Si on prend la peine de lire votre capture d’écran, on constate que la réponse OCSP date bien du samedi 13/09/2025 à 15:56:26 GMT, et non d’aujourd’hui, le 14/09/2025.
Pour information, le nouveau certificat SSL du sous-domaine https://boutique.orange.fr , a, lui, été publié aujourd’hui, le dimanche 14/09/2025.
Le certificat qui a été révoqué
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
0a:fb:08:4e:31:73:c6:bb:d7:b1:37:fe:36:1b:1c:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, O=DigiCert Inc, CN=DigiCert Global G2 TLS RSA SHA256 2020 CA1
Validity
Not Before: Jan 20 00:00:00 2025 GMT
Not After : Feb 19 23:59:59 2026 GMT
Subject: C=FR, ST=ILE-DE-FRANCE, L=ISSY LES MOULINEAUX, O=Orange SA, CN=boutique.orange.fr
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:e8:96:2b:bf:9c:11:e3:22:01:df:92:fb:fa:05:
bc:60:d7:d6:71:a0:86:07:d3:f0:d3:c9:76:a3:d9:
9b:c5:17:16:f2:b5:d9:3d:27:e0:47:81:da:28:d4:
36:36:1a:a0:d7:36:47:db:20:94:9d:99:5f:15:9b:
ae:cf:40:a5:68:55:cf:94:ad:71:02:bf:c5:c2:6a:
94:0b:10:6e:37:97:70:c6:75:83:9c:0f:fa:90:74:
80:72:97:95:df:d3:46:96:d4:b7:66:1b:3e:b2:9a:
bd:11:18:97:ee:41:7c:8f:b9:62:db:ae:c0:0c:86:
06:1f:d6:16:eb:3f:e9:63:8c:c7:c1:f9:e2:53:28:
e2:31:b1:60:00:87:29:c8:18:0b:3a:09:7d:bc:83:
65:a4:ef:83:94:c8:a5:38:88:a3:36:3b:eb:e7:4f:
3b:82:01:e5:98:e1:73:7a:d4:5b:53:18:45:18:f5:
57:5b:e0:ee:f9:d1:a1:db:e8:72:41:92:30:1c:b8:
93:29:7a:05:60:f7:f8:5a:6a:87:81:2f:ae:97:d9:
e6:11:03:a0:67:1f:83:6f:eb:ee:55:6f:0a:b8:c4:
30:66:56:88:eb:e4:2e:44:9d:c8:09:e7:d0:7f:56:
43:2e:61:9a:8e:7a:e0:43:4e:8a:36:58:84:a3:60:
ac:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
74:85:80:C0:66:C7:DF:37:DE:CF:BD:29:37:AA:03:1D:BE:ED:CD:17
X509v3 Subject Key Identifier:
C2:D9:87:6B:B6:A1:A4:F6:14:AE:1F:24:EA:67:E7:CD:E9:FD:59:5A
X509v3 Subject Alternative Name:
DNS:boutique.orange.fr
X509v3 Certificate Policies:
Policy: 2.23.140.1.2.2
CPS: http://www.digicert.com/CPS
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl3.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
Full Name:
URI:http://crl4.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crl
Authority Information Access:
OCSP - URI:http://ocsp.digicert.com
CA Issuers - URI:http://cacerts.digicert.com/DigiCertGlobalG2TLSRSASHA2562020CA1-1.crt
X509v3 Basic Constraints: critical
CA:FALSE
CT Precertificate SCTs:
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:
DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21
Timestamp : Jan 20 10:49:46.280 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:44:02:20:5D:ED:A9:58:10:05:0D:00:4C:BE:D1:BD:
92:22:DA:8E:37:91:DB:0A:F2:E7:59:6D:8A:E6:AC:F9:
88:26:59:9B:02:20:14:51:0D:61:09:4F:D1:E4:44:4C:
CB:D4:AA:BF:76:77:F6:B5:AC:04:39:2E:DF:C9:27:4E:
94:98:EA:8D:15:58
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:
4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0
Timestamp : Jan 20 10:49:46.332 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:20:66:DB:89:56:B0:B2:2E:01:D6:96:A9:04:
9D:2D:7B:1F:B7:CB:33:AF:8F:00:CA:53:AE:07:CD:AF:
9D:61:97:07:02:21:00:8D:40:39:EF:6F:65:4D:93:FF:
9E:93:69:9E:2B:C5:91:6F:EA:15:08:43:C3:B2:73:51:
35:C1:C6:8C:B1:A8:A9
Signed Certificate Timestamp:
Version : v1 (0x0)
Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:
5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3
Timestamp : Jan 20 10:49:46.352 2025 GMT
Extensions: none
Signature : ecdsa-with-SHA256
30:45:02:21:00:E2:83:E9:8E:24:BC:4A:81:39:F1:3A:
76:66:BA:40:ED:EA:DD:EC:07:79:DD:F3:85:E0:D0:CC:
89:31:30:F6:81:02:20:2F:8A:19:B9:14:10:F8:2A:9A:
5D:E3:BD:BD:DE:47:28:A1:94:41:97:81:8F:8A:8C:41:
97:30:72:CD:9C:DB:EB
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
a6:df:a5:02:89:4d:58:a3:68:f7:6d:11:f3:4f:61:74:3d:6a:
e4:5d:0d:36:0c:d5:e2:0c:a7:e3:72:15:d8:eb:fd:ea:e1:27:
9f:02:24:e0:56:e6:2d:7b:21:47:e1:e5:4a:67:81:be:aa:ee:
2a:68:b5:23:61:7d:3c:88:1d:89:50:1b:e4:d5:a6:ff:7a:10:
d1:4a:c2:c7:55:87:ed:d1:c1:9d:3c:2d:d4:bd:27:1f:a7:83:
2d:a7:fb:3f:e6:e3:62:98:d7:f0:8d:ca:17:a9:eb:0d:5f:8f:
9a:a5:44:9e:de:ed:ad:75:cb:7c:ce:1f:52:d2:37:24:65:6f:
1a:37:18:e2:15:38:0c:26:3e:17:d7:d4:11:02:2f:9b:1e:7e:
b0:1a:eb:8e:42:ab:8c:70:43:53:10:a1:cd:76:1e:20:e2:a9:
65:a5:48:1d:a1:d5:75:f0:b3:67:9d:8f:d3:c9:0a:95:fe:a2:
30:7e:55:fd:fc:bd:48:cf:7d:12:ca:0d:44:65:f7:b8:55:7e:
8b:9b:ce:a5:27:0e:55:00:99:85:25:22:11:5a:29:44:b1:a7:
b8:b1:de:65:39:08:9c:6b:f9:91:f2:69:d7:af:e6:69:5d:79:
f1:6e:4c:49:7f:84:eb:ab:0f:57:20:2e:55:92:63:a1:84:51:
67:49:7f:a1
- Valide à partir du Jan 20 00:00:00 2025 GMT
- Expire le Feb 19 23:59:59 2026 GMT
La réponse OCSP (reprise de plus haut):
OCSP Request Data:
Version: 1 (0x0)
Requestor List:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: A7C4B8B3DC5BB5581EA7D7F13AC569F56F48D789
Issuer Key Hash: 748580C066C7DF37DECFBD2937AA031DBEEDCD17
Serial Number: 0AFB084E3173C6BBD7B137FE361B1CAF
Request Extensions:
OCSP Nonce:
0410DA8B59DFC0026179522EF921372CAFB9
OCSP Response Data:
OCSP Response Status: successful (0x0)
Response Type: Basic OCSP Response
Version: 1 (0x0)
Responder Id: 748580C066C7DF37DECFBD2937AA031DBEEDCD17
Produced At: Sep 13 15:56:26 2025 GMT
Responses:
Certificate ID:
Hash Algorithm: sha1
Issuer Name Hash: A7C4B8B3DC5BB5581EA7D7F13AC569F56F48D789
Issuer Key Hash: 748580C066C7DF37DECFBD2937AA031DBEEDCD17
Serial Number: 0AFB084E3173C6BBD7B137FE361B1CAF
Cert Status: revoked
Revocation Time: Sep 13 00:16:04 2025 GMT
This Update: Sep 13 15:39:10 2025 GMT
Next Update: Sep 20 14:39:10 2025 GMT
Signature Algorithm: sha256WithRSAEncryption
Signature Value:
9f:3b:52:2b:e3:99:87:d3:e7:32:a0:30:37:e5:9b:6d:06:e4:
c5:6f:fe:3f:8b:84:5c:47:12:9a:97:7a:de:ec:dd:67:ec:d0:
cb:21:fb:f4:d8:78:6f:c6:11:93:af:f8:d1:35:74:43:e6:b8:
3e:7f:b7:da:09:a4:3b:7e:d3:7d:6c:a7:17:8d:da:67:d2:40:
1f:9d:b7:8f:b4:40:70:c2:92:34:bb:fe:a4:81:a0:90:bd:f9:
fe:15:29:60:ec:3b:d0:d2:7c:97:86:59:9b:08:1a:86:08:d9:
ea:e8:1a:e8:ff:56:7a:07:c6:48:3d:45:e5:51:db:43:04:3e:
48:5b:62:c4:08:bf:e8:97:75:b6:bc:1e:1d:99:20:07:dc:68:
9b:8c:d3:fd:e9:20:cc:60:2e:5e:43:0c:ca:38:10:aa:be:d0:
9c:9a:f8:da:55:31:13:f7:60:14:11:49:89:58:dc:5d:a0:c1:
27:34:3d:aa:0f:f5:82:2e:54:14:70:74:7e:0e:7c:a4:11:61:
71:ef:1f:8e:8b:c8:29:e0:59:04:9a:f2:c2:fb:80:fe:e8:0e:
30:51:0c:4d:79:66:87:3d:41:c7:de:00:e3:d3:bc:fd:03:fb:
3c:9b:b8:e6:66:c0:75:fe:10:3d:df:fc:06:ec:25:cc:00:e1:
39:89:9e:15
WARNING: no nonce in response
Response verify OK
old.pem: revoked
This Update: Sep 13 15:39:10 2025 GMT
Next Update: Sep 20 14:39:10 2025 GMT
Revocation Time: Sep 13 00:16:04 2025 GMT
- Cert Status: revoked
- Revocation Time: Sep 13 00:16:04 2025 GMT
Je cite la RFC6960 (X.509 Internet Public Key Infrastructure - Online Certificate Status Protocol - OCSP):
2.4. Semantics of thisUpdate, nextUpdate, and producedAt
Responses defined in this document can contain four times --
thisUpdate, nextUpdate, producedAt, and revocationTime. The
semantics of these fields are:
thisUpdate The most recent time at which the status being
indicated is known by the responder to have been
correct.
nextUpdate The time at or before which newer information will be
available about the status of the certificate.
producedAt The time at which the OCSP responder signed this
response.
revocationTime The time at which the certificate was revoked or
placed on hold.
producedAt est le timestamp de quand le serveur OCSP a signé la réponse, pas la date de la requête/réponse.
Le certificat a donc été révoqué
avant que le suivant a été créé/signé.
Tu ne comprends pas ce que tu lis, tu surlignes n'importe quoi et tu dis n'importe quoi.
Encore une fois, vous n'allez pas apprendre l'informatique aux équipes d'Orange.
Tu parles de toi à la 4ème personne ?
Protocoles réseaux sécurisés (https)