No issues with those links here. Could you run traceroute crl.identrust.com? This would show where exactly the connection is failing. Odds are, this is a temporary network glitch somewhere between your ISP and IdenTrust’s ISP.
This is going on since yesterday (more than a day already).
c:\>tracert crl.identrust.com
Tracing route to apps.digsigtrust.com [192.35.177.64]
over a maximum of 30 hops:
1 3 ms 1 ms 2 ms 192.168.1.1
2 * * * Request timed out.
3 13 ms 12 ms 13 ms vnn-rc0001-cr101-xe-1-0-2-0.core.as9143.net [213.51.188.17]
4 * * * Request timed out.
5 16 ms 20 ms 15 ms fr-par02b-rd1-xe-3-1-3-0.aorta.net [84.116.134.54]
6 17 ms 15 ms 30 ms xe-0-1-0.cir1.amsterdam2-nh.nl.xo.net [80.249.209.200]
7 168 ms 167 ms 167 ms te0-3-4-0.rar3.washington-dc.us.xo.net [207.88.13.198]
8 164 ms 197 ms 172 ms 207.88.12.99.ptr.us.xo.net [207.88.12.99]
9 160 ms 165 ms 158 ms 207.88.12.132.ptr.us.xo.net [207.88.12.132]
10 166 ms 172 ms 167 ms 207.88.12.215.ptr.us.xo.net [207.88.12.215]
11 167 ms 192 ms 165 ms 207.88.12.212.ptr.us.xo.net [207.88.12.212]
12 163 ms 185 ms 175 ms 207.88.12.165.ptr.us.xo.net [207.88.12.165]
13 166 ms 164 ms 167 ms 207.88.12.188.ptr.us.xo.net [207.88.12.188]
14 164 ms 185 ms 203 ms 207.88.12.191.ptr.us.xo.net [207.88.12.191]
15 168 ms 202 ms 203 ms 216.156.16.25.ptr.us.xo.net [216.156.16.25]
16 165 ms 197 ms 202 ms ip65-46-60-234.z60-46-65.customer.algx.net [65.46.60.234]
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 ip65-46-60-234.z60-46-65.customer.algx.net [65.46.60.234] reports: Destination net unreachable.
That’s from the Netherlands.
And the same result from a server in the U.S.:
$ traceroute -q1 crl.identrust.com
traceroute to crl.identrust.com (192.35.177.64), 30 hops max, 60 byte packets
1 router1-nac.linode.com (207.99.1.13) 0.678 ms
2 173.255.239.4 (173.255.239.4) 1.279 ms
3 207.99.112.129 (207.99.112.129) 2.144 ms
4 0.e1-2.tbr2.ewr.nac.net (209.123.10.113) 0.927 ms
5 ae1-32.nyc41.ip4.gtt.net (173.205.45.185) 0.896 ms
6 ae1-32.nyc41.ip4.gtt.net (173.205.45.185) 0.882 ms
7 xe-1-3-3.nyc38.ip4.gtt.net (89.149.134.118) 1.348 ms
8 207.88.13.34.ptr.us.xo.net (207.88.13.34) 70.397 ms
9 207.88.13.34.ptr.us.xo.net (207.88.13.34) 70.409 ms
10 207.88.12.218.ptr.us.xo.net (207.88.12.218) 83.331 ms
11 207.88.12.218.ptr.us.xo.net (207.88.12.218) 83.356 ms
12 te-4-1-0.rar3.denver-co.us.xo.net (207.88.12.22) 63.044 ms
13 207.88.12.122.ptr.us.xo.net (207.88.12.122) 61.409 ms
14 207.88.12.122.ptr.us.xo.net (207.88.12.122) 61.469 ms
15 216.156.16.25.ptr.us.xo.net (216.156.16.25) 62.212 ms
16 ip65-46-60-234.z60-46-65.customer.algx.net (65.46.60.234) 62.998 ms
17 *
18 *
19 *
20 *
21 *
22 *
23 *
24 *
25 *
26 *
27 *
28 *
29 *
30 *
$
But the test has been re-run again and doesn't show any errors.
For myself right now, from a few locations in the US, downloading the CRL takes a few seconds but works. From Atlanta and Orlando, well, curl has been trying to connect for over a minute.
Thanks for bringing this to our attention. We’re working on contacting the right folks at Identrust to look into this. I’ll update this thread once we know more.