Invalid (Untrusted) Security Certificate - TWC Webmail
At the login webpage of <https://webmail.roadrunner.com>, the Time Warner Cable (TWC) Webmail site, I am immediately confronted with a warning that the Security Certificate is invalid & that the site is untrusted. This occurs with Firefox, Seamonkey, & Konqueror. This does not occur on Microsoft or Apple systems; I have checked other colleagues machines.
I have manually overridden the warning & everything functions fine. I have contacted TWC & am awaiting their tests. But, I would like some independent corroboration from other users in the Linux community. Could some of you perform the test yourself on this URL? An error will be readily apparent. |
I just visited it using my Slackware machine & Firefox, temporarily allowed the whole page to run, and I got no such warning.
|
Did you examine the SSL cert to determine why your browser is complaining about it? (Unknown CA? Mismatched CN? Expired?)
|
No problems viewing their site either. The certificate I see is a class 3 one by verisign that expires on Aug 16, 2001 issued to the CN of webmail.roadrunner.com, with an md5 fingerprint that ends in ee:e5:f3:7a.
The biggest problem I have seen with these kinds of sites is that sometimes the certificates are valid, but expired. |
Quote:
If I, at the warning screen, create an override for this certificate, then there are no problems. Did you view the same warning (black text on a yellow background) before temporarily allowing the page to run? Thanks for testing. |
Quote:
I did examine the certificate in detail & it appears fine. CN -> webmail.roadrunner.com CN of CA -> Verisign Class 3 ... Expires 2010 August 16 (Date/Time on my machine is accurate.) But, I am a novice at examining certificates! |
Quote:
The other data you see is what I find too. While Firefox, Seamonkey, & Konqueror ALL find the certificate invalid, Opera (for Linux) does NOT find a problem. I'm really clueless about this matter. |
Quote:
I didn't do anything remotely related to certificates, and at no time, before of after I reloaded the page, did I see any warnings of any kind regarding certificates.. |
Looks good to me. Just make sure we're looking at the same thing:
Code:
-----BEGIN CERTIFICATE----- |
Quote:
Most obvious cause, then: root CA cert is not known to your browser(s), which is actually fairly odd for Verisign. A couple things:
|
Quote:
I do NOT know how to view the certificate code on my Slackware 13.1 box. But here is the exact text from the Firefox file cert_override.txt Code:
webmail.roadrunner.com:443 OID.2.16.840.1.101.3.4.2.1 31:46:08:24:6B:B6:CC:60:66:22:1C:D8:7B:CE:A4:BC:96:D2:6E:25:96:EB:22:84:EC:0B:73:C8:6F:B3:91:FA U AAAAAAAAAAAAAAAQAAAAuHD7V1YIWi3w+ZLwPOQpjkQwgbUxCzAJBgNVBAYTAlVT MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEfMB0GA1UECxMWVmVyaVNpZ24gVHJ1 c3QgTmV0d29yazE7MDkGA1UECxMyVGVybXMgb2YgdXNlIGF0IGh0dHBzOi8vd3d3 LnZlcmlzaWduLmNvbS9ycGEgKGMpMDkxLzAtBgNVBAMTJlZlcmlTaWduIENsYXNz IDMgU2VjdXJlIFNlcnZlciBDQSAtIEcy TWC (Time Warner Cable) is "working on the problem", they say. But, it is not clear if they even have access to a Linux machine. We (Linux devotees) are only about 2% of their subscriber base. |
Quote:
Hopefully they really are working on the problem. |
Quote:
This is the only https website on which I have a problem & most, if not all, of the others (like banks) use VeriSign. That is why I think it is problem confined to them (Time Warner Cable). In Firefox (4.0b6 or 3.6.x) at the login page. If I do (click) Tools -> Page Info -> Security -> View Certificate the very first line says "Could not verify this certificate for unknown reasons" but all the following data appears sound. Konqueror & Seamonkey also 'birp' on the site; however, all use the same browser engine (Gecko). So, it's not surprising. This invalid certificate issue only appeared in the last month or two; the 5 prior years I had no problem. Also I tried a MS Win box & an Apple machine: no warning message. However, it's been my experience with Linux that it is far more careful in assuring system security than our more popular competitors. I want to thank everyone on this thread for looking into this situation. |
Quote:
I wonder if it is geographical problem. You are in LA & I am in Santa Monica CA. GrapefruitGirl did not see it; is she outside of Southern California? I will attempt to direct Time Warner Cable technicians to this thread so they can witness this directly. Thanks for the help! |
FWIW, the 2001 was a typo, it was supposed to be 2011. When I pull up the page and go to tools->page info->security, it says that it has been verified by verisign and that it is trusted for the purpose of SSL Server Certificate.
Could it be a problem with whatever server you get redirected to for verification? As far as location, I am in North Carolina, which is about as far from Southern California as you can get in the lower 48. It would make sense for me to be accessing a different verification server. |
All times are GMT -5. The time now is 10:42 PM. |