Expired VeriSign certificates cause confusion

Expired VeriSign certificates cause confusion

offline
  • Puky  Male
  • Scottish rebel
  • Pridružio: 18 Apr 2003
  • Poruke: 5815
  • Gde živiš: u Zmajevom gnjezdu

Matt Loney
ZDNet UK
January 09, 2004, 13:59 GMT

VeriSign says it has been warning for two years of the approaching expiration of some of its certificates, but still some companies took no notice

VeriSign moved to allay confusion on Thursday after some of its certificates that verified it as a certificate-issuing authority expired.

Users have experienced problems when accessing SSL-encrypted pages on sites whose certification depended on VeriSign's own expired certificates.

The company said that older versions of its Intermediate Certificate Authority (CA) expired on 7 January. "As a result, users attempting to establish SSL session with sites that had not updated their CA certificates may start encountering error messages," said VeriSign in a statement. "There is no security danger, and users who ignore these error messages can successfully establish secure SSL connections. However, sites should update their CA certificates if they have not already done so, to avoid user confusion. No action is required on the part of end users."

VeriSign posted instructions on how to update certificates on its Web site.

Explaining the problem, VeriSign said that CA certificate expiration is a normal event that is considered best practice when issuing and managing certificates. "In anticipation of this expiration event, VeriSign changed to a new version of CA certificates in December of 2001. All SSL certificates issued by VeriSign since that date have been issued in conjunction with the newer CA certificates."

The company said that since 2001, it had taken steps to notify its customers of the situation and, with each communication, alert them to the expiration date and steps necessary to obtain a new Intermediate CA. However, some companies missed or ignored the warnings, resulting in error messages for users trying to access secure areas. VeriSign said it was taking additional actions to help those still experiencing difficulties. All employees in its client-services team have been made available to answer questions and walk customers through the process which, it said, will take only a short time and will not result in any disruption of service.

The issue is global, but UK customers can contact VeriSign's recently opened offices here, on 0800 032 2101 or by sending an e-mail to support@verisign.co.uk

Customers using VeriSign certificates have previously dealt with BT in the UK, but after setting up a UK presence at the end of 2003, VeriSign started to operate its certificate business directly. BT continues to issue VeriSign certificates for its hosting customers along with other services, said Francois Steiger, senior vice president for Europe, when speaking to ZDNet UK in December. Steiger said VeriSign issues 25 percent of SSL certificates in Western Europe, and has 370,000 digital certificates installed in the region.



Registruj se da bi učestvovao u diskusiji. Registrovanim korisnicima se NE prikazuju reklame unutar poruka.
offline
  • Puky  Male
  • Scottish rebel
  • Pridružio: 18 Apr 2003
  • Poruke: 5815
  • Gde živiš: u Zmajevom gnjezdu

Symantec blames VeriSign for Norton AV woes


Matt Loney
ZDNet UK
January 09, 2004, 16:20 GMT

Update: Symantec has blamed VeriSign after support forums were flooded with Norton AntiVirus users complaining of slow and unstable computers after the latest virus updates

Security-software firm Symantec on Friday blamed VeriSign for problems with its security products that left users' PCs unresponsive and unstable.

The problems caused a flurry of angry posts to the Symantec area of support forums from users saying they would ditch Symantec's Norton AntiVirus. Users of the Norton products reported that their PCs locked up or slowed down after downloading the latest virus definitions on Wednesday and Thursday. Symantec itself reported that "after January 7th your computer slows down and Microsoft Word and Excel will not start."

But rather than Norton AntiVirus, Symantec said in a statement on its site that the problem "appears to be related to VeriSign receiving an unusual number of requests by Windows-based clients to download a certificate revocation list (CRL) on January 7-8, 2004. This increase in traffic resulted in intermittent VeriSign CRL server availability."

Norton AntiVirus products routinely verify the integrity of system components using certificates issued by VeriSign. Neither Verisign nor Symantec could immediately explain the exact sequence of events, but according to the statement on Symantec's site copies of Norton AntiVirus installed on PCs were unable to achieve the authentication they required due to the unavailability of VeriSign's server. "Therefore customers experienced delays and instabilities," said Symantec.

Hinting that it was not the only company whose products were affected, Symantec said it "and other vendors" were "cooperatively working with VeriSign to mitigate this situation."

Symantec issued a quick fix for the problem, which involves deselecting the option in Internet Explorer to check for publisher's certificate revocation.

Despite Symantec's protests that it is not to blame, the episode has created bad publicity for its Norton AntiVirus product. "I am now strongly tempted to trash Norton AV in favour of something more user-friendly and which doesn't slow down the opening of every damned thing in sight!" said one poster. "I have been having 16-plus second delays if I right-clicked on anything - even after a system reboot," wrote another. "I am not happy and have installed Sophos instead." This individual then went on to say they were not happy with that either "as updates seem incredibly confusing... I shall now try McAfee."

Update: Late on Friday, Verisign posted an explanation on its site, and said that the problem with the Certificate Revocation List, which affected Norton AntiVirus, was not connected to the Intermediate CA expiration issue, which caused problems for secure Web sites at about the same time last week.

The company said that requests to its server at crl.versiign.com suddenly increased one hundred-fold due to Windows clients trying to download the CRL. "We immediately took steps to increase capacity and determine the root cause," said VeriSign, and "within 24 hours, had increased capacity on crl.verisign.com ten-fold to handle this increased request load."

"VeriSign regrets any inconvenience that may have resulted from this period of increased demand," said the company in its statement. "In addition to increasing capacity, VeriSign has made certain modifications to the CRL distribution logic to more effectively handle subsequent wide-scale CRL downloads and continues to work with those that may have experienced response delays as a result of the increased demand. We also continue to work with industry leaders, partners, and the technical community to encourage promulgation the use of alternative validity determination mechanisms, such as the online certificate status protocol, which may be less susceptible to these kinds of periodic events."



Ko je trenutno na forumu
 

Ukupno su 1136 korisnika na forumu :: 37 registrovanih, 6 sakrivenih i 1093 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, babaroga, bokisha253, Boris90, Bubimir, celik, Centauro, CikaKURE, darkangel, darkojbn, dolinalima, dozorni, DragoslavS, Excalibur13, GAGI, Ivica1102, jackreacher011011, janbo, Još malo pa deda, krkalon, Kubovac, laki_bb, Marko Marković, Mcdado, mercedesamg, ObelixSRB, oldtimer, Parker, proka89, royst33, sasa87, stegonosa, Tila Painen, Tvrtko I, vathra, vladaa012