Browsers and certificate errors...

[William Gaatjes]

I posted in another thread that i would get all the time these messages that certificates from websites are no longer valid.

I found out what could be wrong when Opera (or any other browser for that matter) would constantly come up with a security certificate error even on www.opera.com. Which is strange of course.

1. Your Computer’s date is set to a wrong value
2. The Security Certificate has really expired
3. The web-site is not trustable
   

As it turned out, the pc had a cmos checksum error because of an an almost empty backup battery. I had corrected all the settings but did not adjust the time (Expected windows to do it for me automatically).

Because the years was set back to 2004 and because i can assume that Opera uses system time to check for security certificate dates, Opera assumed correctly that the certificates where no longer correct.


http://www.opera.com/support/kb/view/255/

When Opera receives a chain of Public Key Certificate from the server it will verify the authenticity of the certificate(s) by checking that the chain verify correctly, and that the certicate can be traced to one of the Certificate Authority Certificates in the database.

If the certificates cannot be traced to an installed certificate, Opera will ask you if you accept the certificate and the server as legitimate. If you accept the server you will not be asked again while Opera is running. If you shut down Opera the list of accepted servers is not stored to the disk.

If such a certificate chain actually included a selfsigned root certificate, you have the option of installing the root certificate into the database and to set the flags for its use. By installing the certificate, and not unchecking the allow connection flag, you will, implicitly, accept the server.

If the chain is found to be correct, Opera proceeds to check the database entires of those Certificate Authorities that have signed certificates in the chain (at least the top certificate will be present in the database).

If for one (or more) of these Authorities you have unchecked the allow connection flag, you will be shown a Access denied fatal error message, and the connection will be shut down.

If you have Allowed access, but have checked the Warning option for at least one of the Certificates Authorities you will be shown the certificate and asked to accept it. Such warnings will be shown each time such a certificate is received, even if it has been accepted before.

If none of the conditions above occur, Opera will continue the SSL connections without needing input from the user.

NOTE: It is the user's responsibility to decide if he or she is willing to trust any specific Web site, SSL-enabled or not. This is especially true when doing business transactions. The Certificate Authorites generally require a lot of verifiable documentation about the operators of the sites that are issued a certificate, but it is always possible to fool the CA, or the operator may be less than a serious businessman. Opera provides some means to weed out or flag the completly unserious or dubious Certificate Authorities, But YOU will still need to evaluate each of the servers you plan to do business with.

 

[William Gaatjes]

I just noticed that even my virus scanner is calling me an idiot for not updating my virus scanner database since 2004. :biggrin::biggrin::biggrin:

 

[Raghu]

Happens every day when the computer boots up after a power loss. The native gtalk app doesnt work either.