This thread was archived. Please ask a new question if you need help.
access to a site with revoked certificate is allowed
When I try to access the website https://revoked.grc.com/, at first I get a dialog about expired certificate. When I click Accept the risk and continue, the site loads. This is somewhat unexpected since the site's certificate is revoked (https://crt.sh/?id=123799530&opt=ocsp), and this shouldn't be possible to override by user. Is this a bug or a feature?
I do believe that this behavior is easy to replicate everywhere, so I'd like to ask anybody who's about to respond with "send us diagnostics data" or "reset your profile", please try the steps yourself first.