Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


IMPORTANT! Wildcard SSLs from issl.asia,sslcertificate.cn, ssl.so etc. revoked
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IMPORTANT! Wildcard SSLs from issl.asia,sslcertificate.cn, ssl.so etc. revoked

theqkashtheqkash Member
edited March 2015 in General

Hello,

Today my issl certificate has been revoked.

Error code: sec_error_revoked_certificate

I have contacted issl and they have me to do refund. I'm waiting now for the cash. FYI.

«1

Comments

  • What happened?

  • Message from ISSL:

    Sorry for the trouble. Our upstream reseller's system had a problem.

    Whatever it means, probably all those 5year wildcard SSLs have been revoked and will not work on most browsers except Chrome.

  • the deal was too good to be true, i knew it

  • namhuy said: the deal was too good to be true, i knew it

    The question is what will happen to all those who have paid using bitcoin or some another AliPay thing. I have paid using PayPal to ISSL and I feel secure at this time.

  • Another message from Neil from issl:

    Actually, Only some of the orders were revoked, we are still working on fixing it for now.

    FYI.
    Check your SSL certs.

  • I've bought mine from sslcertificate.cn (knewing that there's a risk that it might lead to trouble) via Bitcoin and it is now also revoked. :/

  • I have got cash back from ISSL so if somebody will have problem with certificate, should not be aware

  • if the cert still not use, any method can check if it was revoked?

  • Mahfuz_SS_EHLMahfuz_SS_EHL Host Rep, Veteran

    If anyone would need PositiveSSL for Free, I may give some away (About 15-20 SSL's). You can message Me with your CSR, Make sure that, you have an admin email ([email protected]) opened and fully configured because the Verification would go there :)

    While Generating CSR, Use the Email where you want the Final Certificate with Email.

    Keep In Mind, I can't reissue them, so keep them safe along with Private Key which you generated for the SSL Issuance :-)

  • Thanked by 1hotsnow
  • Mahfuz_SS_EHLMahfuz_SS_EHL Host Rep, Veteran

    @rm_ @Razza This will be single Domain SSL's and for 1 Year right Now.

  • Quick, Free, Working alternative:

    http://lowendtalk.com/discussion/41289/free-chinese-2-year-ssl-certificate-dv-kuaissl-by-wosign-com#latest

    Up to 100 Subdomains, order system works by now fine and even the chinese sent domain validation emails arrive quickly.

  • still good yet

  • ClouviderClouvider Member, Patron Provider
  • I just wrote an email to @xoxo, let's see what he's going to reply (if at all). If someone needs a lot of certificates, use that site which William posted OR get Class 2 verified at Startcom, they're trustworthy.

  • raza19raza19 Veteran
    edited March 2015

    This will be an epic loss ! But I have just checked few other websites which were using alphassl , they have had their revoked too and they didnt buy from @xoxo.
    Could it be something else ? a revocation list being unreachable , etc ?

  • tommytommy Member

    and everyone will learn his lesson

  • yywudi said: still good yet

    raza19 said: This will be an epic loss ! But I have just checked few other websites which were using alphassl , they have had their revoked too and they didnt buy from @xoxo. Could it be something else ? a revocation list being unreachable , etc ?

    A few time ago Ubisoft have blocked people who have bought their games from resellers because resellers have used codes bought using stolen CC's. Something is telling me that we have same thing here, but I do not want to accuse anyone.

  • raza19raza19 Veteran

    I have tried to get in contact with @xoxo on qq but so far there have been no replies.....

  • Mahfuz_SS_EHLMahfuz_SS_EHL Host Rep, Veteran

    Why don't you people Email AlphaSSL Directly ??

  • BAKABAKA Member

    @raza19 said:
    I have tried to get in contact with xoxo on qq but so far there have been no replies.....

    xoxo's last appearance on v2ex was 45 days ago. But I believe he just changed account and still stays on v2ex and LET.

  • I am a Chinese and I want to say...

    It seems that he hacked into one of a reseller's system.

  • @Mahfuz_SS_EHL said:
    Why don't you people Email AlphaSSL Directly ??

    I've just asked AlphaSSL for a statement - I'll post the reply here as soon as I've got one.

    Thanked by 1hotsnow
  • Shocking.

  • XIAOSpider97 said: It seems that he hacked into one of a reseller's system.

    Would like to know which "reseller" exactly.

  • SplitIceSplitIce Member, Host Rep

    Sigh... hmph

  • BAKABAKA Member

    XeepiHosting_Joe said: Would like to know which "reseller" exactly.

    I'm also wondering.

    xoxo has been giving away free cert in Chinese forums since Jan 2014.
    https://v2ex.com/t/95769

    He claimed to have sold 1024 certs on 2014/10/24. So let's assume he has sold 8k alphassl and 1k globalsignssl so far. Also assume that reseller's bulk price is U$10 for alphassl and U$40 for globalsign, then that reseller has suffered U$120k loss. Such thing lasted for one year without being noticed...

    Or, more reasonably, the hacked reseller is a buddy with globalsign who can issue unlimited certs (both alphassl and globalsign ssl) or its main sub-reseller (because small resellers only have alphassl). Then who is that reseller?

  • raza19raza19 Veteran

    @BAKA

    Very aptly put! This doesn't seem like a hack scenario. There is more than meets the eye.

Sign In or Register to comment.