I downloaded a revoked certificate from the website https://www.ssl.com/sample-valid-revoked-and-expired-ssl-tls-certificates/. Specifically, the revoked certificate of the site https://revoked-rsa-ev.ssl.com/.
To check the verification result in OpenSSL, I downloaded the CRL and ran the command :
openssl verify -untrusted 'SSL.com EV SSL Intermediate CA RSA R3.pem' -CRLfile SSLcom-SubCA-EV-SSL-RSA-4096-R3.crl.pem -show_chain revoked-rsa-ev.ssl.com.pem
However, instead of showing it as revoked, it successfully verifies the certificate. This is the output :
depth=0: C = US, ST = Texas, L = Houston, O = SSL Corp, serialNumber = NV20081614243, CN = revoked-rsa-ev.ssl.com, postalCode = 77098, businessCategory = Private Organization, street = 3100 Richmond Ave, jurisdictionST = Nevada, jurisdictionC = US (untrusted)
depth=1: C = US, ST = Texas, L = Houston, O = SSL Corp, CN = SSL.com EV SSL Intermediate CA RSA R3 (untrusted)
depth=2: C = US, ST = Texas, L = Houston, O = SSL Corporation, CN = SSL.com EV Root Certification Authority RSA R2
Have I used the incorrect command? Moreover, even Chrome shows the certificate as trusted but not Firefox. Why is this happening?