https certificat question

Off topic discussion
User avatar
metis
Posts: 1219
Joined: Wed Jan 14, 2009 10:06 am
Location: NE Minneapolis
Contact:

https certificat question

Postby metis » Fri Oct 30, 2009 6:21 pm

so i tried to do some internet financial stuff recently, and FF and IE on my home lappy, FF and Kon on the home desktop, and my G1 all returned invalid certificates by unknown issuer to log in. so i didn't use the web and phoned in to deal with being on hold. extra fees were waived for speaking to a rep since i couldn't log in, but as a 4x check my parents machine running *older* FF and older kubuntu recog.. hello... FF spell checker on kubuntu doesn't recognize the word kubuntu or ubuntu... recognized the cert as being a valid verisign certificate valid through next year. any ideas on what's going on there?

User avatar
wammie
Site Admin
Posts: 1444
Joined: Sat Mar 14, 2009 4:14 pm
Location: Minneapolis, Minnesota
Contact:

Re: https certificat question

Postby wammie » Sat Oct 31, 2009 10:22 am

metis wrote:so i tried to do some internet financial stuff recently, and FF and IE on my home lappy, FF and Kon on the home desktop, and my G1 all returned invalid certificates by unknown issuer to log in. so i didn't use the web and phoned in to deal with being on hold. extra fees were waived for speaking to a rep since i couldn't log in, but as a 4x check my parents machine running *older* FF and older kubuntu recog.. hello... FF spell checker on kubuntu doesn't recognize the word kubuntu or ubuntu... recognized the cert as being a valid verisign certificate valid through next year. any ideas on what's going on there?
Somehow your machine is holding on to expired certificates. First identify the certificate(s) that has(have) trouble. Then go to Internet Options -> Content -> Certificates. Inspect all tabs for those certificates and remove them. Delete temporary cache, cookies and history in IE. Reboot computer (this will remove anything cached in memory). Try to visit the site(s) again and you should be prompted to accept their new and valid certificates. Do the similar operations in FF.

User avatar
wammie
Site Admin
Posts: 1444
Joined: Sat Mar 14, 2009 4:14 pm
Location: Minneapolis, Minnesota
Contact:

Re: https certificat question

Postby wammie » Wed Nov 04, 2009 1:27 pm

Metis, did my suggestion help at all? Were you able to resolve the issue?

User avatar
metis
Posts: 1219
Joined: Wed Jan 14, 2009 10:06 am
Location: NE Minneapolis
Contact:

Re: https certificat question

Postby metis » Sat Nov 07, 2009 1:28 pm

haven't needed to try yet, will let you know if it does

efk
Posts: 17
Joined: Wed Feb 11, 2009 7:05 pm

Re: https certificat question

Postby efk » Sat Nov 14, 2009 3:05 am

Every browser has a different CRL (Certificate Revocation List). Some browsers will honor some of the goofy Certificate Authorities and some will not. When people opt to buy the cheap certificate from the bank of hong kong, it's not necessarily going to be accepted everywhere, that's all subject to the CRL. Who was the CA? Was the Certificate legitimately revoked? Did the common name on the certificate match the domain you were visiting? You saw https in your address bar, correct? Etc...

I do not believe that caching of SSL certificates or content is allowed, but it is possible that could be an issue. Another thing to keep in mind, is the null termination issues that recent browsers have had and all of the faulty debian certificates that have been revoked.

As you can see, there are a multitude of things that could have gone wrong, but you did the right thing by calling in. Good on you!


Return to “Off Topic”

Who is online

Users browsing this forum: No registered users and 2 guests

cron