-
Learn More
Deliberate delayed revocation: a security risk
Blog Post from Sectigo
Blog Post Feb 25, 2025Deliberate delayed revocation weakens security and trust. Sectigo calls on CAs to prioritize immediate revocation and protect the integrity of the web PKI
-
Listen Now
EPISODE 416
Broadcast Date:
August 30, 202423 minutes
Podcast Aug 30, 2024Root Causes 416: Subscriber Restraining Order Prevents Revocation
An enterprise SSL subscriber recently used a Temporary Restraining Order to prevent the proper revocation of misissued certificates. We explain.
-
Listen Now
EPISODE 414
Broadcast Date:
August 23, 202412 minutes
Podcast Aug 23, 2024Root Causes 414: What Are the Revocation Periods for Public Certs?
We detail mandatory revocation periods for leaf certificates and intermediates and explain when a 24-hour versus a 120-hour revocation deadline applies.
-
Listen Now
EPISODE 385
Broadcast Date:
May 10, 202412 minutes
Podcast May 10, 2024Root Causes 385: Failed Revocation and Wildcard Certificates
We discuss misuse of wildcard certificates, failure to revoke on time, and how these two failures magnify each other.
-
Listen Now
EPISODE 383
Broadcast Date:
May 2, 202425 minutes
Podcast May 02, 2024Root Causes 383: Delayed Revocation Events by the Numbers
An epidemic of delayed revocations has infected the public CA community. We track delayed revocations since the beginning of 2021 and discuss root causes.
-
Learn More
What is certificate revocation & when should an SSL cert be revoked?
Blog Post from Sectigo
Blog Post Apr 29, 2024Digital certificates drive security. Lifecycle management, including revocation, prevents vulnerabilities. Understand its purpose and importance.
-
Listen Now
EPISODE 377
Broadcast Date:
April 11, 202417 minutes
Podcast Apr 11, 2024Root Causes 377: Is CPS/Issuance Misalignment a Revocation Event?
If you issue public certificates that are fully compliant except they don't reflect what your CPS says, are they misissued? Do they require revocation?
-
Listen Now
EPISODE 313
Broadcast Date:
June 23, 202316 minutes
Podcast Jun 23, 2023Root Causes 313: SSL Revocation Reason Codes
We explain the allowed public SSL revocation reason codes, along with some explicitly forbidden reason codes and the backstory behind them.
-
Listen Now
EPISODE 272
Broadcast Date:
January 27, 202312 minutes
Podcast Jan 27, 2023Root Causes 272: OCSP's Privacy Problem
Concerns recently have been raised about OCSP real-time certificate checking and its potential to violate privacy.
-
Listen Now
EPISODE 157
Broadcast Date:
March 19, 202112 minutes
Podcast Mar 19, 2021Root Causes 157: New Revocation Research
Research of public revocation information examines revocation behavior from public CAs. Listen for the main takeaways and "revocation transparency."
-
Listen Now
EPISODE 131
Broadcast Date:
November 30, 202017 minutes
Podcast Nov 30, 2020Root Causes 131: Apple OCSP Slowdown Explained
Apple's Big Sur OS rollout drove a slowdown in the company's OCSP responders, affecting all Apple operating systems. We explain what happened and why.
-
Listen Now
EPISODE 106
Broadcast Date:
July 14, 202027 minutes
Podcast Jul 14, 2020Root Causes 106: Massive Intermediate Certificate Distrust on the Way
14 public CAs have to revoke intermediates and destroy their keys, putting millions of active SSL, S/MIME, and other public certificates at risk.