badssl.com icon indicating copy to clipboard operation
badssl.com copied to clipboard

Published 20 hours ago verified publisher icon chromium

must-staple.badssl.com

Open april opened this issue 9 years ago • 7 comments

Related to #17 , Firefox Nightly now has support for the TLS must-staple extension.

It would be great to add must-staple.badssl.com, so we can use it as a test site. I'm talking with our COMODO contact, to see if they can issue a cert with the proper extension.

If they can, do you mind me sending an email looping in him, your The SSL Store guy, and yourself? Or is there another way that you would prefer me to handle it?

april avatar Nov 17 '15 18:11 april

Since 1000[0]-sans worked well, I leave it up to you. :-)

lgarron avatar Nov 18 '15 21:11 lgarron

Publicly-trusted certificates are now online: https://must-staple.serverhello.com https://must-staple-no-ocsp.serverhello.com

selecadm avatar Dec 07 '15 20:12 selecadm

@lgarron, how's it going on requesting a cert with must-staple? Comodo certainly supports it through their usual channels these days. :)

april avatar Feb 10 '16 15:02 april

must-staple.badssl.com certificate doesn't seem to have must-staple extension. Is it configured properly, any update?

bhushan5640 avatar Jul 05 '16 16:07 bhushan5640

I don't think it's yet implemented, hence the error.

april avatar Jul 05 '16 16:07 april

No update, it's just not a priority.

If you look at the certificate you get when you visit https://must-staple.badssl.com/, you'll find that it's our fallback certificate.

lgarron avatar Jul 05 '16 22:07 lgarron

I recently visited a website with Must-Staple but no OCSP staple information. This result in a very hard to understand ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome.

It would be great if there's a must-staple-no-ocsp.badssl.com to test with the error.

yegle avatar Feb 25 '21 04:02 yegle