Certificate Revocation and Heartbleed

The CloudFlare Heartbleed Challenge has been solved, and the private key for cloudflarechallenge.com was obtained by several authorized attackers using the Heartbleed exploit. Private key holders can impersonate the site, as demonstrated by Fedor Indutny. Although the certificate has been revoked, the site remains active to test browser behavior when encountering expired certificates. Internet Explorer and Safari give warnings but allow users to proceed; Firefox denies access, while Chrome allows loading without warning due to disabled online verification. Certificate revocation rates have increased since Heartbleed's discovery, with more websites evaluating the risk of stolen private keys.