I'm drawing up some documentation for users with the intent on educating them on certificate revocation. I would like to include screen shots of browsers to demonstrate the user experience when encountering a revoked cert. The revocation can occur via either OCSP or CRL.
I've tried digging around CRLs, but they list the serial number of a certificate and don't provide a URL for me to try connecting.
Could someone provide a URL to a live site with a non-self-signed but revoked cert? Or perhaps there's a way to look up certs in a CRL and cross reference them to a URL?
Here's a second in case anyone else stumbles upon this question (my company firewall blocks port 2443 outbound):
https://revoked.grc.com/
EDIT: This is a VERY belated update, but I just discovered:
https://badssl.com/
Which, at least for me, has everything I needed to test.
Does this one fit the bill? https://test-sspev.verisign.com:2443/test-SSPEV-revoked-verisign.html
The DigiCert Trusted Root Authority Certificates page contains links to hosts with revoked certificates (look for the text “Demo Sites for Root” on that page).
You can find a revoked EV certificate under DigiCert High Assurance EV Root CA → Demo Sites for Root → Revoked.