Example of live site with trusted, signed but revoked certificate?

Question

I'm drawing up some documentation for users with the intent on educating them on certificate revocation. I would like to include screen shots of browsers to demonstrate the user experience when encountering a revoked cert. The revocation can occur via either OCSP or CRL.

I've tried digging around CRLs, but they list the serial number of a certificate and don't provide a URL for me to try connecting.

Could someone provide a URL to a live site with a non-self-signed but revoked cert? Or perhaps there's a way to look up certs in a CRL and cross reference them to a URL?

Brent Writes Code · Answer 1 · 2016-09-16T22:57:38.593

19

Here's a second in case anyone else stumbles upon this question (my company firewall blocks port 2443 outbound):

https://revoked.grc.com/

EDIT: This is a VERY belated update, but I just discovered:

https://badssl.com/

Which, at least for me, has everything I needed to test.

edited Sep 16 '16 at 22:57

answered Nov 17 '14 at 23:11

Brent Writes Code

321

score 11 · Accepted Answer · answered Apr 04 '11 at 15:02

11

Does this one fit the bill? https://test-sspev.verisign.com:2443/test-SSPEV-revoked-verisign.html

answered Apr 04 '11 at 15:02

mahnsc

1,814

score 6 · Answer 3 · edited Jan 24 '18 at 13:57

6

The DigiCert Trusted Root Authority Certificates page contains links to hosts with revoked certificates (look for the text “Demo Sites for Root” on that page).

You can find a revoked EV certificate under DigiCert High Assurance EV Root CA → Demo Sites for Root → Revoked.

edited Jan 24 '18 at 13:57

Andrew Schulman

9,142

answered Jan 24 '18 at 13:36

hasseg

161

score 1 · Answer 4 · answered Sep 12 '22 at 22:41

1

List of testing web pages with valid, expired or revoked TLS certificates: https://crt.sh/test-websites

answered Sep 12 '22 at 22:41

L.R.

785

Example of live site with trusted, signed but revoked certificate?

4 Answers4