Needless to say I initially passed it off as someone having their client not configured correctly or running some outdated software (I really should avoid having these biases but I digress), but just as a sanity check, I decided to take a look.Good morning Colin, I hope your weekend was awesome. Just a quick email to let you know that I am having issues with a possible certificate problem on Firefox, chrome, ie and even edge. It works fine on safari on an iPad.
Being that I didn't revoke the certificate myself, I reached out to the reseller that issued the certificate and had this relayed to me:
I was not happy to read this, but my reseller was awesome enough to issue me a refund so I could go ahead and just switch the certificate to another provider. There is no malware on Canary to say the least so the statement by Symantec is irrevocably false.Reseller rep.:We regret to inform you that certificate [number] for www.canary.pw domain has been revoked by the Certificate Authority due to the site being flagged as potentially containing malware in a recent site scanning by Symantec (owner of GeoTrust). Unfortunately we were not warned of the upcoming revocation, so we apologize for any inconvenience that this may cause.[…]Reseller rep.:As per our check with Symantec, they will no longer be issuing SSL certs to .PW domains. You are advised to remove the SSL certificate from the server to avoid security errors related to a revoked certificate.
But here's the thing: why did Geotrust just go ahead and revoke the certificates for all .PW domains without any warning? Why did they believe that this was the best course of action and why did they decide to put domains at risk? It is because of these questions that I cannot recommend using them as a certificate authority.
Geotrust has done a great job demonstrating the problem with certificate authorities: they're closed organizations that you cannot put any trust into.