The Eurofurence Forum

Off Topic => Forum Issues => Topic started by: Recherchè on 30.04.2010, 22:19:15

Title: CERTIFICATE ERROR?
Post by: Recherchè on 30.04.2010, 22:19:15

Recently, my computers both at work and at home are having trouble negotiating the forum.  The main page runs fine.  I get a certificate error with everything after that.  The software is in place seems to doubt the validity of any webpage I click to.

rechè
 

Title: Re: CERTIFICATE ERROR?
Post by: o'wolf on 01.05.2010, 11:36:18

Unfortunately, you don't mention your web browser and operating system.

First of all, is the date on your computer correct? Most "invalid certificate" errors come from a wrongly adjusted clock. Next, check whether you have the StartCom/StartSSL CA installed. Some operating systems and browsers do not ship with it (this is apparently the case with MS Windows Vista before SP1). Please refer to http://www.startssl.com/ for details.

In case you wonder about the forum.eurofurence.org certificate itself:

$ openssl x509 -in forum-eurofurence-key.txt -issuer -email -dates -serial -purpose -alias -fingerprint -sha1 -noout
issuer= /C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
dohmaihns@yatho.de
notBefore=Apr 13 16:02:51 2010 GMT
notAfter=Apr 14 23:30:26 2011 GMT
serial=0179B1
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : Yes
SSL server CA : No
Netscape SSL server : Yes
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : No
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
<No Alias>
SHA1 Fingerprint=03:55:33:0F:3C:94:C9:7B:1B:78:D3:AB:15:64:E8:A8:57:19:6D:DF
$

The MD5 fingerprint is 90:14:4A:14:C1:14:32:C2:69:63:E5:67:17:C9:51:A3

(AND WHY THE F*** CAN'T I JUST COPY & PASTE THE F***ING INFORMATION FROM THE CERTIFICATE INFORMATION BOX OF ANY F***ING BROWSER?!)

And if you're asking why we are using a free certificate of a lesser known CA instead of one that's supported everywhere: Because regardless what Verisign claims we are not convinced that their certification process is more secure. And we neither can nor want to throw a big amount of money year after year at them.

Title: Re: CERTIFICATE ERROR?
Post by: Cheetah on 01.05.2010, 19:12:51

And on top of that, the focus was more on enabling encryption than authenticating the domain :)