Re: Errors from secure webpage

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2007-06-29 at 12:37 -0700, Les wrote:
> Ok, I have a problem....
>         I am accessing a secure site and I get the following error message(s)
>         For nearly every page I attempt to access I get:
>         Error trying to validate certificate from (pagename here) using OCSP
> -directory lookup error.
> 
> I am looking for suggestions of where to look, or who to contact (the
> page admin?  My ISP? logs about setup, setup issues?)
>         I googled and got information about OCSP via Wikipedia, but it didn't
> help me too much.  Can anyone provide any idea of what I need to do to
> resolve this issue?  Windows doesn't see the error on the same webpages,
> which I checked just to see if it might be the webpage itself.

I'm guessing that on Windows your browser is configured differently.
Firefox, for instance, can check that a SSL certificate is still valid
using OSCP.  Look in the preference options, advanced section,
encryption sub-section tab, and click the verification button in the
certificates sub-section.  That's the path for the current Firefox in
F7, prior releases had it showing in a far less obscure location.

There's a few options it has, you might want to change to another:

      * Don't bother double checking, just blindly trust the
        certificate.
      * Check the certificate with the OSCP that the certificate
        suggests.
      * Check the certificate with an OSCP that you've selected.

Some websites, perhaps some might say a lot, are badly set up, and
suggest that their certificate can be checked with a certain OSCP when
that's just not going to work.

The default is usually not to do any checking, which basically throws
away SSL security.  If the certificate got revoked, perhaps because it
got stolen, you probably won't hear about it while you browse through a
hijacked website.

I try to use the middle option, most of the time it works.

-- 
[tim@bigblack ~]$ rm -rfd /*^H^H^H^H^H^H^H^H^H^Huname -ipr
2.6.21-1.3228.fc7 i686 i386

Using FC 4, 5, 6 & 7, plus CentOS 5.  Today, it's FC7.

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.



-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux