Print

[Walter H.]

Hello,

I noticed on my webserver access for URLs that do not exist any more - I had my own CA - how or where can I contact the person that he/she should delete the root certificate he/she installed from my old web site?

the access is this:


2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:28 +0100] "GET /certAuth/certFiles/root0CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:28 +0100] "GET /certAuth/certFiles/sub01CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:29 +0100] "GET /certAuth/sub01-ocsp/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFEv14eOItXXlk6X35vX5ywELUtNVBBTt86nFdyMuktmRIXSncpxREuyFSgIQcgeX15gpzUTXjdHimxw8gA%3D%3D HTTP/1.1" 404 1573 "-" "trustd (unknown version) CFNetwork/889.9 Darwin/17.2.0 (x86_64)"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:43 +0100] "GET /certAuth/certFiles/root0CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:44 +0100] "GET /certAuth/certFiles/sub01CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:44 +0100] "GET /certAuth/sub01-ocsp/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFEv14eOItXXlk6X35vX5ywELUtNVBBTt86nFdyMuktmRIXSncpxREuyFSgIQfZyMAz6aa4KAYQUQbZj0AA%3D%3D HTTP/1.1" 404 1573 "-" "trustd (unknown version) CFNetwork/889.9 Darwin/17.2.0 (x86_64)"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:45 +0100] "GET /certAuth/certFiles/root0CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:45 +0100] "GET /certAuth/certFiles/sub01CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:17:00:45 +0100] "GET /certAuth/sub01-ocsp/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFEv14eOItXXlk6X35vX5ywELUtNVBBTt86nFdyMuktmRIXSncpxREuyFSgIQfZyMAz6aa4KAYQUQbZj0AA%3D%3D HTTP/1.1" 404 1573 "-" "trustd (unknown version) CFNetwork/889.9 Darwin/17.2.0 (x86_64)"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:02:35 +0100] "GET /certAuth/certFiles/root0CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:02:35 +0100] "GET /certAuth/certFiles/sub01CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:02:36 +0100] "GET /certAuth/sub01-ocsp/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFEv14eOItXXlk6X35vX5ywELUtNVBBTt86nFdyMuktmRIXSncpxREuyFSgIQcgeX15gpzUTXjdHimxw8gA%3D%3D HTTP/1.1" 404 1573 "-" "trustd (unknown version) CFNetwork/889.9 Darwin/17.2.0 (x86_64)"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:04:39 +0100] "GET /certAuth/certFiles/root0CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:04:39 +0100] "GET /certAuth/certFiles/sub01CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:04:39 +0100] "GET /certAuth/sub01-ocsp/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFEv14eOItXXlk6X35vX5ywELUtNVBBTt86nFdyMuktmRIXSncpxREuyFSgIQfZyMAz6aa4KAYQUQbZj0AA%3D%3D HTTP/1.1" 404 1573 "-" "trustd (unknown version) CFNetwork/889.9 Darwin/17.2.0 (x86_64)"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:04:47 +0100] "GET /certAuth/certFiles/root0CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:04:48 +0100] "GET /certAuth/certFiles/sub01CA.crt HTTP/1.1" 404 1573 "-" "com.apple.trustd/1.0"
2001:470:1f07:224:8570:356e:2715:7be6 - - [26/Nov/2017:20:04:48 +0100] "GET /certAuth/sub01-ocsp/MFYwVKADAgEAME0wSzBJMAkGBSsOAwIaBQAEFEv14eOItXXlk6X35vX5ywELUtNVBBTt86nFdyMuktmRIXSncpxREuyFSgIQfZyMAz6aa4KAYQUQbZj0AA%3D%3D HTTP/1.1" 404 1573 "-" "trustd (unknown version) CFNetwork/889.9 Darwin/17.2.0 (x86_64)"

[snarked]

You're asking the wrong question.  The real question should probably be:  Why doesn't this person understand that a 404 means that the resource isn't there, and why they don't get the clue to give up on it....?

Who really cares if they continue to hold a defunct certificate?

There is a way to create a certificate revocation list (to revoke unexpired certificates, including CA certificates).  However, the details of this construct is beyond my knowledge.  Maybe that's what you need to do if you really care to....

[Walter H.]

Not really, I'd just want to tell the guy, which is behind this HE-IPv6-Tunnel to remove the certificates, because these were one
which I created at the early steps of creating my own CA, and how did they get there?

[divad27182]

I think the problem may be more complicated than you think.  If person B got one of your certificates, and person C is talking to person B's machine, you could be seeing verification attempts from C when B is where the issue is at.  In any case, the following might give you a starting point:

$ host 2001:470:1f07:224:8570:356e:2715:7be6
Host 6.e.b.7.5.1.7.2.e.6.5.3.0.7.5.8.4.2.2.0.7.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa not found: 3(NXDOMAIN)
$ host 2001:470:1f07:224::1                 
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.2.2.0.7.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa domain name pointer router.abellohome.net.
$ host 2001:470:1f06:224::1
1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.4.2.2.0.6.0.f.1.0.7.4.0.1.0.0.2.ip6.arpa domain name pointer vabello.tunnel.tserv4.nyc4.ipv6.he.net.
$

Alternatively, you could try firewall blocking his address.  Or, more likely to get a reaction, putting a rate limiter on the request.  A one byte per 10 second limit might slow some application he's running down enough that he notices it.