This site (https://ssptrades.com) is currently giving me SSL problems... but only PC Firefox.
I can tell the certificate is TSL 1.2 by looking at it in another browser...would that be a problem? If it is how can I generate a certifcate or certificate request for TLS 1.3 using IIS?
This is the error on pc firefox 81.0.2 (64 bit)
An error occurred during a connection to ssptrades.com. Peer’s Certificate has been revoked.
Error code: SEC_ERROR_REVOKED_CERTIFICATE
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
I can't tell why neither Chrome nor Edge check the revocation status, but Firefox is right. The certificate was revoked on Nov. 5 since GoDaddy believes that ssptrades.com has stopped operations.
Save the certificate of ssptrades.com to the file site.cer, and the issuer's certificate to the file gd1.cer
Obtain the URL to OCSP service:
openssl x509 -noout -ocsp_uri -in site.cer
Output: http://ocsp.godaddy.com/
openssl ocsp -issuer gd1.cer -cert site.cer -text -url http://ocsp.godaddy.com/
(shortened) output:
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: C = US, ST = Arizona, L = Scottsdale, O = GoDaddy Inc., CN = Go Daddy Validation Authority - G2
Produced At: Nov 6 20:11:53 2020 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: B6080D5F6C6B76EB13E438A5F8660BA85233344E
Issuer Key Hash: 40C2BD278ECC348330A233D7FB6CB3F0B42C80CE
Serial Number: 54FC3E8F69D995CF
Cert Status: revoked
Revocation Time: Nov 5 20:08:54 2020 GMT
Revocation Reason: cessationOfOperation (0x5)
The last threee lines tell us: the certificate was revoked on Nov 5, the reason is "cessation of operations" (code 0x5)