Hacker News new | ask | show | jobs
by mtmail 2017 days ago
We had downtime once the certificate of the issuer of ours expired. Thus the SSL trust "chain" was broken an browsers no longer accepted our SSL certificate.

(Of course they annouced that via some channels, which our SSL reseller forgot to forward.)

A useful addition, or premium feature, would be to also scan the SSL certificate chain.
1 comments
robertbalent 2017 days ago
Thank you for the feedback. You are right, checking the whole chain is important.

I'm already partially supporting this but need to do few changes.

The intermediate certificates returned when making the request are checked. The system will use the earliest expiration time.

However, the root certificate (which is stored locally) is not checked.

I'll add the feature and update the documentation.

Thanks.

link
robertbalent 2016 days ago
Made an update and now the expiration time of all certificates in the certificate chain is checked.

Thanks!

link