Hi,

I've been having an issue with using Konqueror on the Zions Bank website, https://www.zionsbank.com. It claims that the certificate is signed by an unknown authority. This is the case with both Konqueror for KDE 3.5 on Gentoo and with Konqueror for KDE 4 on Slackware. Every other browser I have used reports no problem with the site's authentication, but NetCraft indicates that there is a self-signed certificate in the authenticity chain: http://toolbar.netcraft.com/site_rep....zionsbank.com.

Could anyone explain to me what's going on here?

Thanks in advance,
---linuxrocks123

These are listed in a Sun document as in their default trust list.
Entrust.net Premium 2048 Secure Server CA
Entrust.net Secure Personal CA
Entrust.net Secure Server CA

http://docs.sun.com/source/816-6732-10/authctn.html
So they are legit it seems.
It is up to the web browser publisher to decide which root authorities to trust. Many feel that the number of CA's has gotten out of control, such as Steve Gibson's joke about the Hong Kong post office. The root authority and the certificate authority are one in the same. I guess it begs the question, does one link make up a chain (of authority).

Anyway, it isn't the bank's certificate that isn't being trusted, it's the CA's because it is self signed. If you personally know that this is a real bank, then you probably can trust it.

That might be a good policy by Konqueror. Imagine an attacker importing certificates for their own fake CA & root server on your browser and issuing them to his own phishing sites. Maybe a stretch, but I'm sure there may be more than a handful of computer techs who might do that for cash. Hopefully such a tech won't know that konqueror will trip it up, or the attacker could just add another CA in the chain.