pt _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
