What's a Blog?

This just started happening. It only happens on my old PC that's running XP Home and only while running IE8. FF is Ok on my old machine and IE8 is OK on my newer PC (which is running XP Pro 32bit).

I keep both machines updated and this has only been happinging for a couple of weeks. Prior to this I had no issue even on the old machine running IE8.

It's really not a big deal since I just ignore the message and click through to the website with no ill effects but I did feel obligated to at least report it.


Comments
on Jun 28, 2011

Running Win7 home premium x64- no issues with the security certs........

on Jun 28, 2011

Running Win7 Professional x64. No issues.

on Jun 28, 2011

Did you disable the root certificate authority service (probably not the exact name, I don't have any XP machines handy to double check)?

on Jun 28, 2011

i could be wrong but the fact that a non-https site is generating this warning seems important.

on Jun 29, 2011

Did you disable the root certificate authority service (probably not the exact name, I don't have any XP machines handy to double check)?

The closest thing I can find is Cryptographic Services which "Provides three management services: Catalog Database Service, which confirms the signatures of Windows files; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Key Service, which helps enroll this computer for certificates. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."

I didn't disable it although I have set it to manual and apparently nothing else required it because it's not started.

However this is true of both machines (i.e. that one that doesn't display this issue as well as the one that does). Also I've used that setting forever which doesn't explain why the sudden change.

But as I tried to imply in my OP I don't really consider this much of an issue and since it does appear to be only just me seeing this then I really wouldn't worry about it. All it costs me is an extra click and I'll trade that for running one less service anyday of the week.

on Jun 29, 2011

I see this quite often when the System Clock is off.  Check the date and time on the lower right of the computer screen in the System Tray.  Make sure that the date and time are correct.  If not, change them to the current date and time.

You said this is an older XP machine.  The CMOS battery controls the system date and time.  If the date and time are off, you will get Certificate errors because the certificates are looking for the proper date and time to sync with.

on Jun 29, 2011

The whole thing with browser-packaged trusted certificates is fundamentally wrong anyway. 

YOU should be the person who decides who to trust, not some people who prepare the installation of your browser. Did you know that among trusted certificates are subjects like Sudan Telecom? Should you trust Sudan Telecom? Moreover, I have read a discussion among Firefox developers where a user asked about a specific certificate, and some dev replied: "Oh, it's one of AT&T's certificates", and someone from AT&T stepped in and said "No, this one has been revoked years ago". and then a lively discussion broke out about how the hell it got into their installation.

The point is - you SHOULD not trust this blindly, it's not something set in stone. For example, one of the servers I run generates similar message, because I did not want to pay someone I don't know just for a signature. Does it generate the error? Of course. Do I trust it? Hell yes, I set it up myself!  So what do I do? I add it among the trusted ones, problem solved. 

On the other hand, do I trust Sudan Telecom? No way!

You should THINK about which certificate you take as trusted and why.

on Jul 21, 2011

Kamamura_CZ
The whole thing with browser-packaged trusted certificates is fundamentally wrong anyway. 

YOU should be the person who decides who to trust, not some people who prepare the installation of your browser. Did you know that among trusted certificates are subjects like Sudan Telecom? Should you trust Sudan Telecom? Moreover, I have read a discussion among Firefox developers where a user asked about a specific certificate, and some dev replied: "Oh, it's one of AT&T's certificates", and someone from AT&T stepped in and said "No, this one has been revoked years ago". and then a lively discussion broke out about how the hell it got into their installation.

The point is - you SHOULD not trust this blindly, it's not something set in stone. For example, one of the servers I run generates similar message, because I did not want to pay someone I don't know just for a signature. Does it generate the error? Of course. Do I trust it? Hell yes, I set it up myself!  So what do I do? I add it among the trusted ones, problem solved. 

On the other hand, do I trust Sudan Telecom? No way!

You should THINK about which certificate you take as trusted and why.

Absolutely correct, although browsing might slow to negative numbers.

Meta
Views
» 2126
Comments
» 8
Category
Sponsored Links