Certified screw up

Ever since GlobalSign screwed up and revoked a bunch of correct HTTPS certificates on 13th October, the Guardian website has been rendering as HTTP on my laptop. That means no images, and, worse, ugly fonts.

It’s not been a huge problem, because it didn’t affect the iOS apps, and I expected that it would spontaneously revert at some point. But today I lost patience and decided to investigate properly.

The report on The Register provides a link to the GlobalSign website that describes how to delete the cached, revoked certificates, and recover a fully-functioning, secure internet. Globalsign rather sneakily doesn’t make any mention of why you might want to do it (i.e. their mistake).

To delete OCSP and CRL cache files in macOS Sierra, in the terminal, type:

sqlite3 ~/Library/Keychains/*/ocspcache.sqlite3 'DELETE FROM ocsp;'

For older OS versions:

sudo rm /var/db/crls/*cache.db

(Careful with that sudo rm!)



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s