Created
February 5, 2025 21:18
-
-
Save refack/01313118e4a471310bdd4dd659237260 to your computer and use it in GitHub Desktop.
Bad OCSP - http://ocsp.sectigo.com
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| PS C:\temp> certutil -verify -urlfetch -split -f .\github_com.crt | |
| Issuer: | |
| CN=Sectigo ECC Domain Validation Secure Server CA | |
| O=Sectigo Limited | |
| L=Salford | |
| S=Greater Manchester | |
| C=GB | |
| Name Hash(sha1): cf94dc5c304aa79485721f956e67895ac21657dd | |
| Name Hash(md5): 3fdc23335d3edf22f39126441a0a224c | |
| Subject: | |
| CN=github.com | |
| Name Hash(sha1): 19485e54b5a0e1f2e693412c07c8f280216a99e6 | |
| Name Hash(md5): c5615044c146b3e8f4a63fc128612f6e | |
| Cert Serial Number: ab6686b5627be80596821330128649f5 | |
| dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1) | |
| dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2) | |
| dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8) | |
| dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000) | |
| dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000) | |
| dwFlags = CA_VERIFY_FLAGS_SAVE_CHAIN (0x80000000) | |
| ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000) | |
| HCCE_LOCAL_MACHINE | |
| CERT_CHAIN_POLICY_BASE | |
| -------- CERT_CHAIN_CONTEXT -------- | |
| ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
| ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) | |
| ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) | |
| SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
| SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) | |
| SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) | |
| CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040 | |
| Issuer: CN=Sectigo ECC Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB | |
| NotBefore: 2025-02-04 19:00 | |
| NotAfter: 2026-02-05 18:59 | |
| Subject: CN=github.com | |
| Serial: ab6686b5627be80596821330128649f5 | |
| SubjectAltName: DNS Name=github.com, DNS Name=www.github.com | |
| Cert: e43371ddd6914a75b61f9e4f746d9bf0dd26fc3a | |
| Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
| Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
| Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40) | |
| Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000) | |
| ---------------- Certificate AIA ---------------- | |
| Verified "Certificate (0)" Time: 0 e84990cb9bf8e3ab0bcae8a649cb30fe4dc4d767 | |
| [0.0] http://crt.sectigo.com/SectigoECCDomainValidationSecureServerCA.crt | |
| ---------------- Certificate CDP ---------------- | |
| No URLs "None" Time: 0 (null) | |
| ---------------- Certificate OCSP ---------------- | |
| Unsuccessful "OCSP" Time: 0 8c015d80b8a23f780bdd215dc842b0f5551f63bd | |
| [0.0] http://ocsp.sectigo.com | |
| -------------------------------- | |
| Issuance[0] = 1.3.6.1.4.1.6449.1.2.2.7 | |
| Issuance[1] = 2.23.140.1.2.1 | |
| Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
| Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication | |
| CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0 | |
| Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US | |
| NotBefore: 2018-11-01 19:00 | |
| NotAfter: 2030-12-31 18:59 | |
| Subject: CN=Sectigo ECC Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, S=Greater Manchester, C=GB | |
| Serial: f3644e6b6e0050237e0946bd7be1f51d | |
| Cert: e84990cb9bf8e3ab0bcae8a649cb30fe4dc4d767 | |
| Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2) | |
| Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
| ---------------- Certificate AIA ---------------- | |
| Verified "Certificate (0)" Time: 0 ca7788c32da1e4b7863a4fb57d00b55ddacbc7f9 | |
| [0.0] http://crt.usertrust.com/USERTrustECCAddTrustCA.crt | |
| ---------------- Certificate CDP ---------------- | |
| Verified "Base CRL (166f)" Time: 0 344a58c4864ffb5a35f622c49ea411f74f8f689c | |
| [0.0] http://crl.usertrust.com/USERTrustECCCertificationAuthority.crl | |
| ---------------- Base CRL CDP ---------------- | |
| No URLs "None" Time: 0 (null) | |
| ---------------- Certificate OCSP ---------------- | |
| Verified "OCSP" Time: 0 9ee6dd774ae4315b4455c7df579b44a7d51854cb | |
| [0.0] http://ocsp.usertrust.com | |
| -------------------------------- | |
| CRL (null): | |
| Issuer: CN=OCSP Signer, O=Sectigo Limited, C=GB | |
| ThisUpdate: 2025-02-01 11:38 | |
| NextUpdate: 2025-02-08 11:38 | |
| CRL: 962b810892a7edce0ffffec175df51e5830189ad | |
| Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
| Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication | |
| CertContext[0][2]: dwInfoStatus=10c dwErrorStatus=0 | |
| Issuer: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US | |
| NotBefore: 2010-01-31 19:00 | |
| NotAfter: 2038-01-18 18:59 | |
| Subject: CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US | |
| Serial: 5c8b99c55a94c5d27156decd8980cc26 | |
| Cert: d1cbca5db2d52a7f693b674de5f05a1d0c957df0 | |
| Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4) | |
| Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8) | |
| Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100) | |
| ---------------- Certificate AIA ---------------- | |
| No URLs "None" Time: 0 (null) | |
| ---------------- Certificate CDP ---------------- | |
| No URLs "None" Time: 0 (null) | |
| ---------------- Certificate OCSP ---------------- | |
| No URLs "None" Time: 0 (null) | |
| -------------------------------- | |
| Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication | |
| Application[1] = 1.3.6.1.5.5.7.3.3 Code Signing | |
| Application[2] = 1.3.6.1.4.1.311.10.3.4 Encrypting File System | |
| Application[3] = 1.3.6.1.5.5.7.3.4 Secure Email | |
| Application[4] = 1.3.6.1.5.5.7.3.6 IP security tunnel termination | |
| Application[5] = 1.3.6.1.5.5.7.3.7 IP security user | |
| Application[6] = 1.3.6.1.5.5.7.3.1 Server Authentication | |
| Application[7] = 1.3.6.1.5.5.7.3.8 Time Stamping | |
| EV[0] = 1.3.6.1.4.1.6449.1.2.1.5.1 | |
| EV[1] = 2.23.140.1.3 | |
| Exclude leaf cert: | |
| Chain: 90ebde8ddd1d80806ee4d4952adf4c3c00d1999f | |
| Full chain: | |
| Chain: d06d7e22629211021283029e04385928efcc948c | |
| ------------------------------------ | |
| Verified Issuance Policies: | |
| 1.3.6.1.4.1.6449.1.2.2.7 | |
| 2.23.140.1.2.1 | |
| Verified Application Policies: | |
| 1.3.6.1.5.5.7.3.2 Client Authentication | |
| 1.3.6.1.5.5.7.3.1 Server Authentication | |
| Cert is an End Entity certificate | |
| ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE) | |
| CertUtil: The revocation function was unable to check revocation because the revocation server was offline. | |
| CertUtil: -verify command completed successfully. | |
| PS C:\temp> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment