|
Title: Dwolla's SSL certificate has been revoked Post by: rate5 on July 22, 2012, 02:04:49 AM Anyone else getting a "certificate has been revoked" message when they visit https://www.dwolla.com (https://www.dwolla.com) ?
http://i47.tinypic.com/aljfb7.png Title: Re: Dwolla's SSL certificate has been revoked? Post by: finkleshnorts on July 22, 2012, 02:05:54 AM yep
Title: Re: Dwolla's SSL certificate has been revoked? Post by: eleuthria on July 22, 2012, 02:06:41 AM Not getting that warning on my end, using Chrome. Certificate signed by VeriSign, and valid thru June 2013.
Title: Re: Dwolla's SSL certificate has been revoked? Post by: Gladamas on July 22, 2012, 02:06:53 AM Hmm. I'm in Washington State, U.S.A., it seems fine here. Using Chrome on Windows 7.
Title: Re: Dwolla's SSL certificate has been revoked? Post by: BCB on July 22, 2012, 02:08:02 AM Not getting that warning on my end, using Chrome. Certificate signed by VeriSign, and valid thru June 2013. Only on Firefox "Peer's Certificate has been revoked." Title: Re: Dwolla's SSL certificate has been revoked? Post by: sadpandatech on July 22, 2012, 02:08:53 AM I'm getting the error here on Chrome(latest version and proper fucking settings :-* ) win 7 64 and on IE9 and in Firefox 14.01;
Secure Connection Failed An error occurred during a connection to www.dwolla.com. Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate) Title: Re: Dwolla's SSL certificate has been revoked? Post by: EnergyVampire on July 22, 2012, 02:10:25 AM I'm getting revoked certificate on FireFox & Opera.
Title: Re: Dwolla's SSL certificate has been revoked? Post by: rate5 on July 22, 2012, 02:11:30 AM Not getting that warning on my end, using Chrome. Certificate signed by VeriSign, and valid thru June 2013. Looks like some versions of Chrome no longer check revoked SSL certificates: https://www.computerworld.com/s/article/9224078/Google_Chrome_will_no_longer_check_for_revoked_SSL_certificates_online (https://www.computerworld.com/s/article/9224078/Google_Chrome_will_no_longer_check_for_revoked_SSL_certificates_online) Title: Re: Dwolla's SSL certificate has been revoked? Post by: sadpandatech on July 22, 2012, 02:17:15 AM Not getting that warning on my end, using Chrome. Certificate signed by VeriSign, and valid thru June 2013. Looks like some versions of Chrome no longer check revoked SSL certificates: https://www.computerworld.com/s/article/9224078/Google_Chrome_will_no_longer_check_for_revoked_SSL_certificates_online (https://www.computerworld.com/s/article/9224078/Google_Chrome_will_no_longer_check_for_revoked_SSL_certificates_online) aye, it does not check revokes in real time any more, but should update the list of revokes if you have the updates on in Chrome.. Title: Re: Dwolla's SSL certificate has been revoked? Post by: sadpandatech on July 22, 2012, 02:19:53 AM strange there is nothing popping up on google about it. Anyone check the CA server, etc? Is it a fluke or Dwolla being hacked or what?
Title: Re: Dwolla's SSL certificate has been revoked? Post by: ArticMine on July 22, 2012, 02:23:44 AM Yes verified on Firefox 14.01 (Ubuntu 12.04)
IE 9 (Windows 7) GNOME Web Browser 2.22.2 (gNewSense 2.3) Title: Re: Dwolla's SSL certificate has been revoked? Post by: Kluge on July 22, 2012, 02:23:54 AM From Symantic/Verisign:
www.dwolla.com is successfully secured by an SSL certificate. The following certificates are correctly installed: ------Certificate 1------ --Issued To-- Organization: Dwolla Corp. Organizational Unit: Terms of use at www.verisign.com/rpa (c)05 Organizational Unit 2: Online Services Common Name: www.dwolla.com Locale: Des Moines, Iowa Country: US --Issued By-- Organization: VeriSign,, Inc. Organizational Unit: Terms of use at https://www.verisign.com/rpa (c)06 Organizational Unit 2: VeriSign Trust Network Common Name: VeriSign Class 3 Extended Validation SSL SGC CA Country: US Valid from Mon Jun 20 20:00:00 EDT 2011 to Thu Jun 20 19:59:59 EDT 2013 Serial Number (hex): 2b2cb56f093c54a0f949376955ebc220 ------------------------- - -----Certificate 2------ --Issued To-- Organization: VeriSign,, Inc. Organizational Unit: Terms of use at https://www.verisign.com/rpa (c)06 Organizational Unit 2: VeriSign Trust Network Common Name: VeriSign Class 3 Extended Validation SSL SGC CA Country: US --Issued By-- Organization: VeriSign,, Inc. Organizational Unit: (c) 2006 VeriSign,, Inc. - For authorized use only Organizational Unit 2: VeriSign Trust Network Common Name: VeriSign Class 3 Public Primary Certification Authority - G5 Country: US Valid from Tue Nov 07 19:00:00 EST 2006 to Mon Nov 07 18:59:59 EST 2016 Serial Number (hex): 2c48dd930df5598ef93c99547a60ed43 ------------------------- ------Certificate 3------ --Issued To-- Organization: VeriSign,, Inc. Organizational Unit: (c) 2006 VeriSign,, Inc. - For authorized use only Organizational Unit 2: VeriSign Trust Network Common Name: VeriSign Class 3 Public Primary Certification Authority - G5 Country: US --Issued By-- Organization: VeriSign,, Inc. Organizational Unit: Class 3 Public Primary Certification Authority Country: US Valid from Tue Nov 07 19:00:00 EST 2006 to Sun Nov 07 18:59:59 EST 2021 Serial Number (hex): 250ce8e030612e9f2b89f7054d7cf8fd ------------------------- On another note... "Dwolla.com wants to track your physical location." ... That's new for me. Title: Re: Dwolla's SSL certificate has been revoked? Post by: bb113 on July 22, 2012, 02:24:43 AM I was literally just about to get around to deleting my account. It was the first time I visited the page in months. They sensed it.
Title: Re: Dwolla's SSL certificate has been revoked? Post by: EnergyVampire on July 22, 2012, 02:30:30 AM strange there is nothing popping up on google about it. Anyone check the CA server, etc? Is it a fluke or Dwolla being hacked or what? Sounds like the "disruptor" is getting disrupted. :P Dwolla hasn't commented on Twitter either, their last comment was about 1 hour ago. Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 02:32:01 AM Could it just be that the OCSP server is down and not able to check it? Not sure what OCSP servers there are or whether your browser has predefined ones it would sue or the site would point to one though....
Title: Re: Dwolla's SSL certificate has been revoked Post by: rjk on July 22, 2012, 02:35:02 AM Could it just be that the OCSP server is down and not able to check it? Not sure what OCSP servers there are or whether your browser has predefined ones it would sue or the site would point to one though.... No, because an OCSP error is usually a softfail, and will be noted as OCSP unreachable. This error means that specific action has been taken to revoke the certificate.Wonder if a hacker broke in. Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 02:50:06 AM Could it just be that the OCSP server is down and not able to check it? Not sure what OCSP servers there are or whether your browser has predefined ones it would sue or the site would point to one though.... No, because an OCSP error is usually a softfail, and will be noted as OCSP unreachable. This error means that specific action has been taken to revoke the certificate.Wonder if a hacker broke in. rgr. Since Symantic/Verisign list Dwolla has having a valid cert, what is the cert that is getting check and reporting as being revoked? Anyone able to grab the cert that is there now? Title: Re: Dwolla's SSL certificate has been revoked Post by: rjk on July 22, 2012, 02:55:45 AM Could it just be that the OCSP server is down and not able to check it? Not sure what OCSP servers there are or whether your browser has predefined ones it would sue or the site would point to one though.... No, because an OCSP error is usually a softfail, and will be noted as OCSP unreachable. This error means that specific action has been taken to revoke the certificate.Wonder if a hacker broke in. rgr. Since Symantic/Verisign list Dwolla has having a valid cert, what is the cert that is getting check and reporting as being revoked? Anyone able to grab the cert that is there now? Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 02:58:44 AM Could it just be that the OCSP server is down and not able to check it? Not sure what OCSP servers there are or whether your browser has predefined ones it would sue or the site would point to one though.... No, because an OCSP error is usually a softfail, and will be noted as OCSP unreachable. This error means that specific action has been taken to revoke the certificate.Wonder if a hacker broke in. rgr. Since Symantic/Verisign list Dwolla has having a valid cert, what is the cert that is getting check and reporting as being revoked? Anyone able to grab the cert that is there now? Verisign shows it as revoked; https://securitycenter.verisign.com/celp/enroll/searchCertDetails?issuerSerial=027604bed5c781846325897410d66ecc&application_locale=VRSN_US Title: Re: Dwolla's SSL certificate has been revoked Post by: rjk on July 22, 2012, 03:01:34 AM Verisign shows it as revoked; https://securitycenter.verisign.com/celp/enroll/searchCertDetails?issuerSerial=027604bed5c781846325897410d66ecc&application_locale=VRSN_US Link doesn't work for me; Serial that I have is 2b 2c b5 6f 09 3c 54 a0 f9 49 37 69 55 eb c2 20 ???Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 03:03:18 AM Verisign shows it as revoked; https://securitycenter.verisign.com/celp/enroll/searchCertDetails?issuerSerial=027604bed5c781846325897410d66ecc&application_locale=VRSN_US Link doesn't work for me; Serial that I have is 2b 2c b5 6f 09 3c 54 a0 f9 49 37 69 55 eb c2 20 ???link works OK; Verify Certificate Common Name: www.dwolla.com Status: Revoked Validity (GMT): Jun 21, 2011 - Jun 20, 2013 Class: Digital ID Class 3 - Extended Validation SGC FreeReplacement Organization: Dwolla Corp. Organizational Unit: Online Services Terms of use at www.verisign.com/rpa (c)05 State: Iowa City/Location: Des Moines Country: US Serial Number: 2b2cb56f093c54a0f949376955ebc220 Issuer Digest: 027604bed5c781846325897410d66ecc Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 03:04:27 AM Looks like they are already on it. New entry just appeared;
Verify Certificate Common Name: www.dwolla.com Status: Pending Renewal Validity (GMT): Jul 22, 2012 - Jul 22, 2014 Class: Digital ID Class 3 - Extended Validation SGC Renewal Organization: Dwolla Corp. Organizational Unit: Online Services Terms of use at www.verisign.com/rpa (c)05 State: Iowa City/Location: Des Moines Country: US Serial Number: 2c34739c28b93ac00ea3009662affcff Issuer Digest: 0d0a7f5229e7dacc9b3bbfb77bb9fc6a Title: Re: Dwolla's SSL certificate has been revoked Post by: rjk on July 22, 2012, 03:06:15 AM link works OK; Continue session Error Due to inactivity and for security reasons, your user session has timed out. Click Continue to go to the VeriSign home page. Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 03:09:03 AM link works OK; Continue session Error Due to inactivity and for security reasons, your user session has timed out. Click Continue to go to the VeriSign home page. ahh, did not see the session ID on my end. hehe. Just put www.dwolla.com in the search here; https://securitycenter.verisign.com/celp/enroll/searchCertDetails? Title: Re: Dwolla's SSL certificate has been revoked Post by: rjk on July 22, 2012, 03:10:35 AM ahh, did not see the session ID on my end. hehe. System UnavailableJust put www.dwolla.com in the search here; https://securitycenter.verisign.com/celp/enroll/searchCertDetails? The system is currently not available. Please retry your request later. :P ;D I'm guessing you have a login somewhere? Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 03:13:40 AM ahh, did not see the session ID on my end. hehe. System UnavailableJust put www.dwolla.com in the search here; https://securitycenter.verisign.com/celp/enroll/searchCertDetails? The system is currently not available. Please retry your request later. :P ;D I'm guessing you have a login somewhere? https://securitycenter.verisign.com/celp/enroll/outsideSearch?application_locale=VRSN_US Title: Re: Dwolla's SSL certificate has been revoked Post by: EnergyVampire on July 22, 2012, 03:56:13 AM Dwolla on Twitter (23 minutes ago):
"Working with our partners at @verisign and @symantec to look into a certificate issue some of our users are reporting. Still secure. Edit: Linky www.twitter.com/dwolla/status/226882115516653568 Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 03:58:26 AM Dwolla on Twitter (23 minutes ago): "Working with our partners at @verisign and @symantec to look into a certificate issue some of our users are reporting. Still secure. I wonder if someone manged to guess their passphrase on verisign and hit revoke on it? Seems unlikely, but otherwise this is some really strange 'issue'.. Anyone with a cert of there own able to verify that just hitting 'options' and then entering your passphrase will give one the option to revoke from there on Verisign? Title: Re: Dwolla's SSL certificate has been revoked Post by: Gabi on July 22, 2012, 01:12:24 PM Same message here on my Firefox
sec_error_revoked_certificate :-\ Title: Re: Dwolla's SSL certificate has been revoked Post by: niko on July 22, 2012, 03:08:55 PM The issue is still there. According to Firefox, the certificate has been revoked. According to Android browser, it is valid, and the page loads. Doesn't Android check for revoked certificates?!
Title: Re: Dwolla's SSL certificate has been revoked Post by: Phinnaeus Gage on July 22, 2012, 03:21:35 PM I wonder if this is having any effect on pirateat40's business model. ;D
Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 04:22:00 PM WWW.DWOLLA.COM Pending Renewal Digital ID Class 3 - Extended Validation SGC Renewal Jul 22, 2012 to Jul 22, 2014
WWW.DWOLLA.COM Revoked Digital ID Class 3 - Extended Validation SGC Renewal Jun 21, 2011 to Jun 6, 2013 WWW.DWOLLA.COM Revoked Digital ID Class 3 - Extended Validation SGC FreeReplacement Jun 21, 2011 to Jun 20, 2013 I'm assuming from the 'free replacement' that is listed this happened to them before. Their new one is still pending. Title: Re: Dwolla's SSL certificate has been revoked Post by: Soros Shorts on July 22, 2012, 05:35:17 PM Looks like it is working now with a GoDaddy Class 2 cert. Probably a temporary fix until they get their green-bar cert working again.
Title: Re: Dwolla's SSL certificate has been revoked Post by: DublinBrian on July 22, 2012, 07:11:38 PM Call me a conspiracy theorist, but I believe this is The Powers That Be (TPTB) using their influence at Verisign to interfere with bitcoin.
A few months ago, I have had similar problems with Firefox telling me that the certificates were not valid on the Intersango, Mt Gox, and btc-e.com. Even today, my android phone will not let me use MtGox Mobile app due to some problem with the certificate. IMO TPTB use certificates authorities and anti-virus software like Norton to implement a casual form of website blacklisting. Title: Re: Dwolla's SSL certificate has been revoked Post by: unclemantis on July 22, 2012, 07:20:17 PM Call me a conspiracy theorist, but I believe this is The Powers That Be (TPTB) using their influence at Verisign to interfere with bitcoin. A few months ago, I have had similar problems with Firefox telling me that the certificates were not valid on the Intersango, Mt Gox, and btc-e.com. Even today, my android phone will not let me use MtGox Mobile app due to some problem with the certificate. IMO TPTB use certificates authorities and anti-virus software like Norton to implement a casual form of website blacklisting. This is why we need to develop the DarkNet real freaking quick. Title: Re: Dwolla's SSL certificate has been revoked Post by: Astro on July 22, 2012, 07:33:03 PM Call me a conspiracy theorist, but I believe this is The Powers That Be (TPTB) using their influence at Verisign to interfere with bitcoin. A few months ago, I have had similar problems with Firefox telling me that the certificates were not valid on the Intersango, Mt Gox, and btc-e.com. Even today, my android phone will not let me use MtGox Mobile app due to some problem with the certificate. IMO TPTB use certificates authorities and anti-virus software like Norton to implement a casual form of website blacklisting. Ridiculous. When "TPTB" start giving a shit about Bitcoin, they won't interfere with some passive-aggressive certificate revocation scheme. They'll come at it with guns blazing. Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 07:47:33 PM Call me a conspiracy theorist, but I believe this is The Powers That Be (TPTB) using their influence at Verisign to interfere with bitcoin. A few months ago, I have had similar problems with Firefox telling me that the certificates were not valid on the Intersango, Mt Gox, and btc-e.com. Even today, my android phone will not let me use MtGox Mobile app due to some problem with the certificate. IMO TPTB use certificates authorities and anti-virus software like Norton to implement a casual form of website blacklisting. Ridiculous. When "TPTB" start giving a shit about Bitcoin, they won't interfere with some passive-aggressive certificate revocation scheme. They'll come at it with guns blazing. not to mention isn't bitcoin only a small part of Dwolla's business? It is still possible someone has it out for Dwolla but who that may be is anyones guess. Title: Re: Dwolla's SSL certificate has been revoked Post by: Gabi on July 22, 2012, 07:48:47 PM Call me a conspiracy theorist, but I believe this is The Powers That Be (TPTB) using their influence at Verisign to interfere with bitcoin. Stay calm, here is the solution about the certificates problem http://perspectives-project.org/A few months ago, I have had similar problems with Firefox telling me that the certificates were not valid on the Intersango, Mt Gox, and btc-e.com. Even today, my android phone will not let me use MtGox Mobile app due to some problem with the certificate. IMO TPTB use certificates authorities and anti-virus software like Norton to implement a casual form of website blacklisting. Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 07:52:48 PM Call me a conspiracy theorist, but I believe this is The Powers That Be (TPTB) using their influence at Verisign to interfere with bitcoin. Stay calm, here is the solution about the certificates problem http://perspectives-project.org/A few months ago, I have had similar problems with Firefox telling me that the certificates were not valid on the Intersango, Mt Gox, and btc-e.com. Even today, my android phone will not let me use MtGox Mobile app due to some problem with the certificate. IMO TPTB use certificates authorities and anti-virus software like Norton to implement a casual form of website blacklisting. how does one know they can trust the 'network notary' server? It seems like one more point of potential breach to me to bypass the CA's and then rely on yet another place for verification of SSL certs. Granted I did not read through to see how they address the trust issue. Title: Re: Dwolla's SSL certificate has been revoked Post by: paraipan on July 22, 2012, 08:10:58 PM Call me a conspiracy theorist, but I believe this is The Powers That Be (TPTB) using their influence at Verisign to interfere with bitcoin. Stay calm, here is the solution about the certificates problem http://perspectives-project.org/A few months ago, I have had similar problems with Firefox telling me that the certificates were not valid on the Intersango, Mt Gox, and btc-e.com. Even today, my android phone will not let me use MtGox Mobile app due to some problem with the certificate. IMO TPTB use certificates authorities and anti-virus software like Norton to implement a casual form of website blacklisting. how does one know they can trust the 'network notary' server? It seems like one more point of potential breach to me to bypass the CA's and then rely on yet another place for verification of SSL certs. Granted I did not read through to see how they address the trust issue. I think this quote clears it out... Quote Perspectives takes a different approach to how the web browser determines if an SSL certificate is valid. Instead of requiring browser users to trust an anointed group of certificate authorities, Perspectives gives users the ability to pick a group they trust (e.g., the EFF, Google, their company, their university, their group of friends, etc.) and trust no one else. How is this possible? Perspectives has a decentralized model that let’s anyone run one or more “network notary servers”. A network notary server is connected to the Internet and regularly monitors websites to build a history of the SSL certificate used by each site. Notary servers or groups of notary servers may be operated by public organizations, private companies, or even individuals. Rather than validating an SSL certificate by checking for certificate authority approval, with Perspectives the browser validates a certificate by checking for consistency with the certificates observed by the network notaries over time. With network notary servers spread around the world and keeping a history of data, it is VERY hard for an attacker to launch a man-in-the-middle attack (see our academic paper for a full security analysis). Just like a user picks which search engine their browser will use, they user can also choose what group(s) of network notaries they will trust. The user him/herself can choose whether they trust Comodo, the U.S government, the Chinese government, or not. And because all notary data is public, the quality of different network notaries can be measured and evaluated by anyone, creating a market for better security. Title: Re: Dwolla's SSL certificate has been revoked Post by: DublinBrian on July 22, 2012, 08:15:40 PM how does one know they can trust the 'network notary' server? Because the user chooses that notary themselves.Title: Re: Dwolla's SSL certificate has been revoked Post by: sadpandatech on July 22, 2012, 08:21:10 PM how does one know they can trust the 'network notary' server? Because the user chooses that notary themselves.yea, that does not quite cut it though. It's not like choosing your partner or something that you know all about. How is the list made to choose from? What verifies that the list is trustworthy natoaries? I'd assume this service decides that list, and if so does not do anything to reduce any trust issues with just using the standard CA's. It instead would increase trust issues unless there is some really indepth method for listing trusted notaries. Title: Re: Dwolla's SSL certificate has been revoked Post by: niko on July 22, 2012, 09:52:08 PM So, does anyone know why the certificate was revoked by verisign? It seems like this caught dwolla by surprise.
Title: Re: Dwolla's SSL certificate has been revoked Post by: MagicalTux on July 23, 2012, 01:05:14 AM Just a note, it seems that Dwolla switched to GoDaddy (known to be more trustworthy than Verisign?).
Dwolla, before: https://i.imgur.com/B3v00.png Dwolla, after: https://i.imgur.com/iDeZu.png Title: Re: Dwolla's SSL certificate has been revoked Post by: check_status on July 23, 2012, 01:24:09 AM Who owns GoDaddy?
Title: Re: Dwolla's SSL certificate has been revoked Post by: EnergyVampire on July 23, 2012, 01:45:03 AM Who owns GoDaddy? According to Wikipedia (http://en.wikipedia.org/wiki/Go_Daddy) it's owned by KKR, Silver Lake Partners and Technology Crossover Ventures. Title: Re: Dwolla's SSL certificate has been revoked Post by: check_status on July 23, 2012, 02:00:30 AM That explains how stuxnet got into Iran. A Massad agent is CEO of 3 domain name registration companies, GoDaddy is just one.
This change in domains smells like manipulation/backroom deal shennanigans. Title: Re: Dwolla's SSL certificate has been revoked Post by: rjk on August 01, 2012, 01:36:31 AM Bumping this with the text of an email that I sent them via their contact submission form, as follows:
Quote I would like to know what's going on with your SSL certificate. The following statement is made at this link: http://help.dwolla.com/customer/portal/articles/86685-security-partner-overview "VeriSign EV Certificate and Encryption Extended Validation SSL Certificates give high-security web browsers information to clearly identify a web site’s organizational identity. VeriSign is an industry leading EV solution provider. Our certificate provides a 128-bit minimum to 256-bit encryption." but you are actually using a cheap Godaddy certificate. I see that one or more EV certificates from Verisign have been revoked.... Have you had a security incident that you should have warned customers about? Certificates don't just get revoked without a damn good reason, and I feel that this is something extremely important that you need to address. The only public communication that I have been able to find in regards to this issue is a single Twitter message that says the following: "@dwolla Working with our partners at @verisign and @symantec to look into a certificate issue some of our users are reporting. Still secure." but absolutely no communication after that message, posted on the 21st of July, 2012, 10 days ago. I would appreciate your prompt response in regards to this matter so that I can be assured of your continued security and the security of any data about me that you have stored there. Thank you and regards, It's been 10 days since this incident, with nothing more said. Title: Re: Dwolla's SSL certificate has been revoked Post by: notme on August 01, 2012, 01:43:13 AM I quit using them months ago. Still glad I did. I hope this doesn't turn nasty for anyone exposed.
Title: Re: Dwolla's SSL certificate has been revoked Post by: rjk on August 01, 2012, 05:08:29 PM They responded with this:
Quote Dwolla’s SSL certificate had a minor issue. The SSL certificate was purchased for one year, however, was given a two-year expiration date. This is part of our routine monitoring. Dwolla realized this error and migrated the certificate to another vendor as an interim solution. Dwolla will revert to our old SSL vendor, a two-year, paid certificate, later this week. So Verisign issued a 2 year cert, even though Dwolla only paid for one? That's odd, wonder if it was actually the other way around. Title: Re: Dwolla's SSL certificate has been revoked Post by: niko on August 01, 2012, 08:27:21 PM They responded with this: See what Tux posted above. It was issued with a two-year validity. Apparently they revoke it if you miss a payment.Quote Dwolla’s SSL certificate had a minor issue. The SSL certificate was purchased for one year, however, was given a two-year expiration date. This is part of our routine monitoring. Dwolla realized this error and migrated the certificate to another vendor as an interim solution. Dwolla will revert to our old SSL vendor, a two-year, paid certificate, later this week. So Verisign issued a 2 year cert, even though Dwolla only paid for one? That's odd, wonder if it was actually the other way around. Title: Re: Dwolla's SSL certificate has been revoked Post by: rjk on August 01, 2012, 08:30:58 PM Apparently they revoke it if you miss a payment. Interesting, most CAs that I have met require a payment for the full validity period, but maybe Verisign has a payment plan because they are so damn expensive for EV certs.Also, epic fail not paying bills. ::) Title: Re: Dwolla's SSL certificate has been revoked Post by: unclemantis on August 01, 2012, 09:47:45 PM Apparently they revoke it if you miss a payment. Interesting, most CAs that I have met require a payment for the full validity period, but maybe Verisign has a payment plan because they are so damn expensive for EV certs.Also, epic fail not paying bills. ::) A bank not paying their bills? Wow! Good thing I am going with direct ACH payments when I can! |
