Query on security certificates (possibly OT)
Roger Hird
rl.hird at orpheusmail.co.uk
Fri Jun 15 13:45:05 BST 2012
I'm not sure if this query is really appropriate to UKCrypto but
I'm not sure where else I'd find anyone able to comment on it
authoritatively.
I have an account with an on-line stockbroker. I'm pleased with
their service as a broker but their command of IT seems a bit
shaky. As background I use Firefox v.13 as my browser and, at
the broker's suggestion, Trustee Rapport.
On Monday morning I logged on to find myself able to get to my
account page at https://secure.ANONYMISED.co.uk...etc but with a
large part of the page obscured by messages from Firefox warning
me not to trust the site, with the "technical details":
"trading.ANONYMISED.co.uk uses an invalid security
certificate. This certificate is only valid for
www.ANONYMISED.co.uk"
Later in the day a notice appeared on the brokers own log-in page
saying that software updates over the weekend had led to browsers
giving the warnings I'd quoted but asking customers to ignore
them.
I queried with the firm whether it was good practice to urge us
to use a supposedly secure site that could not present a valid
certificate. I got an email reply which confirmed that there were
"technical difficulties with the security certificate not
recognising [their] secure website" but avoiding answering my
question .
Am I just being pedantic or should I have doubts about using the
site under such circumstances - or their advising customers to do
so? The warnings have now disappeared.
RogerH
--
Roger Hird
rl.hird at orpheusmail.co.uk
Website: http://roger.hird.orpheusweb.co.uk
More information about the ukcrypto
mailing list