tonycondon
Gastons CRO (Chief Dinner Reservation Officer)
every time i open a post here today, i get a pop up complaining about a sercurity certificate. whats that about?
Security Certificate
- Thread starter tonycondon
- Start date
- Joined
- Jul 4, 2006
- Messages
- 5,128
- Location
- Lincoln, Nebraska
- Display Name
Display name:
Jason W (FlyNE)
What is the URL at the top of the window at the time? Can you post a full screenshot including the address bar and the error message?
Also, did it just start today? From home or the office?
tonycondon
Gastons CRO (Chief Dinner Reservation Officer)
well,
i opened up jesseweather and got the same pop up, accidently hit "continue" or "accept" or something like that, and now it has quit happening. so I cant give you any specifics.
i opened up jesseweather and got the same pop up, accidently hit "continue" or "accept" or something like that, and now it has quit happening. so I cant give you any specifics.
tonycondon
Gastons CRO (Chief Dinner Reservation Officer)
oh! I got it to happen again.
the certificate in question is from paypal.
the certificate in question is from paypal.
tonycondon
Gastons CRO (Chief Dinner Reservation Officer)
yep, i just noticed that correlation.
its all teds fault, again.
its all teds fault, again.
vontresc
En-Route
ScottM
Taxi to Parking
- Joined
- Jul 19, 2005
- Messages
- 42,530
- Location
- Variable, but somewhere on earth
- Display Name
Display name:
iBazinga!
if you give Ted money he will go all the way?If you just donated some $$$ I bet it would all go away
sba55
En-Route
Oh I thought you said "go away" and was all excited for a second! :smile:if you give Ted money he will go all the way?
jesse
Touchdown! Greaser!
Tony -- could you please take a screenshot of the certificate error you're getting. There really isn't anyhting obvious about his signature...the certificate is valid. I'm thinking your browser might be ultra paranoid.
- Joined
- Jul 4, 2006
- Messages
- 5,128
- Location
- Lincoln, Nebraska
- Display Name
Display name:
Jason W (FlyNE)
Tony,
This sounds crazy, but could you verify that the date/time is set correctly on your computer?
Is anybody else seeing this happen? Pete, you seemed to zero in on the cause...have you see the warning?
This sounds crazy, but could you verify that the date/time is set correctly on your computer?
Is anybody else seeing this happen? Pete, you seemed to zero in on the cause...have you see the warning?
vontresc
En-Route
When Tony mentioned the PayPal cert I just figured it had to be Ted's donation link. I know he caused trouble in the past.
tonycondon
Gastons CRO (Chief Dinner Reservation Officer)
it was on the computer at work, probably a browser issue. i can check tomorrow.
TMetzinger
Final Approach
Ah! If it's a work computer, you may not have the latest root certificates installed. Entrust, Verisign, and other companies replaced there intermediate certificate authorities in the last year, and the old CA's are expired. If you don't have the new CA certs installed, your browser can't form a certificate chain and will throw an error.
Gobbledy-gook? Let's try a plain-english version.
SSL certificates all chain upwards to a certificate authority. Essentially, your browser comes from Microsoft or Apple or Sun or whoever with certain trusted elements in it. So your browser already "knows" it trusts Andre (for example)
Paypal has a certificate signed by David. David is signed by Charlie, who's signed by Bob, who's signed by... Andre! So your browser will trust the certificate because it can work all the way back to Andre. But in this case, Bob or Charlie got new certificates signed by Anna, who ISN'T embedded in your browser. So once you update your browser (this is something that happens with windows update) root certificates to trust Anna, then you'll once again be able to trust David.
Not sure that was any easier to understand...
Gobbledy-gook? Let's try a plain-english version.
SSL certificates all chain upwards to a certificate authority. Essentially, your browser comes from Microsoft or Apple or Sun or whoever with certain trusted elements in it. So your browser already "knows" it trusts Andre (for example)
Paypal has a certificate signed by David. David is signed by Charlie, who's signed by Bob, who's signed by... Andre! So your browser will trust the certificate because it can work all the way back to Andre. But in this case, Bob or Charlie got new certificates signed by Anna, who ISN'T embedded in your browser. So once you update your browser (this is something that happens with windows update) root certificates to trust Anna, then you'll once again be able to trust David.
Not sure that was any easier to understand...
- Joined
- Jul 4, 2006
- Messages
- 5,128
- Location
- Lincoln, Nebraska
- Display Name
Display name:
Jason W (FlyNE)
I wondered about that, but paypal's certificate is signed by Verisign. THE original CA. I doubt if anything regarding their inclusion has changed since SSL was invented.
TMetzinger
Final Approach
The root ca hasn't changed, but the intermediate one (the one that signed the Paypal cert) probably has changed.
We got a rash of these incidents at work recently when we renewed our entrust certificates - many of our clients were getting errors that went away when they updated their trusted roots.
TangoWhiskey
Touchdown! Greaser!
If you're on a Windows computer, Microsoft has a program to update those trusted roots.
http://support.microsoft.com/default.aspx/kb/931125
Look for the download link under Update for Root Certificates [September 2009] (KB931125)
Windows Update will do it, too.
http://support.microsoft.com/default.aspx/kb/931125
Look for the download link under Update for Root Certificates [September 2009] (KB931125)
Windows Update will do it, too.
tonycondon
Gastons CRO (Chief Dinner Reservation Officer)
it was magically fixed today...