Problem with site certificate
Sambit Bikas Pal
sambitbikaspal at gmail.com
Tue Dec 2 11:32:56 UTC 2008
> Ray Parrish wrote:
>> Hello,
>>
>> I just tried to access my US Bank online account's Bill Pay page, and it
>> returns the following error message -
>>
>> billpay.usbank.com uses an invalid security certificate.
>>
>> The certificate is not trusted because it is self signed.
>
For any commercial site using https, the certificate should be issued
by a trusted certifying authority like Verisign, Thwate etc. This will
ensure that the customers are "talking" to the actual trader/bank. The
certifying authority issues the certificate only after verifying the
authenticity of the trader. Otherwise it completely spoils the purpose
of having an encrypted connection. Any malicious third party can claim
to be someone else, issue a self certificate and pose as the original
trader, thereby fooling the customer. This is a typical example of
man-in-the-middle attack. So inform your bank about this issue.
Firefox3 by default won't accept self signed certificate.
--
Sambit Bikas Pal
MS 3rd Year
Indian Institute Of Science Education & Research Kolkata,
HC 7, Sector-III Salt Lake, Kolkata-700106
Web: http://www.botcyb.org
OpenPGP Key: http://keyserver.ubuntu.com:11371/pks/lookup?op=get&search=0x8E57F8B897D372B3
More information about the ubuntu-users
mailing list