Thursday, March 3, 2011

Horror of horrors: SSL errors

Update: It might not be an issue with eBay but rather a local network misconfiguration.

Just now, when trying to sign in on eBay, I got an error message on google chrome. 
You attempted to reach, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, especially if you have never seen this warning before for this site. 
Also confirmed on minefield (firefox's nightly beta): 
This Connection is Untrusted

You have asked Minefield to connect securely to, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
Technical Details uses an invalid security certificate.

The certificate is not trusted because it is self-signed. The certificate is only valid for Fortinet (Error code: sec_error_ca_cert_invalid)
Imagine the horrors if people balked away en masse from the website because of this error. How much is this going to cost eBay?

No comments:

Post a Comment

Please be kind.