Originally Posted by
flyerCO
Actually he's correct. Revoked certificate message does not mean something untold has happened. The examples given are fully correct. A simple search will show that the reasons listed above are indeed reasons for the message.
Most software just provide one message that simply says the Certificate has been revoked/invalid/compromised using the same warning.
Indeed shouldn't click through if you don't know what the reason is. However most times it's nothing to worry about.
No, sorry, no software would tell you a certificate is revoked when it's a different type of error. Saying it's invalid or expired is something else entirely.
Understanding TLS security and client behavior is part of what I do for a living.
BTW They must have taken the rogue tkpi.delta.com refs out of their site, because whatever is pretending to be that host is still no bueno:
Code:
Server Key and Certificate #1
Subject TKPI.DELTA.COM
Fingerprint SHA256: 22c29a7d4ec5aa401c71e7122a3c6ebeeba96c0f5b27ccc7bbff391711bd6c5c
Pin SHA256: Mo2e+JsVqY+mMb6p...l9e+QfFyd0JGN02thGFAirvs=
Common names TKPI.DELTA.COM
Alternative names TKPI.DELTA.COM
Valid from Thu, 11 May 2017 00:00:00 UTC
Valid until Sat, 12 May 2018 23:59:59 UTC (expires in 11 months and 26 days)
Key RSA 2048 bits (e 65537)
Weak key (Debian) No
Issuer Symantec Class 3 Secure Server SHA256 SSL CA
AIA: http://sg.symcb.com/sg.crt
Signature algorithm SHA256withRSA
Extended Validation No
Certificate TransparencyYes (certificate)
OCSP Must Staple No
Revocation information CRL, OCSP
CRL: http://sg.symcb.com/sg.crl
OCSP: http://sg.symcd.com
Revocation status Revoked INSECURE
DNS CAA No (more info)
Trusted No NOT TRUSTED (Why?)