Why SSL certificate revocation checks don’t always work like they should

A lesser discussed aspect of SSL certificates is revocation. We talk a lot about why you need an SSL certificate, how to choose the right one, how to activate and install one, and how you need to remember to renew it before it expires. But what about SSL revocation?

For the uninitiated, SSL revocation is the process of rendering an issued SSL certificate as invalid, removing the secure HTTPs connection from a website.

Why would you revoke an SSL certificate, anyway?

There are a number of reasons why someone would revoke their SSL certificate, which include:

  • Your private key has gotten lost or compromised, which means your SSL communications are at risk or not secured
  • Your SSL Certificate has been reissued and you need to revoke the old version
  • You don’t want to use a particular SSL certificate anymore and don’t plan to have it reissued

Sometimes a Certificate Authority may revoke an SSL certificate if, for example, a domain is suspected of phishing/malware/etc, if the certificate owner has violated the terms and conditions, or if a certificate was wrongfully issued. Whatever the reason your certificate got revoked, you need to ensure you remove it from your website and replace it with a reissued certificate straight away, otherwise your site won’t be secured.

What should happen when you revoke an SSL certificate

When your SSL certificate is revoked, your issuer will add an identifier serial number for your cert to OCSP (Online Certificate Status Protocol) servers and CRLs (Certificate Revocation Lists), which are distributed by Certificate Authorities (like Sectigo). Browsers and clients can check the OCSP servers or CRLs for a certificate’s revocation status and inform site visitors that the SSL certificate for a particular site has been revoked. When users try to access a webpage with a revoked certificate, a message should pop up saying something like, “The certificate is revoked”, warning users that their connection isn’t secure. If you have revoked your SSL certificate but have not yet removed it from the website server, your users will receive this message.

Here is how certificate revocation checks in browsers work for the methods outlined above:

OCSP

OCSP is a type of protocol browsers can use to verify an SSL certificate’s status. The browser contacts a server called an OCSP responder to find out the revocation status of a particular certificate. The OCSP responder replies with the revocation status and the Certificate Authority’s private signing key, which the browser then verifies.

These days, a version of this process called OCSP Stapling is often used, which allows servers to receive these signatures, and caches it alongside a website’s SSL certificate for up to seven days. This speeds up the process significantly, as the browser can access information it needs from the website server, instead of making a completely separate request to another server. However, not all websites use OCSP stapling for their SSL certificates.

CRLs

Some browsers are configured to check CRLs for the validity of an SSL certificate. Certificate authorities publish these lists periodically (every 24 hours, for example) so that the list is always up-to-date. When a user tries to visit a site with an SSL certificate, the browser makes a request to access it, and the Certificate Authority that issued the certificate responds with the list of its issued certificates that have been revoked. If the website’s SSL certificate isn’t on this list, it will load the page.

Sounds good, right? Unfortunately, it doesn’t always work, and each method of checking for revocation has its flaws.

The flaws of revocation checking methods

The problems with both CRLs and OCSP can be summed up by three main issues: speed; security; and privacy.

Speed

For the CRL method, a browser downloading and checking a list of every single revoked SSL of a particular certificate authority takes time, and can slow down page load time significantly, which is not great from a user experience perspective. It can even cost you customers if it takes too long. On the whole, OCSP is faster than CRL, but it can also depend on the speed of a certificate authority’s OCSP responder server.

Privacy

When browsers connect to OCSP responder servers a lot of private data, such as the user’s IP address, their browser version, and the site that they are trying to access, is transmitted between the two. While privacy is always the first and foremost priority to Certificate Authorities, if an OCSP server is ever compromised, it could lead to the leaking of sensitive information.

Security

The unfortunate reality of the OCSP method is that it isn’t always completely reliable due to a number of factors, such as application problems or network lags. To deal with these potential errors, many browsers carry out OCSP in what is known as soft-fail mode. This means that if an OCSP responder server times out or can’t be reached, browsers will not complete the check. When this happens, the browsers automatically recognizes an SSL certificate as being valid, and shows a HTTPS connection, even if this is not the case. The soft-fail mode is enabled to prevent disruption of potentially millions of users, however it also leaves users susceptible to man-in-the middle attacks.

It’s likely you’ve visited a site with a revoked SSL certificate at one point and you were none-the-wiser, because none of the usual indicators of an insecure site revealed themselves. In fact, it may even have said that the site was secure, with the usual padlock symbol appearing in the address bar.

What’s the solution to certificate revocation check errors?

For website owners, you should enable OCSP stapling on your server to speed things up for website users, and also to avoid potential SSL errors and browsers blocking access to your site with an erroneous “site not secure” message.

For website users, you should research the SSL revocation check methods each browser uses. With that information, choose your web browser based on which method you are most comfortable with. The ideal is for your browser to support OCSP stapling, but not all browsers do.

The good news is many major browsers do support OCSP stapling, including Google Chrome and Mozilla Firefox. In terms of revocation checks when OCPS isn’t enabled on a website server, both browsers also maintain their own centralized lists of revoked certificates, which they check instead of the Certificate Authorities’ CRLs.

Wrap Up

While the processes for checking the revocation status of SSL certificates have not yet been perfected, by keeping yourself up-to-date with the latest developments in the sphere and taking precautions, whether you’re a website owner or user, you can lessen the chances of your data being compromised.

Share on Twitter, Facebook, Google+