These forums have been archived and are now read-only.

The new forums are live and can be found at https://forums.eveonline.com/

EVE General Discussion

 
  • Topic is locked indefinitely.
12Next page
 

SSL Certificate not trusted

First post
Author
Valrox
State Protectorate
Caldari State
#1 - 2011-09-08 21:12:55 UTC  |  Edited by: Valrox
Hai thar,

When I go to the eve Character page from the main website, I noticed Chrome is no longer trusting the ssl certificate.
Is Chrome being a biash again? Or are other people experiencing this?

Linkylink: http://i.cubeupload.com/3crE1U.png
Tippia
Sunshine and Lollipops
#2 - 2011-09-08 21:16:00 UTC
No, it's not just Chrome.
CCP Karuck
C C P
C C P Alliance
#3 - 2011-09-08 21:26:13 UTC
Can you give me details on what OS you are using? I've seen one other report about this and we suspect it's due to an old OS (Windows XP) not being updated with the latest Windows updates.
Microsoft does publish root certificate updates via Windows updates, so if you are missing those that can explain this issue.
  • Senior Programmer on EVE: Valkyrie / @SiggiGG
Valrox
State Protectorate
Caldari State
#4 - 2011-09-08 21:28:04 UTC  |  Edited by: Valrox
CCP Karuck wrote:
Can you give me details on what OS you are using? I've seen one other report about this and we suspect it's due to an old OS (Windows XP) not being updated with the latest Windows updates.
Microsoft does publish root certificate updates via Windows updates, so if you are missing those that can explain this issue.


I'm currently using Windows 7 Professional Edition ( 64-bit ) and updated to the latest version.
EDIT: Woops, I noticed theres an update being downloaded RIGHT now.
Richard Hammond II
Doomheim
#5 - 2011-09-08 21:31:07 UTC
which part?
I cant figure out how to try it lol

Goons; infiltration at its best - first bob... now ccp itself. They dont realize you guys dot take this as "just a game". Bring it down guys, we're rooting for you.

Brock Nelson
#6 - 2011-09-08 21:31:48 UTC
I'm getting the same warning on my android phone, even when visiting the forum.

Signature removed, CCP Phantom

Valrox
State Protectorate
Caldari State
#7 - 2011-09-08 21:33:05 UTC  |  Edited by: Valrox
Richard Hammond II wrote:
which part?
I cant figure out how to try it lol


This is the page Im trying to reach: https://www.eveonline.com/login.asp?r=%2F&t=%2Fcharacter%2Fskilltree%2Easp%3F
Though you can also see the error on https://www.eveonline.com/login.asp
Tippia
Sunshine and Lollipops
#8 - 2011-09-08 21:38:13 UTC
I've had it happen on pretty much every eveonline subdomain (support, gate, even the old api page).

Using Opera 11.51 and Chrome 13 on OSX 10.7.1.

It's intermittent, though. It doesn't always pop up (and it's not just because the browser remembers accepting the cert), and I have never had it happen in Safari or Firefox.
Ydnari
Estrale Frontiers
#9 - 2011-09-08 21:44:21 UTC
Brock Nelson wrote:
I'm getting the same warning on my android phone, even when visiting the forum.


The root cert list on Android isn't updatable separately from the OS, so pages from any company using one of the newer or cheaper SSL registrars will raise warnings.

--

Valrox
State Protectorate
Caldari State
#10 - 2011-09-08 22:03:55 UTC
Tippia wrote:
I've had it happen on pretty much every eveonline subdomain (support, gate, even the old api page).

Using Opera 11.51 and Chrome 13 on OSX 10.7.1.

It's intermittent, though. It doesn't always pop up (and it's not just because the browser remembers accepting the cert), and I have never had it happen in Safari or Firefox.


Only Chrome ( On windows 7 ) gives me this SSL Error, while Safari on OSX 10.7.1 doesn't. Though I do know that Safari doesn't update their trusted list very often. DigiNotar Certificates are still accepted by Safari while they're blacklisted by EVERY other Browser.
Denidil
Cascades Mountain Operatives
#11 - 2011-09-08 22:05:29 UTC
does firefox give you a warning on windows, or just chrome?


also is your machine enrolled in a computer domain. sometimes you have too many certs installed.

Tedium and difficulty are not the same thing, if you don't realize this then STFU about game design.

Ineka
Doomheim
#12 - 2011-09-08 22:08:30 UTC
Denidil wrote:
does firefox give you a warning on windows, or just chrome?


also is your machine enrolled in a computer domain. sometimes you have too many certs installed.



Latest version of Firefox here, no problem.
Denidil
Cascades Mountain Operatives
#13 - 2011-09-08 22:13:58 UTC
Ineka wrote:
Denidil wrote:
does firefox give you a warning on windows, or just chrome?


also is your machine enrolled in a computer domain. sometimes you have too many certs installed.



Latest version of Firefox here, no problem.


same here.. but i was specifically asking the OP. there is most likely a problem with the certificate store on his machine.

Tedium and difficulty are not the same thing, if you don't realize this then STFU about game design.

Friends Electric
PK Knights
#14 - 2011-09-08 22:30:42 UTC
All major browsers no longer trust ssl certificates issued by Diginotar, a company that was hacked and then tried to hide that fact.

maybe ccp got their certificates from them? if so I recommend getting new certificates from a different ssl authority.
Alexandra Alt
Doomheim
#15 - 2011-09-08 22:46:44 UTC
Friends Electric wrote:
All major browsers no longer trust ssl certificates issued by Diginotar, a company that was hacked and then tried to hide that fact.

maybe ccp got their certificates from them? if so I recommend getting new certificates from a different ssl authority.


Nop they didn't, it's from Rapid SSL, easier to verify that than raising suspitions with unfounded rumours....

The CA certificate issue is most of the time due to not being present on windows root certificate store, thus it doesn't get validated, or, in case of firefox (I don't know Opera) it uses both windows and his own root certificate store, I would start checking that you have a RapidSSL root certificate in your windows installed, if it isn't, search Microsoft knowledge base to install an update with it.
Friends Electric
PK Knights
#16 - 2011-09-09 00:26:48 UTC
Alexandra Alt wrote:

Nop they didn't, it's from Rapid SSL, easier to verify that than raising suspitions with unfounded rumours....

The CA certificate issue is most of the time due to not being present on windows root certificate store, thus it doesn't get validated, or, in case of firefox (I don't know Opera) it uses both windows and his own root certificate store, I would start checking that you have a RapidSSL root certificate in your windows installed, if it isn't, search Microsoft knowledge base to install an update with it.


Okay I should have checked which CA ccp used, but saying i'm spouting rumors is taking it a bit far.
I suppose it's easier to assume I'm a paranoid lunatic and flame me to the ground instead of politely correcting the layman that is trying to helpful.
NUXI7
Sebiestor Tribe
Minmatar Republic
#17 - 2011-09-09 03:03:23 UTC
Alexandra Alt wrote:

The CA certificate issue is most of the time due to not being present on windows root certificate store, thus it doesn't get validated, or, in case of firefox (I don't know Opera) it uses both windows and his own root certificate store, I would start checking that you have a RapidSSL root certificate in your windows installed, if it isn't, search Microsoft knowledge base to install an update with it.



Inb4 everyone notices the lack of a "RapidSSL CA" in their computer's list of trust anchors.


(PS: the certificate you want to look for in your trust anchors is named "GeoTrust Global CA")
Valrox
State Protectorate
Caldari State
#18 - 2011-09-09 07:00:47 UTC
Denidil wrote:
does firefox give you a warning on windows, or just chrome?


also is your machine enrolled in a computer domain. sometimes you have too many certs installed.


Haven't been using FireFox on Windows for a while. Though FireFox on Ubuntu doesn't give me any warnings. Neither does Safari on OS X 10.7.1. My Desktop is a standalone computer btw, not involved with any domains ;)
Othran
Route One
#19 - 2011-09-09 07:30:18 UTC
Off topic but.....

SSL is hideously broken in so many ways. I strongly recommend installing Convergence because it IS only a matter of time before you hit a site with counterfeit credentials. Diginotar (Vasco Data Security really) is just the latest in a long list of SSL CA disasters. The entire system is a very bad joke and CAs simply don't do what they should prior to issuing certs - nor are they being held to account for their lax practices.

El Reg has a decent article from earlier this year entitled "How is SSL hopelessly broken? Let us count the ways"
Valrox
State Protectorate
Caldari State
#20 - 2011-09-09 07:42:53 UTC  |  Edited by: Valrox
Othran wrote:
Off topic but.....

SSL is hideously broken in so many ways. I strongly recommend installing Convergence because it IS only a matter of time before you hit a site with counterfeit credentials. Diginotar (Vasco Data Security really) is just the latest in a long list of SSL CA disasters. The entire system is a very bad joke and CAs simply don't do what they should prior to issuing certs - nor are they being held to account for their lax practices.

El Reg has a decent article from earlier this year entitled "How is SSL hopelessly broken? Let us count the ways"


Eventhoug it's Off-Topic, it's still a good read. Gonna take a look at that article he wrote.

DigiNotar was the biggest fluke that I've heard of. All of the official government websites ( Regional, Ministries and Tax input ) were using Diginotar Certs. Though they did manage to quickly sign up with another CA so people could safely log on to their Digi-ID account ( Personal ID to send your taxes, sign up for educational stuffz etc. )
12Next page