Need help to track down a security certificate false error

P

piloteer

New Member
Reaction score
1
Got a strange problem with an HTTPS web site. The only site with a problem. When I click on a web page sign in it does so with no problem. After the page opens I proceed to a separate secure link from the menu on the sign in page.

I get the Certificate error "This certificate cannot be verified up to a trusted certification authority. Geo Trust SSL CA is the issuing authority with the date 5/8/2011 to 6/9/2012."

Checked the certification path and it displays the proper path and "This Certificate is OK.

Contacted the website customer service who offered the usual b.s. clean cookies, etc, etc. They were useless.

The strange thing is the date 5/8/2011 to 6/9/2012

Aren't these certificates issued for a 12 month period and not 13?

Anyone have any other ideas?
 
They actually issue them with 'bonus' time. To allow you extra time to reissue/replace the SSL at the end of the period.

I read this only a few days ago, but for the life of me I can't remember the site.
 
piloteer said:
When I click on a web page sign in it does so with no problem. After the page opens I proceed to a separate secure link from the menu on the sign in page.
Click to expand...

Ensure that the URL of the link that you are clicking on is properly formatted for the exact URL that you specified when you setup the SSL certificate.

For example, if you set it up to use www.domain.com & the link is using https://domain.com (with no www), then it will not work. You would have to change the link to the www.

I suspect the login page uses the correct protocol (using the www or without) and the linked page does not.

In regards to the term, you are usually thrown an extra month or two for the reason stated above.
 
The issue is with a bank and the main login page is an https. The certificate is issued to the bank and the pupose is to provide a 128kb security mode for entering user and password. That seems to work ok. The issue is with the "billpay" function which opens a different page. That certificate is issued for the URL of the link used for that purpose.

It's all automatic and never had a problem until the new certificate was issued effective May 8 2011. It expires June 9 2012. The system I'm thinking, sees this as a wrong date. Using IE8 SP3.

Ran a full scans using Malwarebytes then AVG. Computer comes up clean.
No problem on other sites such as credit card and so on.

On the Geo site that provides the certificate to the bank it indicates that other secure sites have experienced the same issue, Experian is one site and Bank of America was another.
 
piloteer said:
The issue is with a bank and the main login page is an https. The certificate is issued to the bank and the pupose is to provide a 128kb security mode for entering user and password. That seems to work ok. The issue is with the "billpay" function which opens a different page. That certificate is issued for the URL of the link used for that purpose.

It's all automatic and never had a problem until the new certificate was issued effective May 8 2011. It expires June 9 2012. The system I'm thinking, sees this as a wrong date. Using IE8 SP3.

Ran a full scans using Malwarebytes then AVG. Computer comes up clean.
No problem on other sites such as credit card and so on.

On the Geo site that provides the certificate to the bank it indicates that other secure sites have experienced the same issue, Experian is one site and Bank of America was another.
Click to expand...

Is the billpay a different subdomain? Is this a enterprise wildcard SSL certificate? IIS or Apache? I'm sure something is wrong/different. Replacing an identical renewal cert would not typically cause an issue like this to just "pop" up.

Any errors in the event log on the web server?
 
Jake77444 said:
Is the billpay a different subdomain? Is this a enterprise wildcard SSL certificate? IIS or Apache? I'm sure something is wrong/different. Replacing an identical renewal cert would not typically cause an issue like this to just "pop" up.

Any errors in the event log on the web server?
Click to expand...

I suspected the same thing, which is why I mentioned the www and @none.
 
Found the problem Hooray before signing on again.
What is was the root certificate automatic update was not functional.

Went into the control panel>add remove programs>add or change windows components and found that the automatic update certificate feature was empty. So I hit install it and rebooted. Problem solved.:D

Bigmac was the closest as I found out. Next time I'll follow my own theory of
looking down the patients throat before removing the tonsils through the butt.

Thank all of you guys that contributed help.
 
piloteer said:
Found the problem Hooray before signing on again.
What is was the root certificate automatic update was not functional.

Went into the control panel>add remove programs>add or change windows components and found that the automatic update certificate feature was empty. So I hit install it and rebooted. Problem solved.:D

Bigmac was the closest as I found out. Next time I'll follow my own theory of
looking down the patients throat before removing the tonsils through the butt.

Thank all of you guys that contributed help.
Click to expand...

You didn't really give enough details and troubleshoot steps you've taken in your initial post.

Your description actually makes it sound like the certificate was functioning on part of the site but was coming back as invalid on another part which was clearly not the case if your root certs were not up to date.
 
You didn't really give enough details and troubleshoot steps you've taken in your initial post.

Your description actually makes it sound like the certificate was functioning on part of the site but was coming back as invalid on another part which was clearly not the case if your root certs were not up to date.
Click to expand...

Hi Jake,

Two separate certificates. Two separate URL's because of two different modules. One was ok. It was the other that was not updated. Works OK now.

Thank you for your inputs.:)
 
piloteer said:
Hi Jake,

Two separate certificates. Two separate URL's because of two different modules. One was ok. It was the other that was not updated. Works OK now.

Thank you for your inputs.:)
Click to expand...

Which is why the first question I asked on my initial post was.........."Is the billpay a different subdomain?"

Glad to hear you got it fixed.
 
You must log in or register to reply here.

Similar threads

HCHTech
Automating certificate deployment for RDP over VPN
Replies
11
Views
2K
sits
S
timeshifter
Need help with a network that's gone through major growth spurt recently
2
Replies
38
Views
5K
YeOldeStonecat
YeOldeStonecat
HCHTech
Digital Signage for a non-profit: End of project debrief
Replies
2
Views
1K
HCHTech
HCHTech
B
"Certificate cannot be verified up to a trusted cert authority"
Replies
2
Views
1K
BadBoy House
B
HCHTech
Driver error hell
Replies
13
Views
3K
HCHTech
HCHTech
Back
Top