This Certificate is not from a trusted authority - how to stop this?

Chat Forum

[closed]

This Certificate is not from a trusted authority - how to stop this?

11 posts & 9 voices | Started 1 year ago by WorldClassAccident | Latest reply from Junkyard

Tags:

No tags yet.

WorldClassAccident - Member

A particular company has an IT policy saying we should avoid sites where we get security warnings such as :

There are problems with the security certificate for this site - This Certificate is not from a trusted authority

They also have an IT policy say we should use the Webmail server to access our email when out of the office.

Guess what message I get when I connect to the web mail page. Yep, security warning. What does the company need to do to get a trusted certificate?

Posted 1 year ago #
brassneck - Member

Pay or self sign and distribute to all their clients.

Posted 1 year ago #
WorldClassAccident - Member

Ah, Pay. That would be the problem

Posted 1 year ago #
j_me - Member

Buy one from a trusted source.
Or set your own certificate as trusted.

Posted 1 year ago #
mogrim - Member

This report pretty much sums things up, certainly reflects my experience of playing with SSL, digital certificates and the like:

http://www.theregister.co.uk/2011/04/11/state_of_ssl_analysis/

Posted 1 year ago #
Cougar - Member

What Brassneck said.

I can wax lyrical at length on this, but the abridged version is either:

you need to buy a server cert from a trusted source (eg, Verisign et al),

or, you need to self-certify and then copy the associated root cert to your client PC so that your issing certificate authority server is a trusted source of certificates.

The former will cost money, the latter will require an administrative overhead.

Posted 1 year ago #
Cougar - Member

The other thing is,

The FQDN on the cert has to match the domain in the URL. So, for instance, if you connect to https://www.webmail.domain.com and the cert is for https://webmail.domain.com you'll get a cert error. You should be able to expand the error and find out what it's actually complaining about.

Posted 1 year ago #
xiphon - Member

I've seen certs for .local domains far too many times.

Bloody SBS!!

Posted 1 year ago #
cxi - Member

As a single name or SAN/UC cert?

Posted 1 year ago #
enfht - Member

Third option:

FREE self-cert 128 bit SSL from startcom

I've used these guys for 3-4 years to encrypt our frontend mailserver

Added bonus now is all major browsers recognise startcom CA by default

Worth a look imo

Posted 1 year ago #
Junkyard - Member

oddly enough I get these warning accessing govt websites from a government computer

Posted 1 year ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.

Singletrack Mountain Bike Magazine

Chat Forum

This Certificate is not from a trusted authority - how to stop this?

Topic Closed

Don't miss…

Singletrack

Website & Forums

Exits