Keeping track of revoked website SSL/TLS certificates is an ongoing, thorny problem for web browsers. OCSP checking is slow and insecure, online OCSP checks frequently fail, and most websites have not yet implemented OCSP Must-Staple. For these reasons, web browsers have established their own programs aimed at reducing or eliminating the need for online revocation checking.
Our new article summarizes the validation checking strategies of the most popular desktop web browsers, and includes a small test that compares the responses of Chrome, Firefox, Safari, and Edge to four sample revoked SSL.com certificates.
After reading the article, you’ll have a better understanding of how the different browsers handle revoked certificates, and why some revoked certificates may go undetected.