关于SSL证书的奇怪问题

我今天vx公众号上访问：https://wxjj.scienmedia.com/。提示证书存在问题
然后我用ios自带的safari和chrome上也是提示证书异常
可我在PC端的chrome上访问提示证书有效。
用myssl.com检测，提示证书被吊销
我就不信邪，把chrome更新到最新。。还是证书有效。。
后来我用IE。。发现连IE都报证书已被吊销。。
可我的PC端的chrome始终提示是有效的。。奇怪

—–
10：19更新：发现chrome也提示证书无效了。。。chrome证书有效性检测反应慢半拍啊

河南省网友说：垃圾chrome是不查ocsp的
OCSP Request Data:     Version: 1 (0x0)     Requestor List:         Certificate ID:           Hash Algorithm: sha1           Issuer Name Hash: 978B4716E5B0F658BAE69DAB1689B8363AE3C3A6           Issuer Key Hash: 55744FB2724FF560BA50D1D7E6515C9A01871AD7           Serial Number: 074FDC8F3FB80B978E39A4AA24F411DC     Request Extensions:         OCSP Nonce:             0410DFBDF5A7DBEAD3829A8B53FB259E31B2 OCSP Response Data:     OCSP Response Status: successful (0x0)     Response Type: Basic OCSP Response     Version: 1 (0x0)     Responder Id: 55744FB2724FF560BA50D1D7E6515C9A01871AD7     Produced At: Oct 28 15:44:59 2020 GMT     Responses:     Certificate ID:       Hash Algorithm: sha1       Issuer Name Hash: 978B4716E5B0F658BAE69DAB1689B8363AE3C3A6       Issuer Key Hash: 55744FB2724FF560BA50D1D7E6515C9A01871AD7       Serial Number: 074FDC8F3FB80B978E39A4AA24F411DC     Cert Status: revoked     Revocation Time: Oct 21 01:44:04 2020 GMT     This Update: Oct 28 15:44:59 2020 GMT     Next Update: Nov  4 14:59:59 2020 GMT     Signature Algorithm: sha256WithRSAEncryption          70:e5:0a:f4:96:45:14:ee:bf:2f:4e:51:24:3a:a6:d8:db:17:          e3:96:e6:31:36:09:09:99:a7:16:fa:f5:46:ce:d9:f8:ea:c9:          70:df:f8:0e:ca:44:3f:03:be:2a:0f:59:a5:f1:dc:6e:af:b5:          69:bc:c7:cb:9e:0e:a7:24:02:a3:fe:20:17:2e:ec:80:85:fd:          a8:68:c7:68:33:02:12:51:d9:d5:c9:99:78:bc:60:7a:c7:f6:          41:c7:80:d2:3f:f1:4a:65:96:5b:40:64:eb:75:cf:15:91:64:          3e:78:4a:11:f6:9d:ef:68:c8:95:26:b7:8e:76:d8:62:36:15:          ce:f0:a3:22:91:5c:bd:91:a4:7b:7b:7e:bf:fa:5a:f3:78:40:          2c:81:a8:a4:17:c6:8f:11:dd:6b:3f:4a:4a:2f:85:84:7b:29:          b5:9d:f7:38:55:34:e3:f2:33:23:fc:14:c9:f9:07:5a:27:fc:          c1:ab:f5:5d:9f:8a:a2:02:16:cd:5c:af:cd:f0:b6:27:97:a7:          4c:cc:cd:9d:95:54:db:aa:ae:05:c4:ae:a4:28:65:6a:31:ac:          32:49:d2:6a:56:a3:a7:10:b3:d2:84:fe:ac:9e:7a:8a:26:d7:          21:3e:02:09:a5:30:e8:0e:4f:90:a2:3d:3e:6f:7f:1d:f8:6c:          b5:e2:2b:d2 WARNING: no nonce in response Response verify OK 1.cer: revoked         This Update: Oct 28 15:44:59 2020 GMT         Next Update: Nov  4 14:59:59 2020 GMT         Revocation Time: Oct 21 01:44:04 2020 GMT 复制代码

Cert Status: revoked
Revocation Time: Oct 21 01:44:04 2020 GMT

山东省网友说：这么奇怪，那推荐换个证书

辽宁省网友说：主要不是我的网站。。是无锡交警。。我想上去查查违章

湖南省网友说：因为chrome不会去检查证书是否被吊销，只要还在有效期内，并且是信任的ca发布就默认承认有效，你遇到的就是这样

山东省网友说：那这样是不是不安全啊。假设我的私钥泄露了，我把这个证书吊销了。可chrome还是提示证书有效。。很大的安全隐患啊

海南省网友说：chrome默认设置就是不去检查，说是为了速度，这个没办法，证书私钥丢失也要匹配域名，问题不大

浙江省网友说：用的哪的证书，应该是服务器端没设置好
是不是缺少了ca证书

台湾省网友说：私钥丢失+DNS污染
或者中间人攻击问题就大了

河北省网友说：中间人攻击不会用合法证书(由CA签发)

山西省网友说：刚chrome也提示证书无效了。。。

福建省网友说：这个域名不像正规域名，目测被 CRL 和 OCSP 吊销

另，Chrome 去拉 CRL 的频率比较低，你得等 CRL 过期或清除 Chrome 缓存来让 Chrome 去拉取 CRL

河南省网友说：垃圾chrome是不查ocsp的
OCSP Request Data:     Version: 1 (0x0)     Requestor List:         Certificate ID:           Hash Algorithm: sha1           Issuer Name Hash: 978B4716E5B0F658BAE69DAB1689B8363AE3C3A6           Issuer Key Hash: 55744FB2724FF560BA50D1D7E6515C9A01871AD7           Serial Number: 074FDC8F3FB80B978E39A4AA24F411DC     Request Extensions:         OCSP Nonce:             0410DFBDF5A7DBEAD3829A8B53FB259E31B2 OCSP Response Data:     OCSP Response Status: successful (0x0)     Response Type: Basic OCSP Response     Version: 1 (0x0)     Responder Id: 55744FB2724FF560BA50D1D7E6515C9A01871AD7     Produced At: Oct 28 15:44:59 2020 GMT     Responses:     Certificate ID:       Hash Algorithm: sha1       Issuer Name Hash: 978B4716E5B0F658BAE69DAB1689B8363AE3C3A6       Issuer Key Hash: 55744FB2724FF560BA50D1D7E6515C9A01871AD7       Serial Number: 074FDC8F3FB80B978E39A4AA24F411DC     Cert Status: revoked     Revocation Time: Oct 21 01:44:04 2020 GMT     This Update: Oct 28 15:44:59 2020 GMT     Next Update: Nov  4 14:59:59 2020 GMT     Signature Algorithm: sha256WithRSAEncryption          70:e5:0a:f4:96:45:14:ee:bf:2f:4e:51:24:3a:a6:d8:db:17:          e3:96:e6:31:36:09:09:99:a7:16:fa:f5:46:ce:d9:f8:ea:c9:          70:df:f8:0e:ca:44:3f:03:be:2a:0f:59:a5:f1:dc:6e:af:b5:          69:bc:c7:cb:9e:0e:a7:24:02:a3:fe:20:17:2e:ec:80:85:fd:          a8:68:c7:68:33:02:12:51:d9:d5:c9:99:78:bc:60:7a:c7:f6:          41:c7:80:d2:3f:f1:4a:65:96:5b:40:64:eb:75:cf:15:91:64:          3e:78:4a:11:f6:9d:ef:68:c8:95:26:b7:8e:76:d8:62:36:15:          ce:f0:a3:22:91:5c:bd:91:a4:7b:7b:7e:bf:fa:5a:f3:78:40:          2c:81:a8:a4:17:c6:8f:11:dd:6b:3f:4a:4a:2f:85:84:7b:29:          b5:9d:f7:38:55:34:e3:f2:33:23:fc:14:c9:f9:07:5a:27:fc:          c1:ab:f5:5d:9f:8a:a2:02:16:cd:5c:af:cd:f0:b6:27:97:a7:          4c:cc:cd:9d:95:54:db:aa:ae:05:c4:ae:a4:28:65:6a:31:ac:          32:49:d2:6a:56:a3:a7:10:b3:d2:84:fe:ac:9e:7a:8a:26:d7:          21:3e:02:09:a5:30:e8:0e:4f:90:a2:3d:3e:6f:7f:1d:f8:6c:          b5:e2:2b:d2 WARNING: no nonce in response Response verify OK 1.cer: revoked         This Update: Oct 28 15:44:59 2020 GMT         Next Update: Nov  4 14:59:59 2020 GMT         Revocation Time: Oct 21 01:44:04 2020 GMT 复制代码

Cert Status: revoked
Revocation Time: Oct 21 01:44:04 2020 GMT

四川省网友说：chrome就这样 一般不检查证书是否被吊销 ie什么的访问时候都会检查的

福建省网友说：要不。你换个证书吧

云南省网友说：好像是的。我一台电脑的chrome已经提示注销了。还有一台电脑的chrome还是现实证书有效的