Firefox: This Connection is Untrusted!

Discussion in 'other security issues & news' started by Daveski17, Aug 7, 2010.

Thread Status:
Not open for further replies.
  1. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I have a user account with the Microsoft Answers site but when I tried to sign in with the Microsoft Malware Protection Center (the first time I ever tried logging in on this page) in Firefox I got this:



    This Connection is Untrusted

    You have asked Firefox to connect
    securely to profile.microsoft.com, but we can't confirm that your connection is secure.

    Normally, when you try to connect securely,
    sites will present trusted identification to prove that you are
    going to the right place. However, this site's identity can't be verified.

    What Should I Do?


    If you usually connect to
    this site without problems, this error could mean that someone is
    trying to impersonate the site, and you shouldn't continue.


    I assume this is just Fattyfox Firefox being over-cautious ... any theories?
     
    Last edited: Aug 7, 2010
  2. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I am getting the same warning in Chromium. Why it is giving the warning I can't be sure. The certificate is a Verisign cert, which is a CA that should be trusted by all browsers.

    Here's the cert issuer info:

    Code:
    CN = VeriSign Class 3 Extended Validation SSL CA
    OU = Terms of use at https://www.verisign.com/rpa (c)06
    OU = VeriSign Trust Network
    O = VeriSign, Inc.
    C = US
    It looks like it is an extended validation class 3 cert.

    Here's the certificate's SHA-1 and SHA-256 fingerprint as well as the serial number. It would probably be wise to check these fingerprints against another MS cert.

    EDIT: I just checked it against the cert used at Hotmail and it's the same cert used over there (fingerprints match). However, Hotmail does not throw any cert errors. It could be that the page you provided somehow is not "fully" encrypted and is thus throwing errors for that reason. In fact, that's the error Chromium is giving me. I say that because the cert is legit.
     

    Attached Files:

    Last edited: Aug 7, 2010
  3. Daveski17

    Daveski17 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    8,028
    Location:
    Lloegyr
    I think when I first tried to sign in, there was a message claiming that the site was under temporary maintenance. Maybe that has something to do with it.

    I can log-in fine in IE8 & Chrome.
     
  4. MikeBCda

    MikeBCda Registered Member

    Joined:
    Jan 5, 2004
    Posts:
    1,627
    Location:
    southern Ont. Canada
    Depending on how you've got your warnings choices set up (under Tools/Options/Security/Warning Messages), Firefox warns me (with an icon in the status bar) if the page contains "mixed content", i.e., part is encrypted and part isn't. Do I assume correctly that this mixed-content is what you're referring to?
     
Loading...
Thread Status:
Not open for further replies.