+ Post New Thread
Results 1 to 7 of 7
Internet Related/Filtering/Firewall Thread, Legitimatly bypass revoked certificate in Technical; Hi everyone, I renewed our website/exchange/etc SSL certificate last week and updated it on most servers. However I missed one, ...
  1. #1

    Join Date
    Apr 2008
    Location
    Keighley, West Yorks
    Posts
    416
    Thank Post
    59
    Thanked 67 Times in 53 Posts
    Rep Power
    25

    Question Legitimatly bypass revoked certificate

    Hi everyone,

    I renewed our website/exchange/etc SSL certificate last week and updated it on most servers.

    However I missed one, and GoDaddy have now revoked the old one. Unfortunately the server it covers is Linux-based and the interface for updating settings is web-based - but I can't get at it cos the certificate expired!

    Is there a temporary way of allowing myself access to my own site whilst I swap the certificate, or am I stuck? (I've emailed support for the company, but waiting for a reply) I tried adding it to my Trusted Sites, but that still doesn't let me in.

    I searched Google, but all responses are quite rightly 'no' to the non-techie people who don't understand the risks and are fed up of cert warnings on sites. Hence trying here for a techie answer, if one exists?

    Peter

  2. #2

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    Can you find out the crl site for the cert and block that through a hosts file or something on just the one station to mask the revocation, what browser as you can wind the settings right down on some, Firefox seems to be the least cautious about certs by default.

  3. Thanks to SYNACK from:

    howartp (7th April 2014)

  4. #3

    featured_spectre's Avatar
    Join Date
    Nov 2008
    Posts
    12,491
    Thank Post
    1,684
    Thanked 2,047 Times in 1,490 Posts
    Blog Entries
    2
    Rep Power
    462
    Have a word with godaddy. They should be able to get a temp cert up for you.

  5. #4

    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,252
    Thank Post
    427
    Thanked 671 Times in 417 Posts
    Rep Power
    273
    Quote Originally Posted by howartp View Post
    Hi everyone,

    I renewed our website/exchange/etc SSL certificate last week and updated it on most servers.

    However I missed one, and GoDaddy have now revoked the old one. Unfortunately the server it covers is Linux-based and the interface for updating settings is web-based - but I can't get at it cos the certificate expired!

    Is there a temporary way of allowing myself access to my own site whilst I swap the certificate, or am I stuck? (I've emailed support for the company, but waiting for a reply) I tried adding it to my Trusted Sites, but that still doesn't let me in.

    I searched Google, but all responses are quite rightly 'no' to the non-techie people who don't understand the risks and are fed up of cert warnings on sites. Hence trying here for a techie answer, if one exists?

    Peter
    Isn't this just a browser issue? Usually if a certificate is untrusted you can select to go through anyway. Is there a command line alternative?

  6. #5

    Join Date
    Apr 2008
    Location
    Keighley, West Yorks
    Posts
    416
    Thank Post
    59
    Thanked 67 Times in 53 Posts
    Rep Power
    25
    Quote Originally Posted by SYNACK View Post
    Can you find out the crl site for the cert and block that through a hosts file or something on just the one station to mask the revocation, what browser as you can wind the settings right down on some, Firefox seems to be the least cautious about certs by default.
    Thanks Synack, that was a good idea that I would have followed through if support hadn't rung back.

    Quote Originally Posted by nephilim View Post
    Have a word with godaddy. They should be able to get a temp cert up for you.
    Unfortunately that wouldn't have helped because I still couldn't get into the web interface to add the temp cert - I already have the new one ready to go, I just couldn't get in to install it.

    Quote Originally Posted by AMLightfoot View Post
    Isn't this just a browser issue? Usually if a certificate is untrusted you can select to go through anyway. Is there a command line alternative?
    If a certificate is untrusted or expired, you can generally click through. If it's been revoked (which is different to simply expiring) then most browsers seem to stop you.

    I have however had a reply from Support. In IE, you can go to Tools > Internet Options > Advanced > Security and untick 'Check for publishers certificate revocation' and 'Check for servers certificate revocation' and reboot your PC. This has the same effect as Synack's suggestion, and lets you click through as AMLightfoot thought.

    Worth noting (as pointed out by Support) that iOS and OSX don't seem to have this setting ticked by default so if I was onsite I could have used my iPhone or iPad to do this reasonably easily.

    Peter

  7. #6

    glennda's Avatar
    Join Date
    Jun 2009
    Location
    Sussex
    Posts
    7,821
    Thank Post
    272
    Thanked 1,140 Times in 1,036 Posts
    Rep Power
    351
    What AV are you using? I had this issue with a client and Vipre AV blocking in (rebadged GFI it was but vipre at the core). If it is disable the services.

  8. #7

    AMLightfoot's Avatar
    Join Date
    Feb 2011
    Location
    Hampshire, England
    Posts
    2,252
    Thank Post
    427
    Thanked 671 Times in 417 Posts
    Rep Power
    273
    Quote Originally Posted by howartp View Post
    If a certificate is untrusted or expired, you can generally click through. If it's been revoked (which is different to simply expiring) then most browsers seem to stop you.

    I have however had a reply from Support. In IE, you can go to Tools > Internet Options > Advanced > Security and untick 'Check for publishers certificate revocation' and 'Check for servers certificate revocation' and reboot your PC. This has the same effect as Synack's suggestion, and lets you click through as AMLightfoot thought.

    Worth noting (as pointed out by Support) that iOS and OSX don't seem to have this setting ticked by default so if I was onsite I could have used my iPhone or iPad to do this reasonably easily.

    Peter
    This was the feature to which I was referring - I have a feeling (unconfirmed) that Firefox might be able to do this without a reboot - Under the Advanced settings in the Certificates tab you can play about with the validation rules. Depends on whether this is broken by your GP or not.



SHARE:
+ Post New Thread

Similar Threads

  1. [SIMS] Macro Security - Certificate revoked
    By HCC in forum MIS Systems
    Replies: 6
    Last Post: 29th April 2013, 05:48 PM
  2. Creating SSL certificates.
    By Dos_Box in forum Windows
    Replies: 28
    Last Post: 11th November 2007, 10:22 PM
  3. Proxy Bypass Websites
    By ticker in forum Windows
    Replies: 13
    Last Post: 24th May 2006, 10:28 AM
  4. Certification
    By OverWorked in forum General Chat
    Replies: 29
    Last Post: 1st September 2005, 11:10 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •