Ask HN: Have you ever heard of a CA revoking a certificate?

5 points by bobsmooth ↗ HN
According to Telegram, the SSL certificate for Kiwifarm's onion site has been revoked by their CA. Has this ever happened before?

7 comments

[ 8.1 ms ] story [ 13.0 ms ] thread
Of course CAs revoke certs all the time. Are you implying the CA was politically motivated because of the site?
> Of course CAs revoke certs all the time.

What is the exact reason on why they revoked it? What part of the exact clause did the CA specify that they violated?

Even CA's certicates (which they use to sign customer's certificates) can be revoked. I had that happen to one of mine making it unusable in browsers.
Has this ever happened before?

Yes. I have had CA's revoke a few certs because the private keys were not handled correctly. It was actually company policy to do so.

If you mean a CA revoking a cert because of a site's behavior, yes and certs also get issued to federal agencies for domains they seize. Most of the instances I recall were related to software and music pirate sites.

Yes, it has happened before. In 2019, the SSL certificate for the Tor hidden service of the website The Pirate Bay was revoked by its CA. This was done after the website was found to be hosting illegal content.