Updating security certificate your web browser
The web company's status page states: Global Sign manages several root certificates and for compatibility and browser ubiquity reasons provides several cross-certificates between those roots to maximize the effectiveness across a variety of platforms.
As part of a planned exercise to remove some of those links, a cross-certificate linking two roots together was revoked.
Now, Android does not seem to reload the file automatically.
I have read in several blog posts that I need to restart the device.
CRL responses had been operational for one week, however an unexpected consequence of providing OCSP responses became apparent this morning, in that some browsers incorrectly inferred that the cross-signed root had revoked intermediates, which was not the case.
End users cannot always easily clear their caches either through lack of knowledge or lack of permission.
"That's the unfortunate thing about PKI, different browsers have different update levels," Global Sign's strategic projects director Steve Roylance told The Reg.
Just hours ago, it became clear that Global Sign – a New Hampshire, US-based biz – was having troubles with its Online Certificate Status Protocol (OCSP), which is used for obtaining the revocation status of public key certificates which ensure that netizens are connecting to legit sites using SSL/TLS.
Doing so results in the file being overwritten with the original one again.
My next try was to install the certificate from SD card by copying it and using the according option from the settings menu.