why does my secure ssl page give Error code: sec_error_revoked_certificate even though certificate is current and all links/stylesheets/etc are secure

Question

I've noticed that this question has been asked several times but none of the results provide a solution to my problem.

I am developing a website for a client. The website is http://www.entirelyintimate.com. It is a dropshipping website that uses Paypal Pro for their checkout process.

We purchased and installed the SSL from Godaddy. According to an SSL checker website, the chain and installation appears to be correct.

I removed all insecure content on the pages that need to be secured 1 example - https://www.entirelyintimate.com/checkout-complete

I checked the page on - whynopadlock.com and it appears to be good there.

But... I still receive the dreaded Error code: sec_error_revoked_certificate I am pretty new to SSL so I could be overlooking something basic. Any help would be appreciated.

p.s. This community is really great. I come lurking here all of the time when I have questions. I do an automatic click when I see this website in the Google search results.

Answer 1

sec_error_revoked_certificate means that the certificate has been revoked.

Your certificate may be issued by a CA trusted by your browser and valid in time, but the CA may have revoked it, and your client is checking for revocation (which is recommended).

Certificate revocation is a mechanism that makes it possible to invalidate a certificate before its normal expiry time. Checking for revocation can be done via CRL or OCSP by the clients.

Typically, certificates are revoked upon request from the entity corresponding to that cert (i.e. the user or the server admin) if the private key has been compromised, if the CA decides the validating data wasn't sufficient after all, or perhaps automatically if the CA issues another certificate to the same entity.

A possible cause for the problem could be that you might have re-keyed your certificate, thereby making your CA revoke the old one. If you're still using the old one inadvertently (perhaps it's still available to your server in its keystore or equivalent) this error could happen.

Qualys SSL Labs's SSL checker is generally a more complete tool for checking your SSL/TLS configuration. It seems to indicate that your certificate has indeed been revoked.