Problem with site certificate

Sambit Bikas Pal sambitbikaspal at
Tue Dec 2 11:32:56 UTC 2008

> Ray Parrish wrote:
>> Hello,
>> I just tried to access my US Bank online account's Bill Pay page, and it
>> returns the following error message -
>> uses an invalid security certificate.
>> The certificate is not trusted because it is self signed.
For any commercial site using https, the certificate should be issued
by a trusted certifying authority like Verisign, Thwate etc. This will
ensure that the customers are "talking" to the actual trader/bank. The
certifying authority issues the certificate only after verifying the
authenticity of the trader. Otherwise it completely spoils the purpose
of having an encrypted connection. Any malicious third party can claim
to be someone else, issue a self certificate and pose as the original
trader, thereby fooling the customer. This is a typical example of
man-in-the-middle attack. So inform your bank about this issue.
Firefox3 by default won't accept self signed certificate.

Sambit Bikas Pal
MS 3rd Year
Indian Institute Of Science Education & Research Kolkata,
HC 7, Sector-III Salt Lake, Kolkata-700106
OpenPGP Key:

More information about the ubuntu-users mailing list