I have been using Mozilla Firefox 3 for may months now both at home and work and have noticed that internet browsers are getting very hot on "Invalid Certificates" so it seems that having a "suspect" SSL certificate will not do you justice in the long term....
There are three (3) rules for SSL certificates these are as follows:
1. The certificate needs to be from a trusted certificate authority
2. The security certificate date is valid (this includes is not yet valid or has expired)
3. The name on the certificate needs to match the name on the site
In the old days of Internet Explorer v6 you got a rather normal error if one of these conditions get violated as shown below:
However in the world of Internet Explorer v7 and Mozilla Firefox v3 you get a more serious looking error:
If you are not that new to the internet then this must be quite a shock.....and you think that you might have shutdown the planet....but no...if you read the error your browser is only protecting you....but the way it does alert you is more lke a slap on the wrist.
If you think about this technically then it is the provider of the website that should resolve their wildcard SSL certificates or their inability to ensure all the SSL rules are met!
The above image shows that "members.microsoft.com" has an Unknown Issuer.....lets look a little more into this and view the certificate in detail and see what that uncovers....
Oh, well is'nt this suprising....Microsoft Certificate Authority trusts "members.microsoft.com".....well no shit sherlock....do you think that Microsoft will not trust themselves.....?
This is how never to setup a SSL cerficate for secure communication...in this case the trusted by should be Verisign or Thwate not Microsoft.....that is like says "Joe Hackers Website" is trusted by "Joe Hacker CA"
If you see sites that trust themselves then I would not disclose any personal or cofidential information using their SSL certificate.
There are three (3) rules for SSL certificates these are as follows:
1. The certificate needs to be from a trusted certificate authority
2. The security certificate date is valid (this includes is not yet valid or has expired)
3. The name on the certificate needs to match the name on the site
In the old days of Internet Explorer v6 you got a rather normal error if one of these conditions get violated as shown below:
However in the world of Internet Explorer v7 and Mozilla Firefox v3 you get a more serious looking error:
If you are not that new to the internet then this must be quite a shock.....and you think that you might have shutdown the planet....but no...if you read the error your browser is only protecting you....but the way it does alert you is more lke a slap on the wrist.
If you think about this technically then it is the provider of the website that should resolve their wildcard SSL certificates or their inability to ensure all the SSL rules are met!
The above image shows that "members.microsoft.com" has an Unknown Issuer.....lets look a little more into this and view the certificate in detail and see what that uncovers....
Oh, well is'nt this suprising....Microsoft Certificate Authority trusts "members.microsoft.com".....well no shit sherlock....do you think that Microsoft will not trust themselves.....?
This is how never to setup a SSL cerficate for secure communication...in this case the trusted by should be Verisign or Thwate not Microsoft.....that is like says "Joe Hackers Website" is trusted by "Joe Hacker CA"
If you see sites that trust themselves then I would not disclose any personal or cofidential information using their SSL certificate.
Tags
internet