https certificate problem

Ali_baba

Hi,
I am working on a project where different clients use or may use different browsers. Folks with Internet Explorer facing an unusal problem. That is, they can't download any file form webserver after logging-in.

The error on IE says "There is a problem with this website's security certificate." although the certifcate is issued by the university (server is there as well).

Is there any way to skip that error? or does my code needs some updating?

scrupul0us

certificate errors are usually the cause of the browser, the CA, or the certificate itself and not your code

etully

When your university issues a certificate and you install it, the file is transmitted in the SSL protocol and is encrypted.

Browsers are programmed to recognize the major certificate issuers. Your university is NOT a major certificate issuer (CA). Your university is providing a helpful service by issuing a certificate which gets you great encryption... but the browser is still going to warn you that the certificate isn't recognized. That's the warning you're getting. If you have the same small group of users downloading files all the time, they can be told to ignore the warning or they can Accept the certificate once and will not receive the warning in the future. Or you can buy a certificate from Thawte for 200 bucks a year and their browsers will recognize the cert.

Why do browsers warn you when a certificate doesn't come from one of the big CA's ? It's to protect newbies.

Imagine an evil hacker gets a job for Computing Services at your university. He could add a DNS entry for "www.citibank.com" into the school's DNS servers. He points "www.citibank.com" to the machine in his dorm room which has a web page that asks visitors for a login and password. Then he issues himself a certificate for "www.citibank.com" and installs it so that the page will be in SSL (secure) mode. Now, when any student on campus tries to get to Citibank, they will get to his machine in his dorm room... and they wouldn't have any way to know that they aren't at the real citibank web site... EXCEPT, their browser will look at the certificate and say, "This didn't come from one of the major CA's. I'm going to warn the user."

The evil hacker could just leave the certificate off... but then his fake citibank web site wouldn't come up in secure SSL mode which should be a warning to visitors.

In other words, the warning you are getting is a feature, not a bug.

shauny17

I agree with etully, the only way to override this error is to purchase a certificate from a trusted certificate authority (CA) such as VeriSign

Ali_baba

Thanks everybody for posting insightful help. I have informed about this to my higher folks 🙂

bretticus

If your web application is to be in Intranet only, you can distribute your own ca cert and then just sign all your company's certificates with that ca cert. Web browsers/operating systems typically come with a bunch of common ones (I have no idea how this is regulated at the moment) like verisign, thawte, godaddy (they are signed through a intermediate), etc. That's why certificates signed through them never need have you install a ca certificate in the first place.