Ultratools doesn't like my certificate


#1

I am uncertain about which group this topic belongs in.

Neustar Inc. provides a free domain evaluation service called “UltraTools”. This company (whose common stock is traded on NYSE), would appear to have some claim to internet expertise. According to Wikipedia, it is “a provider of clearinghouse and directory services to global communications and internet industries”, and also is registry for several top-level-domains.

So, what does this have to do with Let’s Encrypt?

I registered for a free account and asked for a scan of my main domain. The UltraTools scan red-flags my site’s Let’s Encrypt certificate as not valid because “certificate has been revoked”. (The certificate is accepted by every major browser without any issues.)

Does anyone else see the same issue? Is this anything I should be concerned about?


#2

Hi @ocahul,

The most trusted and recommended site-scanning tool in this community is the Qualys SSL Labs scanner

https://www.ssllabs.com/ssltest/

I would suggest that you check your site with this scanner. If it doesn’t see a problem, then your site should be OK (and maybe you could bring up the discrepancy with Neustar).

You could also double-check in https://crt.sh/, which has some revocation status information.


#3

Hi @schoen,

Thanks. ssllabs reports an “A”. crt.sh shows no revocations.

I have one item red-flagged in the certificate area: DNS CAA is NO. (I see no particular need to set up a CAA record) Otherwise, the handshake simulation section indicates non-support of a few ancient clients that I have no interest in supporting:
Android 2.3.7
IE 6/XP
IE 8/XP
Java 6U45

There appears to be no place on ultratools.com to provide feedback. They evidently consider their service infallible.


#4

Interestingly, it does the same thing for mine, incorrectly. Curious about what makes them think that’s the case.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.