I'm having trouble with my bank site. The login page gives me an SSL failed warning in both Konqueror (for about a month) and now Firefox as well. I don't seem to see any relevant Gentoo bugs on this yet, but would like to confirm it's not a MitM attack before I file one. It doesn't seem to happen at other SSL sites, so it doesn't appear to be a general SSL error, tho it might be one with that particular type of certificate.
The site (login isn't necessary, the error comes on the initial connect): https://onlineid.bankofamerica.com/cgi-bin/sso.login.controller?state=AZ Konqueror 3.5.7's error: The server failed the authenticity test (<site domain>). Details gives me this: Certificate signing authority is unknown or invalid. The issuer appears to be VeriSign, Inc. Common name: VeriSign Class 3 Secure Server CA. The certificate is fairly new, valid from Monday, 20 August 2007, 00:00:00 GMT. In case anyone wishes to verify the specifics, Konqueror lists the serial number as (spaces added for readability) 1100 7197 7289 5102 6319 8066 3729 4699 1776 610, MD5 digest as 9B:B9:DB:12:3D:B6:99:19:B1:99:6E:1C:9F:CE:7C:E5, Cypher RC4-SHA, SSL version TLSv1/SSLv3, 128-bit used of 128 bit cipher. I thought it was just Konqueror strangeness until Firefox (which worked at first, after Konqueror quit) started protesting as well. Firefox: Unable to verifiy the identity of <site> as a trusted site. Possible reasons for this error [etc...] Examine Certificate lists similar details: Serial in hex this time as: 52:CF:17:7A:4E:1C:0C:E4:7B:A6:3C:E0:0B:DC:03:62 MD5 fingerprint the same, same issuer, VeriSign Class 3 Secure Server CA, etc, so it appears to be the same cert, with the same problem. So what's up? Anyone else having problems? You should be able to check the SSL even without a login. They do seem to be only with the latest version, at least of Firefox, since I didn't have issues with it until I updated just a couple days ago. Again, most secure sites work just fine, but it could still be one of the SSL libraries. BTW, I have bills coming due that it'd be nice to be able to pay, so it'd in turn be nice to at least get a confirmation from others that the cert's not compromised. I can (well, should be able to, I've not actually tried, but I get the option presented) still accept it manually once I'm sure it's not a MitM attack. -- Duncan - List replies preferred. No HTML msgs. "Every nonfree program has a lord, a master -- and if you use the program, he is your master." Richard Stallman -- [EMAIL PROTECTED] mailing list
