Certificate Error: Untrusted Authority

Avatar

Please consider registering
Guest

Search

— Forum Scope —






— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

Register Lost password?
sp_Feed sp_topic_old
Certificate Error: Untrusted Authority
Avatar
ptmguelph
Canada
Member
Forum Posts: 17
Member Since:
December 31, 2011
sp_UserOfflineSmall Offline
1
January 28, 2013 - 9:11 pm
sp_Permalink sp_Print

I have been trying to get to a web page on a Canadian Federal Government site that I know would be a valid, legitimate site.  When I get to this page, I get a Certificate Error telling me that the certificate for this site does not come from a trusted certificate authority.  This happens with IE9 and with Chrome, but I am able to get to the site OK in Firefox.  It looks as if the list of trusted certificate authorities stored in the browsers are not the same - either IE and Chrome are missing a valid authority and need to be updated, or Firefox perhaps missed deleting a newly untrusted authority and it needs to be updated.  I have been searching the Microsoft Support site to see if there is a way to update the list in IE, but can't find anything that would help.  I know these updates normally come through Windows Update and I've checked it three times and it says I'm all up to date.

You might wonder why I don't just use Firefox to do what needs doing, but I'm actually looking into this on behalf of a friend who only uses IE and she has been trying for days to get past this error in IE.  Though she is not terribly technical, she does have an XP desktop and a Win7 laptop and gets the same error on both.  I'm getting the error on my Win7 desktop.  If all else fails, I'll install Firefox on her laptop and hope that it is able to get to this site just as it does on my PC.

Any suggestions as to how to get around this error?

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
2
January 28, 2013 - 9:39 pm
sp_Permalink sp_Print

Hi Patrick - In Internet Explorer, are you not seeing an option to "Continue to this website"?

http://windows.microsoft.com/en-AU/windows-vista/About-certificate-errors

Cheers... Jim

 

Avatar
ptmguelph
Canada
Member
Forum Posts: 17
Member Since:
December 31, 2011
sp_UserOfflineSmall Offline
3
January 29, 2013 - 9:37 am
sp_Permalink sp_Print

I didn't look for the option to continue to the site in IE, Jim, though it was probably there.  The option was there in Chrome and I used it.  It let me go on to the site, showing a big red line through the https in the address bar.  The problem with continuing, of course, is that there could actually be an invalid certificate on the site, concealing some malware there.  This is highly unlikely given the nature of the site and if it were me using it, I would probably go ahead and use this option.  But my friend who is less technically savvy, is rightly put off by the dire warning and I would not want to encourage her to ignore the warning whenever it appears.  I would really like to find out why the warning is there in IE and Chrome and not in Firefox, since appears that there is some kind of underlying problem with one or more of these browsers.

Patrick

Avatar
ptmguelph
Canada
Member
Forum Posts: 17
Member Since:
December 31, 2011
sp_UserOfflineSmall Offline
4
January 29, 2013 - 9:54 am
sp_Permalink sp_Print

A bit more information on this topic.  I just tried going to the same government site on my Mac running Mountain Lion and I get the same certificate error in both Chrome and Safari.  

 

Patrick

Avatar
David Hartsock
Admin
Forum Posts: 1105
Member Since:
August 7, 2011
sp_UserOfflineSmall Offline
5
January 30, 2013 - 9:55 am
sp_Permalink sp_Print sp_EditHistory

Well, we don't know which site, but it obviously required entering some personal information. It is possible that their certificate has expired or they've fallen victim to the new 1024bit encryption limit imposed in October, but that just seems like sloppy management to me, especially for a government agency.

of course, is that there could actually be an invalid certificate on the site, concealing some malware there.

Government sites are a target for a multitude of reasons and that would definitely be my primary concern. My secondary concern would be some type of certificate screwup higher up the chain. Do they have a support contact, or a general contact whom you could email? Maybe include a screenshot. I would definitely do so (and maybe google the site + ssl certificate before I entered any personal data.

Avatar
ptmguelph
Canada
Member
Forum Posts: 17
Member Since:
December 31, 2011
sp_UserOfflineSmall Offline
6
February 1, 2013 - 2:04 pm
sp_Permalink sp_Print

Dave and Jim, thanks for your thoughts on this issue.  I managed to find an email address at this government site to raise the problem (finding the address is a whole other issue) and just this morning, I received a response.

The message that you have indicated is the result of a technical problem that has now been resolved. You should be able to continue accessing (site/page) without further difficulty. Please try again.

My friend has in fact "tried again" and was successful, so the problem has been resolved.

This still left me wondering, though, why the apparently untrusted certificate authority was detected by IE, Chrome and Safari, but not by Firefox.  Then I was listening to Steve Gibson's Security Now podcast mid-week, where he happened to be discussing something related to how browsers check certificates for validity.  All browsers compare the certificate's issuing authority against a list of trusted certificate authorities.  It turns out, though, that only Firefox maintains its own list - all the other browsers compare certificates against the certificate authority list that is maintained by the OS.  Still leaves the question, of course, of why these two lists were apparently not the same.

Avatar
Jim Hillier
Admin
Forum Posts: 2492
Member Since:
August 9, 2011
sp_UserOfflineSmall Offline
7
February 1, 2013 - 6:29 pm
sp_Permalink sp_Print

Glad to hear all is now well Patrick, thanks for letting us know.

the result of a technical problem that has now been resolved

Substitute: We forgot to renew the certificate, we have now done that.

On the variances twixt browsers; just a guess but I would imagine that the Firefox method would result in more frequent updates to the listings. Although, all the evidence tends to suggest that Firefox was actually behind the others... strange indeed!

Forum Timezone: America/Indiana/Indianapolis

Most Users Ever Online: 188

Currently Online:
14 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Member Stats:

Guest Posters: 10

Members: 1272

Moderators: 3

Admins: 4

Forum Stats:

Groups: 8

Forums: 19

Topics: 1538

Posts: 11824

Administrators: Jim Hillier, Richard Pedersen, David Hartsock, Marc Thomas

Moderators: Judy Novotny, Jason Shuffield, Mail Poet