Invalid (Untrusted) Security Certificate - TWC Webmail
 

At the login webpage of <https://webmail.roadrunner.com>, the Time Warner Cable (TWC) Webmail site, I am immediately confronted with a warning that the Security Certificate is invalid & that the site is untrusted. This occurs with Firefox, Seamonkey, & Konqueror. This does not occur on Microsoft or Apple systems; I have checked other colleagues machines.

I have manually overridden the warning & everything functions fine. I have contacted TWC & am awaiting their tests. But, I would like some independent corroboration from other users in the Linux community.

Could some of you perform the test yourself on this URL? An error will be readily apparent.

I just visited it using my Slackware machine & Firefox, temporarily allowed the whole page to run, and I got no such warning.

Did you examine the SSL cert to determine why your browser is complaining about it? (Unknown CA? Mismatched CN? Expired?)

No problems viewing their site either. The certificate I see is a class 3 one by verisign that expires on Aug 16, 2001 issued to the CN of webmail.roadrunner.com, with an md5 fingerprint that ends in ee:e5:f3:7a.

The biggest problem I have seen with these kinds of sites is that sometimes the certificates are valid, but expired.

What do you mean by "...tempoarily..."?

If I, at the warning screen, create an override for this certificate, then there are no problems.

Did you view the same warning (black text on a yellow background) before temporarily allowing the page to run?

Thanks for testing.

I did examine the certificate in detail & it appears fine.
CN -> webmail.roadrunner.com
CN of CA -> Verisign Class 3 ...
Expires 2010 August 16 (Date/Time on my machine is accurate.)

But, I am a novice at examining certificates!

You see "expires on Aug 16, 2001"? I see 8/16/2011.

The other data you see is what I find too.

While Firefox, Seamonkey, & Konqueror ALL find the certificate invalid, Opera (for Linux) does NOT find a problem. I'm really clueless about this matter.

I mean, I temporarily disabled NoScript after I first loaded the page. Then I reloaded the page to see if there was any difference.

I didn't do anything remotely related to certificates, and at no time, before of after I reloaded the page, did I see any warnings of any kind regarding certificates..

Looks good to me. Just make sure we're looking at the same thing:Considering the different expiration dates people have posted in this thread, a server-side issue sounds quite likely. Have you heard back from them yet? FWIW, the one I get was issued on 8/15/2010 and is valid until 8/16/2011.

Good deal. BTW, I am assuming the expiration you put in that post is a typo (because in the next post you wrote 2011). I mainly wanted to be sure that you weren't seeing h4x0r.pr0xy.whatever for a CN.

Most obvious cause, then: root CA cert is not known to your browser(s), which is actually fairly odd for Verisign.

A couple things:

1. What Linux distro / version are we talking about?
2. Is this the only https site you're having this problem with??

Yes, your issue/expiration dates are what I see.

I do NOT know how to view the certificate code on my Slackware 13.1 box.
But here is the exact text from the Firefox file cert_override.txt
This is important, though. For the last 5 years, until a month ago, I never had a problem. It seems to coincide roughly with the renewal date in August.

TWC (Time Warner Cable) is "working on the problem", they say. But, it is not clear if they even have access to a Linux machine. We (Linux devotees) are only about 2% of their subscriber base.

FYI: I just tried the site again and I get an invalid certificate alert.

Hopefully they really are working on the problem.

I am currently using Slackware 13.1, the 32 bit version. I have been a user of Slackware for about 15 years.

This is the only https website on which I have a problem & most, if not all, of the others (like banks) use VeriSign. That is why I think it is problem confined to them (Time Warner Cable).

In Firefox (4.0b6 or 3.6.x) at the login page. If I do (click)
Tools -> Page Info -> Security -> View Certificate
the very first line says
"Could not verify this certificate for unknown reasons"
but all the following data appears sound.

Konqueror & Seamonkey also 'birp' on the site; however, all use the same browser engine (Gecko). So, it's not surprising.

This invalid certificate issue only appeared in the last month or two; the 5 prior years I had no problem. Also I tried a MS Win box & an Apple machine: no warning message. However, it's been my experience with Linux that it is far more careful in assuring system security than our more popular competitors.

I want to thank everyone on this thread for looking into this situation.

JAIT (Just As I Thought). It is real & it is NOT a Linux distro problem!

I wonder if it is geographical problem. You are in LA & I am in Santa Monica CA. GrapefruitGirl did not see it; is she outside of Southern California?

I will attempt to direct Time Warner Cable technicians to this thread so they can witness this directly.

Thanks for the help!

FWIW, the 2001 was a typo, it was supposed to be 2011. When I pull up the page and go to tools->page info->security, it says that it has been verified by verisign and that it is trusted for the purpose of SSL Server Certificate.

Could it be a problem with whatever server you get redirected to for verification? As far as location, I am in North Carolina, which is about as far from Southern California as you can get in the lower 48. It would make sense for me to be accessing a different verification server.