Serial number not found
80 views
Skip to first unread message
Giorgia Gabardi
Aug 6, 2024, 1:28:16 PM8/6/24
to crt.sh
Hi team,
Revoked Certificates:
Serial Number: EE7CF03796CCF7110E7C551185845DAD
Revocation Date: Aug 2 18:58:39 2024 GMT
Serial Number: C852D93E8474807D0EA71CAB86122A98
Revocation Date: Aug 4 15:32:06 2024 GMT
Serial Number: ABD35C60C93380A70D241FCAC0A0E70D
Revocation Date: Aug 6 06:32:06 2024 GMT
Serial Number: 1DCB4E7A59B0398F0D84EEEA073FAA6E
Revocation Date: Aug 6 06:58:39 2024 GMT
Serial Number: 8AB51BF05E2526981102DD779A42A439
Revocation Date: Jul 26 08:41:21 2024 GMT
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:46:02:21:00:82:e6:91:6e:96:41:0a:99:a5:3a:51:ef:ff:
0f:af:0e:3d:7c:75:56:db:29:5a:0a:ac:8d:2a:9e:e0:f6:40:
03:02:21:00:92:b4:33:38:5e:ea:f8:b6:3c:f2:25:30:84:88:
75:ee:75:29:bd:74:7a:ae:75:aa:3d:de:bc:cc:a1:de:01:38
I noticed that there are many serial numbers present in some CRLs that, if inserted in crt.sh, do not correspond to any certificate. Can anyone tell me what could be the reason?
For example, this is a CRL that I downloaded from a site and some of the serial numbers are not found:
Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, O = Google Trust Services, CN = WE1
Last Update: Aug 6 14:02:40 2024 GMT
Next Update: Aug 16 13:02:39 2024 GMT
CRL extensions:
X509v3 Authority Key Identifier:
90:77:92:35:67:C4:FF:A8:CC:A9:E6:7B:D9:80:79:7B:CC:93:F9:38
X509v3 CRL Number:
1063
X509v3 Issuing Distribution Point: critical
Full Name:
URI:http://c.pki.goog/we1/Kvu7cf9_d_4.crl Only User Certificates
Version 2 (0x1)
Signature Algorithm: ecdsa-with-SHA256
Issuer: C = US, O = Google Trust Services, CN = WE1
Last Update: Aug 6 14:02:40 2024 GMT
Next Update: Aug 16 13:02:39 2024 GMT
CRL extensions:
X509v3 Authority Key Identifier:
90:77:92:35:67:C4:FF:A8:CC:A9:E6:7B:D9:80:79:7B:CC:93:F9:38
X509v3 CRL Number:
1063
X509v3 Issuing Distribution Point: critical
Full Name:
URI:http://c.pki.goog/we1/Kvu7cf9_d_4.crl Only User Certificates
Revoked Certificates:
Serial Number: EE7CF03796CCF7110E7C551185845DAD
Revocation Date: Aug 2 18:58:39 2024 GMT
Serial Number: C852D93E8474807D0EA71CAB86122A98
Revocation Date: Aug 4 15:32:06 2024 GMT
Serial Number: ABD35C60C93380A70D241FCAC0A0E70D
Revocation Date: Aug 6 06:32:06 2024 GMT
Serial Number: 1DCB4E7A59B0398F0D84EEEA073FAA6E
Revocation Date: Aug 6 06:58:39 2024 GMT
Serial Number: 8AB51BF05E2526981102DD779A42A439
Revocation Date: Jul 26 08:41:21 2024 GMT
Signature Algorithm: ecdsa-with-SHA256
Signature Value:
30:46:02:21:00:82:e6:91:6e:96:41:0a:99:a5:3a:51:ef:ff:
0f:af:0e:3d:7c:75:56:db:29:5a:0a:ac:8d:2a:9e:e0:f6:40:
03:02:21:00:92:b4:33:38:5e:ea:f8:b6:3c:f2:25:30:84:88:
75:ee:75:29:bd:74:7a:ae:75:aa:3d:de:bc:cc:a1:de:01:38
Thank you,
Best regards.
r...@sectigo.com
Aug 6, 2024, 3:46:24 PM8/6/24
to crt.sh
Hi Giorgia. The five certificates listed in that CRL are all present in the crt.sh database. Note that you currently need to prepend "00" to the serial number search term when the most-significant bit of the serial number is set (i.e. the first hex byte is 0x80..0xFF).
r...@sectigo.com
Aug 6, 2024, 3:57:29 PM8/6/24
to crt.sh
> Note that you currently need to prepend "00" to the serial number search term when the most-significant bit of the serial number is set (i.e. the first hex byte is 0x80..0xFF).
Giorgia Gabardi
Aug 7, 2024, 4:01:07 AM8/7/24
to crt.sh
Thank you!
Best regards.
Reply all
Reply to author
Forward
0 new messages