Security Certificate Errors

Discussion in 'Computer Security' started by Alan K, Feb 9, 2009.

  1. Alan K

    Alan K Guest

    Recently I have started getting Security Certifcate errors when browsing
    using Internet Explorer 7. The problem seems to be common to all https::
    websites.
    The error message I get is either:
    "This CARoot Certificate is not trusted" or
    "There is a problem with this website's security certificate".
    Sometime when I get the option to click on the browser bar to display
    unsecure content it make no difference.
    I have recently downloaded the certificate root store updates and installed
    Windows XP SP3 which have not cured the problem.
    As the problem seems to occur with multiple sites it seems it is higher up
    the cetrificate chain. Whenever I have looked at the dates on a vendor's
    certificat they have always been valid.
    Hope somebody cah shed some light on this and why it has started to occur.
    Thanks
    Alan
     
    Alan K, Feb 9, 2009
    #1
    1. Advertisements

  2. Alan K

    Leone C Guest

    The same problem occured as well with my PC - please someone let me know how
    to resolve. Every website i type on the web address - its indicating
    certificate error. Thank you
    Leone C
     
    Leone C, Mar 4, 2009
    #2
    1. Advertisements

  3. Alan K

    meadowgale Guest

     
    meadowgale, Mar 24, 2010
    #3
  4. Alan K

    MEB Guest

    Apparently a "bump" to indicate you have a like issue?

    In addition to {or to further} the answers previous given in
    discussions such as this;

    Certs can be created by individual sites/services WITHOUT a master
    signing service authorization -e.g., cross signed by [created under] an
    authorized key from one of the *master authorities* such as RSA,
    Verisign, Microsoft Internet Authority, etc.. OR which may use one of
    the expired or invalid or forged *Authority* keys; OR which are
    *self-signed*.

    One should be EXTREMELY cautious when authorizing or installing any of
    these Certs as these are part of the security measures employed within
    your system and on the Internet. Make sure you FIRST check the search
    engines and other sites/services [including whois, and malicious site
    exposure services] to ensure whatever site/service that is offering the
    Cert *IS NOT* a malicious site. DATES on the certificate mean nothing,
    as it is the *authorizations* included within the Cert which you should
    be concerned with.

    Beyond the *normal Certs* you will also now find "JAVA" and other
    scripting Cert authorizations.

    There are tools available to check these questionable Certs which do
    not require pre-installation. I suggest you make an effort to use these,
    as you can generally locate the "attempted* Cert within the browser's
    cache/temp files, or, in a pinch, do so via the Cert install screen
    PRIOR to the installation. I would also emphasize that you should
    attempt to determine WHERE the Cert request/authorization comes from as
    many Adverti$ers and malicious activities may ALSO require/request
    authorizations [which you really don't want].


    REFERENCES/EXAMPLES:

    http://forums.sun.com/thread.jspa?threadID=615148

    Browser Certificate Tests
    http://security.fnal.gov/pki/browsercerttest.html

    Extended Validation Certificate
    http://en.wikipedia.org/wiki/Extended_Validation_Certificate

    HowTo: Import the CAcert Root Certificate into Client Software
    http://wiki.cacert.org/BrowserClients

    Loading the RULink Project CA Certificate
    https://rulink.rutgers.edu/loadca.html

    --
    MEB
    http://peoplescounsel.org/ref/windows-main.htm
    Windows Info, Diagnostics, Security, Networking
    http://peoplescounsel.org
    The "real world" of Law, Justice, and Government
    ___---
     
    MEB, Mar 24, 2010
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.