Paypal certificate weirdness

Discussion in 'other software & services' started by BoerenkoolMetWorst, May 22, 2013.

Thread Status:
Not open for further replies.
  1. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    I was about to login to Paypal, but I noticed the browser didn't display the secure icon for EV-SSL certificates, and I was pretty sure it used an EV cert, so I looked it up to be sure and found an article from back in 2008 and it already used EV back then:
    https://www.networkworld.com/news/2008/051908-paypal-flaw-raises-questions-about.html
    I checked the URL with SSL labs and it gives mixed analysis:
    https://www.ssllabs.com/ssltest/analyze.html?d=https://www.paypal.com

    I wonder if it just some mistake from IT or if something more is going on..
     
  2. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    This is what i get
     

    Attached Files:

  3. FanJ

    FanJ Updates Team

    Joined:
    Feb 9, 2002
    Posts:
    2,564
  4. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    What browser were you using? Are you going directly to Paypal or is a site sending you there? If so which site? When I buy from some sites it sometimes fails to show the Green EV padlock icon in Firefox. The reason it happened for me is because an image from the site I was buying from wasn't https on the Paypal page. A quick fix was to block images from that site until I was done with paypal.

    An example is to go to Home Depot, put anything in your cart, click checkout now and then checkout with paypal and you'll see what I mean. No secure icon but if you click the icon and click "more information" then click the media tab you will the the non-https image. Highlight it by clicking it and then check the box below that says block images from wxw.homedepot.c0m. Close the small window and reload the page and now it shows as secure.
     
  5. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,771
    Location:
    Outer space
    I have it both being sent from a site and by going to paypal.com directly and with both IE and FF. Firefox addon Perspectives shows 2 different certificates reported by the servers. If I check with AdblockPlus Show blockable content option(not sure if wording is correct as I use a localized non-english version) it only shows https content, no http content and IE doesn't report mixed content either.
     
    Last edited: May 23, 2013
  6. innerpeace

    innerpeace Registered Member

    Joined:
    Jan 15, 2007
    Posts:
    2,095
    Location:
    Mountaineer Country
    Blockable content is correct. I thought mixed content may be the easy answer but it's not in your case. At this point I'm afraid I'm in over my head. I do see two certificates when I click the globe or padlock. One is a public primary certificate authority and the other is an extended EV SSL.
     
Loading...
Thread Status:
Not open for further replies.