Query on security certificates (possibly OT)

Roger Hird rl.hird at orpheusmail.co.uk
Fri Jun 15 13:45:05 BST 2012

I'm not sure if this query is really appropriate to UKCrypto but
I'm not sure where else I'd find anyone able to comment on it

I have an account with an on-line stockbroker.   I'm pleased with
their service as a broker but their command of IT seems a bit
shaky.  As background I use Firefox v.13 as my browser and, at
the broker's suggestion, Trustee Rapport.

On Monday morning I logged on to find myself able to get to my
account page at https://secure.ANONYMISED.co.uk...etc but with a
large part of the page obscured by messages from Firefox warning
me not to trust the site, with the "technical details":

        "trading.ANONYMISED.co.uk uses an invalid security       
        certificate. This certificate is only valid for          

Later in the day a notice appeared on the brokers own log-in page
saying that software updates over the weekend had led to browsers
giving the warnings I'd quoted but asking customers to ignore

I queried with the firm whether it was good practice to urge us
to use a supposedly secure site that could not present a valid
certificate. I got an email reply which confirmed that there were
"technical difficulties with the security certificate not
recognising [their] secure website" but avoiding answering my
question .

Am I just being pedantic or should I have doubts about using the
site under such circumstances - or their advising customers to do
so?  The warnings have now disappeared.


Roger Hird
rl.hird at orpheusmail.co.uk
Website: http://roger.hird.orpheusweb.co.uk

More information about the ukcrypto mailing list