Question about Security Certificate Notices

Discussion in 'Computer Security' started by Johnny Boy, Nov 21, 2008.

  1. Johnny Boy

    Johnny Boy Guest

    When I try to sign into certain sites using passwords, I get a window
    with the following message:

    "There is a problem with this website's security certificate.
    The security certificate presented by this website has expired or is
    not yet valid.
    Security certificate problems may indicate an attempt to fool you or
    intercept any data you send to the server."

    When I click for "more information", I am told: '

    "If you arrived at this page by clicking a link, check the website
    address in the address bar to be sure that it is the address you were
    expecting.
    When going to a website with an address such as https://example.com,
    try adding the 'www' to the address, https://www.example.com.
    If you choose to ignore this error and continue, do not enter private
    information into the website."

    What does this mean? And, what can I about it to fix it?

    Thanks in advance.
    Johnny Boy, Nov 21, 2008
    #1
    1. Advertising

  2. Johnny Boy <> writes:

    >When I try to sign into certain sites using passwords, I get a window
    >with the following message:


    >"There is a problem with this website's security certificate.
    >The security certificate presented by this website has expired or is
    >not yet valid.


    That indicates that either the web site has screwed up (its
    certificate has expired), or the clock on your computer is set
    wrongly and the certificate has a time that looks to be in the
    future relative to your computer time.

    >Security certificate problems may indicate an attempt to fool you or
    >intercept any data you send to the server."


    >When I click for "more information", I am told: '


    You need to look at the hostname on the certificate, to see if
    correct, and the time (start and ending time for the certificate
    validity).

    >What does this mean? And, what can I about it to fix it?


    If it is your problem, then either you are going to the wrong site
    or your computer clock is set wrongly. If the problem is neither
    of those, then it is the web site administrator's problem to fix.

    If this is a banking site or similar, be very cautious. Best not to
    enter any account name/id/password until you understand the problem.
    Neil W Rickert, Nov 21, 2008
    #2
    1. Advertising

  3. Johnny Boy wrote:
    >
    > "There is a problem with this website's security certificate.
    > The security certificate presented by this website has expired or is
    > not yet valid.


    > What does this mean? And, what can I about it to fix it?


    It normally means that the web site's management are incompetent or miserly.

    To fix it, use a web site that is competently managed.

    When you obtain a browser, it contains a list of (loosely) organisations
    that the browser vendor trusts to be able to validate the authenticity
    of web sites (the "root cerficates"). When you access a secure web
    site, that site sends you some data (a "certificate"), that has been
    verified by one of the trusted organisations, and marked as such in a
    tamper resistant way.

    The web site owners have a secret piece of data. The certificate
    contains a piece of data that depends on that secret, but cannot,
    realistically, be used to find the secret. The encryption keys for the
    session are created by a process that involves your browser using the
    information in the certificate, and the web site using the secret from
    which it was derived. If they don't have the secret that corresponds to
    the certificate, you will not get matching encryption keys and the data
    in both directions will be gibberish.

    The trusted organisation sets time limits during which they offer you
    some (rather limited) guarantees, that the secret being used by the web
    site belongs to the organisation that purports to operate the web site.
    These time limits are encoded into the certificate, and there is a
    tamper detection mechanism.

    The organisations would probably argue that you need the time limits
    because:

    1) it is possible to find out the secret from a certificate, given
    enough time;

    2) someone may discover a flaw in the way certificates are produced
    which might make that time rather short;

    3) the longer the secret is in use, the more chance that it is
    accidentally or maliciously revealed.

    However a large element of the reason may really be that it ensures that
    people keep paying to update the time limits.

    Once a certificate is compromised, anyone who can intercept your
    connection to the web site can pretend to be that web site; they may
    even really your input to the real web site.

    The certificate also contains the web site address and the real world
    identity of its owner. The browser will check the site address. If you
    know one of them with certainty, you should check that against the
    certificate/address bar. If you know neither, you may well have an
    encrypted connection to a fraudster, however valid the certificate is!
    David Woolley, Nov 21, 2008
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ch. Rajinder Nijjhar Jatt

    Mail undelivered notices

    Ch. Rajinder Nijjhar Jatt, Sep 19, 2003, in forum: Computer Support
    Replies:
    2
    Views:
    468
    Ch. Rajinder Nijjhar Jatt
    Sep 19, 2003
  2. Joe & Kathy Haver

    failure notices

    Joe & Kathy Haver, Oct 14, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    370
    Joe & Kathy Haver
    Oct 14, 2003
  3. Joe & Kathy Haver

    failure notices

    Joe & Kathy Haver, Oct 14, 2003, in forum: Computer Support
    Replies:
    1
    Views:
    457
    slumpy
    Oct 14, 2003
  4. Jim Beaver

    Weird XP reboot notices

    Jim Beaver, Sep 22, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    471
  5. Derek Janssen

    Warner finally notices Hanna-Barbera:

    Derek Janssen, Jan 15, 2004, in forum: DVD Video
    Replies:
    8
    Views:
    465
    Metlhd3138
    Jan 16, 2004
Loading...

Share This Page