Omar-- Take a look at RFC 1422. May give you some insite on certificates. First off, have you taken a look at your browser settings for certificates? Take a look at that. Craig Williams ONI Systems -----Original Message----- From: owner-ietf@ietf.org [mailto:owner-ietf@ietf.org]On Behalf Of Omjaiz@aol.com Sent: Tuesday, June 18, 2002 2:18 AM To: ietf@ietf.org Subject: about certificate? Hi, i often get a popup window from my browser telling me that the authenticity of the software i'm trying to download or the site i'm trying to access can't be verified, and therefore it can't be trusted. here's an example with some details i got yesterday: ----------------------------------------------------------------------------------------------- version : V3 serialnumber : 8B37 799F BE20 F081 4C0C 3D19 F618 80DD signature algorithm : md5RSA Issuer : CN = Root Agency valid from : Tuesday, April 23, 2002 9:58:27 AM valid to : Saturday, December 31, 2039 4:59:59 PM subject : CN = Privatenet Corporation public key (512 bits) RSA Authority key id KeyID=12E4 092D 061D 1D4F 008D 6121 DC16 6463 Certificate Issuer: CN=Root Agency Certificate SerialNumber=0637 6C00 AA00 648A 11CF B8D4 AA5C 35F4 thumbprint algorithm : sha1 thumbprint : FB8F C086 B8FC CA23 F240 71D1 AF6E 13BA 33CB 6BF5 ------------------------------------------------------------------------------------------------------------- this happens for me even with great companies sites. most of the time the browser tells me that the certificate is valid but the root issuer can't be trusted or even it doesn't exist and can't be contacted. are there any invalid CAs on the net? if yes, how can someone distinguish them from trusted CAs? thanks for your help, ------------------------------------------ Omar Djaiz Networking students at Ecole Polytechnique of Montreal - CA omar.djaiz@polymtl.ca __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com