X
Tap here to go to the mobile version of the site.

Fóram Tacaíochta

Cuireadh an snáithe seo sa chartlann. Cuir ceist nua má tá cabhair uait.

thawte Extended Validation SSL CA / Certficate viewer using 2 different fonts

Postáilte

I received an error going to https://www.secunia.com stating that the site could not be trusted as the issuer of the certificate (in this case thawte Extended Validation SSL CA) was unknown. I went to GRC.com and ran the https fingerprint tool to evaluate if the site certificate was ok and when I compared fingerprints I noticed that two different fonts were being used in the SHA-1 and SHA-256 fingerprints.

I want to say that this laptop has malware infections that I am trying to clean. I have removed some but am confident that more remain. I was going to that website to download a tool that assists in keeping all application current with all publisher updates.

I received an error going to https://www.secunia.com stating that the site could not be trusted as the issuer of the certificate (in this case thawte Extended Validation SSL CA) was unknown. I went to GRC.com and ran the https fingerprint tool to evaluate if the site certificate was ok and when I compared fingerprints I noticed that two different fonts were being used in the SHA-1 and SHA-256 fingerprints. I want to say that this laptop has malware infections that I am trying to clean. I have removed some but am confident that more remain. I was going to that website to download a tool that assists in keeping all application current with all publisher updates.
Attached screenshots

Athraithe ag JustinAlt ar

Tuilleadh mionsonraí faoin chóras

Feidhmchlár

  • Firefox 41.0.1
  • User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0
  • URL Tacaíochta: https://support.mozilla.org/1/firefox/41.0.1/WINNT/en-US/

Eisínteachtaí

  • HP SimplePass 1.0 (firefox@bho.com) (Neamhghníomhach)

JavaScript

  • incrementalGCEnabled: True

Grafaic

  • adapterDescription: Intel(R) HD Graphics Family
  • adapterDescription2:
  • adapterDeviceID: 0x0a16
  • adapterDeviceID2:
  • adapterDrivers: igdumdim64 igd10iumd64 igd10iumd64 igdumdim32 igd10iumd32 igd10iumd32
  • adapterDrivers2:
  • adapterRAM: Unknown
  • adapterRAM2:
  • adapterSubsysID: 227f103c
  • adapterSubsysID2:
  • adapterVendorID: 0x8086
  • adapterVendorID2:
  • direct2DEnabled: True
  • directWriteEnabled: True
  • directWriteVersion: 6.3.9600.17999
  • driverDate: 4-24-2014
  • driverDate2:
  • driverVersion: 10.18.10.3574
  • driverVersion2:
  • info: {u'AzureContentBackend': u'direct2d 1.1', u'AzureCanvasBackend': u'direct2d 1.1', u'AzureFallbackCanvasBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • isGPU2Active: False
  • numAcceleratedWindows: 3
  • numTotalWindows: 3
  • supportsHardwareH264: True
  • webglRenderer: Google Inc. -- ANGLE (Intel(R) HD Graphics Family Direct3D11 vs_5_0 ps_5_0)
  • windowLayerManagerRemote: True
  • windowLayerManagerType: Direct3D 11

Sainroghanna Athraithe

Éagsúil

  • User JS: No
  • Inrochtaineacht: Tá
cor-el
  • Top 10 Contributor
  • Moderator
17564 réiteach 158871 freagra

What do you see in the Details pane?

Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

You can use this button to go to the current Firefox profile folder:

What do you see in the Details pane? Try to rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored. If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate. You can use this button to go to the current Firefox profile folder: *Help > Troubleshooting Information > Profile Directory: Show Folder (Linux: Open Directory; Mac: Show in Finder) *http://kb.mozillazine.org/Profile_folder_-_Firefox
jscher2000
  • Top 10 Contributor
8783 réiteach 71817 freagra

Hmm, I don't get an error for that URL, just a download dialog. There is a gray ! warning triangle when I visit the site, perhaps because of the SHA-1 or mixed content, but that isn't a block like the one you're seeing. Odd...

Hmm, I don't get an error for that URL, just a download dialog. There is a gray ! warning triangle when I visit the site, perhaps because of the SHA-1 or mixed content, but that isn't a block like the one you're seeing. Odd...

Úinéir na ceiste

The details pane as requested. I will do the other steps when i get back home. What do you make of the different fonts used for the SHA-1 and the SHA-256 fingerprint?

The details pane as requested. I will do the other steps when i get back home. What do you make of the different fonts used for the SHA-1 and the SHA-256 fingerprint?
jscher2000
  • Top 10 Contributor
8783 réiteach 71817 freagra

Firefox expects servers to sent "intermediate" certificate between the server's own certificate and the "root" certificates distributed with browsers and operating systems. Secunia's webmaster goofed on that. This was confirmed by https://www.ssllabs.com/ssltest/analyze.html?d=secunia.com (intermediate certificate requires an extra download, which Firefox does not do).

But I'm not sure what the best workaround is. Finding a server that sends that particular intermediate certificate may be difficult, as the issuer's home site now uses a more updated one and otherwise it's pure guesswork. You could try importing it from the Windows certificate store, but if you aren't planning on using this site frequently, you might just want to download the EXE file using another browser.

Firefox expects servers to sent "intermediate" certificate between the server's own certificate and the "root" certificates distributed with browsers and operating systems. Secunia's webmaster goofed on that. This was confirmed by https://www.ssllabs''.''com/ssltest/analyze.html?d=secunia''.''com (intermediate certificate requires an extra download, which Firefox does not do). But I'm not sure what the best workaround is. Finding a server that sends that particular intermediate certificate may be difficult, as the issuer's home site now uses a more updated one and otherwise it's pure guesswork. You could try importing it from the Windows certificate store, but if you aren't planning on using this site frequently, you might just want to download the EXE file using another browser.