Is your browser configured to check for cert revocation?

Shintaro · Apr 27, 2014

Use Steve Gibsons site HERE to check that your browser is checking for certificate revocation.

In FireFox
Tools -> Options -> Advanced -> Certificates -> Validation

Today, only one browser offers
you the choice to be totally safe:

Firefox today offers what could be described as “Must OCSP.” If you enable the second option, you will be completely protected at the theoretical cost of false positive blocks.
We have always had it enabled and have never encountered a single false positive.

clifford_cooley · Apr 27, 2014

Can you explain the importance of certificates? I shamefully admit, to knowing nothing about them.

Shintaro · Apr 27, 2014

Web site Certificates obtained from a certificate authority ensure that you are indeed communicating with who you think you are communicating with. For example it would be a bad thing if you thought you were communicating with Paypal only to find out it was some site in Russia that was stealing all your money.
Some basic terms are explained HERE.

By encrypting the communication between you and a Trusted web site, there is no chance that anyone can intercept (sit between you and the Trusted web site (Also known as the man-in-the-middle)) and steal your data. Because all they will see is seemingly random text.

The problem with not checking for revocation of Certificates, is that you are not sure if you are talking with the web site, that you think you are. For example you think it's Paypal.com but it is actually Paypal.ru.

I use the Firefox addon HTTPS Everywhere so that I can use encrypted communication as much as possible.

Hope this helps.

clifford_cooley · Apr 27, 2014

Can the certificates not be spoofed the same as email and site pages? Maybe I should just read a few of your links before asking any further questions.

Shintaro · Apr 27, 2014

No, but there can be problems if the CA (Certificate Authority) is breached.
HERE is a answer to your spoofing question.

HERE is a Microsoft Security Advisory that was issued when Comodo issued Certificates when it shouldn't have. HERE is Comodo owning up to the breach.

Which is why it is important that your browser checks for the revocation of certificates.

clifford_cooley · Apr 28, 2014

Thanks @Shintaro! That is not hard to understand, I just didn't know anything about it.

Shintaro · Apr 28, 2014

Mate,

Happy to help. Sharing information is important for everyone.

browser history	0	Jan 25, 2017
SOLVED Canon Zoombrowser update software	1	Jun 29, 2016
Browsers cannot connect to anywhere	1	Nov 5, 2015
SOLVED An uninvited row of '+'s in browser window.	3	Dec 30, 2014
Browser hijacking and endless ads	1	Nov 20, 2014
"Startup.com" virus on all my browsers	6	Nov 16, 2013
torbrowser in a VM	0	Nov 1, 2013
SOLVED I went to firefox browser and lost my favorites button	2	Oct 20, 2013

Is your browser configured to check for cert revocation?

Shintaro

clifford_cooley

Shintaro

clifford_cooley

Shintaro

clifford_cooley

Shintaro

Ask a Question

Similar Threads