Query on security certificates (possibly OT)

Roland Perry lists at internetpolicyagency.com
Fri Jun 15 17:55:38 BST 2012

In article <52a03781f1rl.hird at orpheusmail.co.uk>, Roger Hird 
<rl.hird at orpheusmail.co.uk> writes
>On Monday morning I logged on to find myself able to get to my
>account page at https://secure.ANONYMISED.co.uk...etc but with a
>large part of the page obscured by messages from Firefox warning
>me not to trust the site, with the "technical details":
>        "trading.ANONYMISED.co.uk uses an invalid security
>        certificate. This certificate is only valid for
>        www.ANONYMISED.co.uk"
>Later in the day a notice appeared on the brokers own log-in page
>saying that software updates over the weekend had led to browsers
>giving the warnings I'd quoted but asking customers to ignore
>I queried with the firm whether it was good practice to urge us
>to use a supposedly secure site that could not present a valid
>certificate. I got an email reply which confirmed that there were
>"technical difficulties with the security certificate not
>recognising [their] secure website" but avoiding answering my
>question .
>Am I just being pedantic or should I have doubts about using the
>site under such circumstances - or their advising customers to do
>so?  The warnings have now disappeared.

This is a pet peeve of my own too.

Earlier this week I received similar "false positive" warnings when 
invoking the Sky-subscriber authentication page of an O2/Cloud wifi 


[I don't have a Sky subscription, I pressed it by accident; one of the 
perils of having a small Android phone and not taking my reading glasses 
with me].

I have a collection of similar Snafus. This one is a favourite:

Roland Perry

More information about the ukcrypto mailing list