Certificate could not be validated

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|

Certificate could not be validated

Evalee Gress

What do I do to fix this SSL certificate error?

 

This keeps popping up even after I click Accept.

 

 

Thanks.


_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

Re: Certificate could not be validated

David Woolley (E.L)
On 17/05/17 17:19, Evalee Gress wrote:
> What do I do to fix this SSL certificate error?

Check the computer's date and time, as it says.

If they are correct, contact the service provider by suitably secure
means and ask them if they are really using an expired certificate.

If they say they are, point out that it is very bad practice, then make
a risk assessment as how likely it is that a hacker may have cracked the
encryption by now.

If they say that their certificate is valid, assume you are talking to
an impostor, and do not use the service to send anything that you
wouldn't want your local organised crime boss, to know, and do not
receive any files unless you have a deep understanding of how files can
be used to plant malware and you are certain that that is not possible
in your case.

Similarly, if they say they know it is expired but your risk assessment
determines it is too likely to have been compromised. Or preferably wait
until they have fixed it, at their end, before continuing to use the
service.

Do not ask anyone you do not know and trust to make the risk assessment
for you.

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

RE: Certificate could not be validated

Evalee Gress

David, thanks for your reply.

 

I'm not sure which computer's data and time you're referring to or how to check that.

 

We use pidgin in-house within our company. I'm not sure what you mean by the "service provider."

 

I’ve used Pidgin for years without this problem.

 

Here are my account settings:

 

 

 

-----Original Message-----
From: David Woolley [mailto:[hidden email]]
Sent: Wednesday, May 17, 2017 1:21 PM
To: Evalee Gress; [hidden email]
Subject: Re: Certificate could not be validated

 

On 17/05/17 17:19, Evalee Gress wrote:

> What do I do to fix this SSL certificate error?

 

Check the computer's date and time, as it says.

 

If they are correct, contact the service provider by suitably secure means and ask them if they are really using an expired certificate.

 

If they say they are, point out that it is very bad practice, then make a risk assessment as how likely it is that a hacker may have cracked the encryption by now.

 

If they say that their certificate is valid, assume you are talking to an impostor, and do not use the service to send anything that you wouldn't want your local organised crime boss, to know, and do not receive any files unless you have a deep understanding of how files can be used to plant malware and you are certain that that is not possible in your case.

 

Similarly, if they say they know it is expired but your risk assessment determines it is too likely to have been compromised. Or preferably wait until they have fixed it, at their end, before continuing to use the service.

 

Do not ask anyone you do not know and trust to make the risk assessment for you.

 


_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

Re: Certificate could not be validated

David Woolley (E.L)
On 17/05/17 18:46, Evalee Gress wrote:
>
> I'm not sure which computer's data and time you're referring to or how
> to check that.

That on the machine on which you are running pidgin.

>
> We use pidgin in-house within our company. I'm not sure what you mean by
> the "service provider."

Your company's IT department.

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

RE: Certificate could not be validated

Evalee Gress
When I asked them about this, they said they thought it might be due to a Microsoft update. Is that possible?

Other than that, they didn't know what could be causing the problem.

-----Original Message-----
From: David Woolley [mailto:[hidden email]]
Sent: Wednesday, May 17, 2017 1:55 PM
To: Evalee Gress; [hidden email]
Subject: Re: Certificate could not be validated

On 17/05/17 18:46, Evalee Gress wrote:
>
> I'm not sure which computer's data and time you're referring to or how
> to check that.

That on the machine on which you are running pidgin.

>
> We use pidgin in-house within our company. I'm not sure what you mean
> by the "service provider."

Your company's IT department.

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

Re: Certificate could not be validated

Brian Morrison
On Wed, 17 May 2017 17:58:31 +0000
Evalee Gress wrote:

> When I asked them about this, they said they thought it might be due
> to a Microsoft update. Is that possible?

You should view the certificate and that should tell you who created it
and when. If you have an internal server then I suspect that the
certificate was created with a certain lifespan and now someone needs
to create a new certificate that expires in 5 or so years.

I don't think it can be down to MS, the certificate is for an internal
machine or domain so it's probably something from some years ago and
it's been forgotten about.

--

Brian Morrison

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

RE: Certificate could not be validated

Evalee Gress
In reply to this post by Evalee Gress
Could this be due to a Microsoft update?

When I asked my IT dept. about this, they said they thought it might be due to a Microsoft update. Is that possible?

Other than that, they didn't know what could be causing the problem.

Thank you.

-----Original Message-----
From: Evalee Gress
Sent: Wednesday, May 17, 2017 1:59 PM
To: '[hidden email]'
Subject: RE: Certificate could not be validated

When I asked them about this, they said they thought it might be due to a Microsoft update. Is that possible?

Other than that, they didn't know what could be causing the problem.

-----Original Message-----
From: David Woolley [mailto:[hidden email]]
Sent: Wednesday, May 17, 2017 1:55 PM
To: Evalee Gress; [hidden email]
Subject: Re: Certificate could not be validated

On 17/05/17 18:46, Evalee Gress wrote:
>
> I'm not sure which computer's data and time you're referring to or how
> to check that.

That on the machine on which you are running pidgin.

>
> We use pidgin in-house within our company. I'm not sure what you mean
> by the "service provider."

Your company's IT department.

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

Re: Certificate could not be validated

David Woolley (E.L)
On 18/05/17 13:30, Evalee Gress wrote:
> Could this be due to a Microsoft update?
>
Most unlikely.  A Microsoft update might remove trust for a root
certificate, but the error you are getting is that the certificate is
expired.

> When I asked my IT dept. about this, they said they thought it might be due to a Microsoft update. Is that possible?
>

When it comes to security, IT departments shouldn't be guessing!
However, if you are using the machine for the companies purposes, you
can act on their advice to ignore the error, as it is the company's
security that is at risk, so they have the right to decide when to
ignore warnings.

Certificates have a limited life because of similar reasons to those for
which credit and debit cards get replaced.  The longer a particular
certificate is in use, the longer the bad guys have to break the
encryption.  Also, flaws can be found in the methods used, and new
certificates allow believed safer methods to be used; this has actually
happened.

If the company doesn't need security for this application, beyond that
which applies to the whole network, they should disable encryption,
unless the server does not allow that.

> Other than that, they didn't know what could be causing the problem.

The problem is very clear.  They have failed to replace the server
certificate before it expired.  I am definitely concerned that the IT
department was unable to understand that error.

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

RE: Certificate could not be validated

Evalee Gress
I'm the only employee (that I know of) that's getting this error.

Do different certificates apply to individual employees?

Just trying to understand how the issue seems to be affecting only me.

Thanks.

-----Original Message-----
From: David Woolley [mailto:[hidden email]]
Sent: Thursday, May 18, 2017 9:00 AM
To: Evalee Gress; [hidden email]
Subject: Re: Certificate could not be validated

On 18/05/17 13:30, Evalee Gress wrote:
> Could this be due to a Microsoft update?
>
Most unlikely.  A Microsoft update might remove trust for a root certificate, but the error you are getting is that the certificate is expired.

> When I asked my IT dept. about this, they said they thought it might be due to a Microsoft update. Is that possible?
>

When it comes to security, IT departments shouldn't be guessing!
However, if you are using the machine for the companies purposes, you can act on their advice to ignore the error, as it is the company's security that is at risk, so they have the right to decide when to ignore warnings.

Certificates have a limited life because of similar reasons to those for which credit and debit cards get replaced.  The longer a particular certificate is in use, the longer the bad guys have to break the encryption.  Also, flaws can be found in the methods used, and new certificates allow believed safer methods to be used; this has actually happened.

If the company doesn't need security for this application, beyond that which applies to the whole network, they should disable encryption, unless the server does not allow that.

> Other than that, they didn't know what could be causing the problem.

The problem is very clear.  They have failed to replace the server certificate before it expired.  I am definitely concerned that the IT department was unable to understand that error.

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

Re: Certificate could not be validated

David Woolley (E.L)
On 18/05/17 14:04, Evalee Gress wrote:
> I'm the only employee (that I know of) that's getting this error.
>
> Do different certificates apply to individual employees?
>

Normally everyone would get the same certificate.  It is possible that
another client, or even an older version of Pidgin, doesn't check
properly for expired certificates.

In any case, if you use the View Certificate button, you should be able
to see the expiry date.  If that is in the past, the error message has
been confirmed.  If not, then the problem gets interesting.

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support
Reply | Threaded
Open this post in threaded view
|

RE: Certificate could not be validated

Evalee Gress
The cert expired in February. I'll talk with my IT department again.

Thanks for all you help.

-----Original Message-----
From: David Woolley [mailto:[hidden email]]
Sent: Thursday, May 18, 2017 9:12 AM
To: Evalee Gress; [hidden email]
Subject: Re: Certificate could not be validated

On 18/05/17 14:04, Evalee Gress wrote:
> I'm the only employee (that I know of) that's getting this error.
>
> Do different certificates apply to individual employees?
>

Normally everyone would get the same certificate.  It is possible that another client, or even an older version of Pidgin, doesn't check properly for expired certificates.

In any case, if you use the View Certificate button, you should be able to see the expiry date.  If that is in the past, the error message has been confirmed.  If not, then the problem gets interesting.

_______________________________________________
[hidden email] mailing list
Want to unsubscribe?  Use this link:
https://pidgin.im/cgi-bin/mailman/listinfo/support