Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

1000-sans cert expired on Feb 17 2019 #383

Closed
robrich opened this issue Feb 21, 2019 · 8 comments
Closed

1000-sans cert expired on Feb 17 2019 #383

robrich opened this issue Feb 21, 2019 · 8 comments

Comments

@robrich
Copy link

robrich commented Feb 21, 2019

Because this certificate is expired, it's actually testing the expired cert case rather than the 1,000 sans case.
@erickt erickt mentioned this issue Mar 1, 2019
Closed
@mimi89999
Copy link

Any news on this? Will this certificate ever get renewed?

@april
Copy link
Collaborator

april commented Jun 26, 2019

I haven’t found a good way to get them renewed. Thankfully, they’re mostly for UI tests and so are fine with verification turned off.

If someone can get a CA to help, that would be amazing.

@robrich
Copy link
Author

robrich commented Jun 26, 2019

Are CAs balking because they don't like building certs with specifically bad details? Or is this a cost issue in buying this many certs?

@dangeredwolf
Copy link

They still haven't updated this.

@april
Copy link
Collaborator

april commented Aug 16, 2019

Yes, it’s a cost issue. It would be tens of thousands of dollars without support from a CA. Since it’s mostly used for seeing how UX’s break, it shouldn’t be a big deal that it’s expired, as you can always manually trust it.

@robrich
Copy link
Author

robrich commented Aug 16, 2019

@april can we leverage Let's Encrypt for this? A quick node script we run once-a-month that pulls all the certs and saves them into a static site could work. I could help with a bit of research on their limits (1,000 SANs, revoking, etc)

@april
Copy link
Collaborator

april commented Aug 16, 2019

Let’s Encrypt limits you to 100 domains per certificate unfortunately.

lgarron added a commit that referenced this issue Oct 5, 2019
@lgarron
Update chain for subdomain-1000-sans.pem. Closes #383.
0bab678
@christhompson
Copy link
Collaborator

This is now deployed. We were able to get a new 1000-sans cert from DigiCert.

april added a commit to april/badssl.com that referenced this issue Jan 16, 2020
@april
Merge branch 'master' of https://github.com/chromium/badssl.com
8dec8b6 
* 'master' of https://github.com/chromium/badssl.com: (175 commits)
  Add (known|blocked)-interception.badssl.com tests (chromium#423)
  Update `10000-sans`. (chromium#420)
  Rename subdomain-no-sct.crt to subdomain-no-sct.pem
  Add missing common in sets.js
  Mark DHE as bad or dubious (chromium#398)
  Add `no-sct.badssl.com`. Addresses chromium#275. (chromium#409)
  Update chain for `subdomain-1000-sans.pem`. Closes chromium#383. (chromium#408)
  Update `subdomain-revoked.pem`. Addresses chromium#404. (chromium#410)
  Add page with 🔒 in title (chromium#388)
  Explicitly send the self-signed root for untrusted-root (chromium#397)
  [web-payment] Print API return values and exceptions in the footer. (chromium#392)
  Tweak formatting for client cert passwords (chromium#385)
  Add descriptions to the dashboard sections. (chromium#371)
  Remove hyphens from dh domain pages. Fixes chromium#379 (chromium#380)
  Add incomplete chain description in footer. (chromium#366)
  Fix redirect port for `tls-v1-2`. (chromium#362)
  Export environment variables in the Makefile (chromium#355)
  Flip cert chain order for wildcard-rsa4096.pem (chromium#353)
  Add EV certificate (chromium#352)
  Update subdomain-extended-validation.conf
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@christhompson @april @robrich @dangeredwolf @mimi89999