Re: Errors from secure webpage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2007-06-29 at 12:37 -0700, Les wrote:
> Ok, I have a problem....
>         I am accessing a secure site and I get the following error message(s)
>         For nearly every page I attempt to access I get:
>         Error trying to validate certificate from (pagename here) using OCSP
> -directory lookup error.
> 
> I am looking for suggestions of where to look, or who to contact (the
> page admin?  My ISP? logs about setup, setup issues?)
>         I googled and got information about OCSP via Wikipedia, but it didn't
> help me too much.  Can anyone provide any idea of what I need to do to
> resolve this issue?  Windows doesn't see the error on the same webpages,
> which I checked just to see if it might be the webpage itself.

I'm guessing that on Windows your browser is configured differently.
Firefox, for instance, can check that a SSL certificate is still valid
using OSCP.  Look in the preference options, advanced section,
encryption sub-section tab, and click the verification button in the
certificates sub-section.  That's the path for the current Firefox in
F7, prior releases had it showing in a far less obscure location.

There's a few options it has, you might want to change to another:

      * Don't bother double checking, just blindly trust the
        certificate.
      * Check the certificate with the OSCP that the certificate
        suggests.
      * Check the certificate with an OSCP that you've selected.

Some websites, perhaps some might say a lot, are badly set up, and
suggest that their certificate can be checked with a certain OSCP when
that's just not going to work.

The default is usually not to do any checking, which basically throws
away SSL security.  If the certificate got revoked, perhaps because it
got stolen, you probably won't hear about it while you browse through a
hijacked website.

I try to use the middle option, most of the time it works.

-- 
[tim@bigblack ~]$ rm -rfd /*^H^H^H^H^H^H^H^H^H^Huname -ipr
2.6.21-1.3228.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux