Closed Bug 1128368 Opened 5 years ago Closed 5 years ago

Revoked cert on services.addons.mozilla.org breaks about:addons

Categories

(Cloud Services :: Operations: Marketplace, task, major)

task
Not set
major

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: laura, Assigned: jason)

References

Details

Attachments

(2 files)

I saw a report on twitter about a revoked cert on SAMO:
https://twitter.com/lusis/status/562064553081847809
and could reproduce the problem, as could ashish. clouserw can't repro: he sees the cert expiring in 2016.
Attached image cert1.png
Thanks for filing, Laura.  I was talking about expiration but it looks like that tweet is actually about revocation which would be something else.  I can't reproduce this, but will attach a screenshot of the cert I'm seeing.

For me, I load https://services.addons.mozilla.org/en-US/firefox/discovery/pane/8.0.1/Darwin and I see the attached cert.
Duplicate of this bug: 1128369
Summary: Reports of revoked cert on services.addons.mozilla.org → Revoked cert on services.addons.mozilla.org breaks about:addons
Duplicate of this bug: 1128370
(In reply to Ashish Vijayaram [:ashish] from comment #1)
> https://www.ssllabs.com/ssltest/analyze.html?d=services.addons.mozilla.org
> reports "Revocation status 	Revoked   INSECURE"

This also affects versioncheck-bg.addons.mozilla.org, versioncheck.addons.mozilla.org which are used for automatic/manual addons update in Firefox.
The same problem also disallows to perform sync in firefox.
Attached image addons-revoked.png
User-facing version of the error
Duplicate of this bug: 1128450
Until this is resolved, a quick fix is to turn off the OCSP protocol validation.
>You can bypass this by going to Pref->Advanced->Certificates and turn off the OCSP protocol validation.
As outlined on the Linux Mint Forum. http://forums.linuxmint.com/viewtopic.php?t=188768&p=977518#p977518

I can both confirm this bug, on Windows 7, and confirm that the work-around works.
Assignee: nobody → jthomas
Thanks for the report!

Our Geotrust/Symantec issued certificate was revoked earlier today. I verified via the CRL provided at http://SVRSecure-G3-crl.verisign.com/SVRSecureG3.crl

Serial Number: 5D0596A315ACB95B79C31BD4DFC7046B
Revocation Date: Feb  2 01:10:00 2015 GMT

After contacting support they had stated that our SSL product expired and was then revoked.

I've installed a new certificate on services.addons.mozilla.org and versioncheck.addons.mozilla.org. Let me know if you continue to have issues.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Looks like it is fixed.
You need to log in before you can comment on or make changes to this bug.