Robert Hajime Lanning wrote: > > I'm sure if there's a simple explanation someone here > > knows it. > > pki.google.com: > Serial Number: 146038 (0x23a76) > X509v3 CRL Distribution Points: URI:http://g.symcb.com/crls/gtglobal.crl > Authority Information Access: OCSP - URI:http://g.symcd.com > Validity > Not Before: Apr 5 15:15:55 2013 GMT > Not After : Apr 4 15:15:55 2015 GMT > > > drive.google.com: > Serial Number: 146025 (0x23a69) > X509v3 CRL Distribution Points: URI:http://crl.geotrust.com/crls/gtglobal.crl > Authority Information Access: OCSP - URI:http://gtglobal-ocsp.geotrust.com > Validity > Not Before: Apr 5 15:15:55 2013 GMT > Not After : Dec 31 23:59:59 2016 GMT > > > Looks like the issuer of the original G2 cert (GeoTrust) has been bought by > Symantec. > Also looks like Symantec limits to a 2 year life span. (GeoTrust was 3 year > cert.) > > BTW, both drive.google.com and pki.google.com have the same G2 cert now. > (the Symantec version) > > In the future, you can run the following command and see if the old G2 cert > (serial 23A69) is add to the old GeoTrust Certificate Revocation List (CRL). > > $ curl -s http://crl.geotrust.com/crls/gtglobal.crl | openssl crl -inform DER > -text -noout
Thanks, that's all cleared up for me now. I'd never used the crl decoder. Neat! The openssl swiss-army-knife decoder never disappoints. Though one can quibble with its syntax and never ever peek in the source or (Heaven forfend) the build system. I use the x509, req, pkcs<n>, and s_client subcommands almost daily, especially this week, which has been nightmarish. _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
