December 31, 2011
I have been trying to get to a web page on a Canadian Federal Government site that I know would be a valid, legitimate site. When I get to this page, I get a Certificate Error telling me that the certificate for this site does not come from a trusted certificate authority. This happens with IE9 and with Chrome, but I am able to get to the site OK in Firefox. It looks as if the list of trusted certificate authorities stored in the browsers are not the same - either IE and Chrome are missing a valid authority and need to be updated, or Firefox perhaps missed deleting a newly untrusted authority and it needs to be updated. I have been searching the Microsoft Support site to see if there is a way to update the list in IE, but can't find anything that would help. I know these updates normally come through Windows Update and I've checked it three times and it says I'm all up to date.
You might wonder why I don't just use Firefox to do what needs doing, but I'm actually looking into this on behalf of a friend who only uses IE and she has been trying for days to get past this error in IE. Though she is not terribly technical, she does have an XP desktop and a Win7 laptop and gets the same error on both. I'm getting the error on my Win7 desktop. If all else fails, I'll install Firefox on her laptop and hope that it is able to get to this site just as it does on my PC.
Any suggestions as to how to get around this error?
Hi Patrick - In Internet Explorer, are you not seeing an option to "Continue to this website"?
December 31, 2011
I didn't look for the option to continue to the site in IE, Jim, though it was probably there. The option was there in Chrome and I used it. It let me go on to the site, showing a big red line through the https in the address bar. The problem with continuing, of course, is that there could actually be an invalid certificate on the site, concealing some malware there. This is highly unlikely given the nature of the site and if it were me using it, I would probably go ahead and use this option. But my friend who is less technically savvy, is rightly put off by the dire warning and I would not want to encourage her to ignore the warning whenever it appears. I would really like to find out why the warning is there in IE and Chrome and not in Firefox, since appears that there is some kind of underlying problem with one or more of these browsers.
December 31, 2011
Well, we don't know which site, but it obviously required entering some personal information. It is possible that their certificate has expired or they've fallen victim to the new 1024bit encryption limit imposed in October, but that just seems like sloppy management to me, especially for a government agency.
of course, is that there could actually be an invalid certificate on the site, concealing some malware there.
Government sites are a target for a multitude of reasons and that would definitely be my primary concern. My secondary concern would be some type of certificate screwup higher up the chain. Do they have a support contact, or a general contact whom you could email? Maybe include a screenshot. I would definitely do so (and maybe google the site + ssl certificate before I entered any personal data.
December 31, 2011
Dave and Jim, thanks for your thoughts on this issue. I managed to find an email address at this government site to raise the problem (finding the address is a whole other issue) and just this morning, I received a response.
The message that you have indicated is the result of a technical problem that has now been resolved. You should be able to continue accessing (site/page) without further difficulty. Please try again.
My friend has in fact "tried again" and was successful, so the problem has been resolved.
This still left me wondering, though, why the apparently untrusted certificate authority was detected by IE, Chrome and Safari, but not by Firefox. Then I was listening to Steve Gibson's Security Now podcast mid-week, where he happened to be discussing something related to how browsers check certificates for validity. All browsers compare the certificate's issuing authority against a list of trusted certificate authorities. It turns out, though, that only Firefox maintains its own list - all the other browsers compare certificates against the certificate authority list that is maintained by the OS. Still leaves the question, of course, of why these two lists were apparently not the same.
Glad to hear all is now well Patrick, thanks for letting us know.
the result of a technical problem that has now been resolved
Substitute: We forgot to renew the certificate, we have now done that.
On the variances twixt browsers; just a guess but I would imagine that the Firefox method would result in more frequent updates to the listings. Although, all the evidence tends to suggest that Firefox was actually behind the others... strange indeed!
Most Users Ever Online: 2303
Currently Browsing this Page:
Guest Posters: 10
Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas
Moderators: Carol Bratt, dandl, Jason Shuffield, Jim Canfield, Terry Hollett, Sergey Grankin