Recently there have been many SSL certificates revocated due to the heartbleed issue. Yesterday, for the first time, I came across a warning advising the information for a certificate was not available. Once reading and accepting the revocation I continued on my merry way.
Today however I received another revocation notice when using the java updater.
Has Java forgotten to remove a revocated certificate from their servers?
Interestingly I had carried out a search simply for sjremetrics.java.com (the certificate was created for this URL) and lo and behold the very first response was for a post on the Oracle Forum which detailed Java having exactly the same issue back in 2010.
Side note. On looking at the details of the SSL certificate I see that it was issues on 17th September 2013 and was due to expire on the 17th November 2014. A 14 month certificate? I did not know that was possible. Or was it revoked in 2013 as well?
I have tried to submit a bug for this issue however Oracle’s bug reporting process is atrocious.
I have received an email stating that the report “will be evaluated”. Don’t think I will bother next time.