Security Issue: certificate confusion while banking online
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
barbara
Re: Security Issue: certificate confusion while banking online
My old lovely Xperia with Cyanogenmod 9.1.0-mango, stock browser (v.4.0.4-eng..20120828.moredigits) also do not have information about Organizational Unit (OU) so also there will be no tree available. Maybe this bank has got sh..ty cert. politics/ implementation? Sometimes I feel like screaming ....
Re: Security Issue: certificate confusion while banking online
I think in part this is a problem with the bank. If they do not offer the intermediate (issuer) certificate in the certificate chain and you have not visited another Entrust asset before, then Pale Moon will not know of the issuer, and likely be forced to use a fallback certification path (which is not EV (green)).
It is also possible that there's a load balancing issue where one IP is configured properly but the other isn't. I'll have a look at what ssllabs says.
It is also possible that there's a load balancing issue where one IP is configured properly but the other isn't. I'll have a look at what ssllabs says.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
Re: Security Issue: certificate confusion while banking online
Nope, on the server side for the bank, everything checks out properly for login.ingbank.pl -- they send the proper certificates, and there are no chain issues. Also, both IPs it resolves to show proper support (even though they offer a few weak ciphers, probably for people with old PCs).
So, on the bank's side everything is in order. On the browser's side, I don't see any issues either, so it's still the most likely that something interferes with your connections.
It also doesn't make sense that you don't have a certificate chain at all.
Please do note that if you say "do not trust secured pages" then you are telling software to intercept your secure connections and play man-in-the-middle (which is what you don't want).
Note: OU is optional in a certificate. It doesn't have to be filled in (depending on issuing CA).
Once again though, the bank seems to be fine, and I don't see any issues with the browser (it gets presented with a proper chain and certificate every time). So I'm not 100% sure what is going on, but it does seem like something is intercepting your https connections and trying to mangle them. I don't think there's a direct risk for your password since it's still encrypted, but these issues should not occur anyway.
So, on the bank's side everything is in order. On the browser's side, I don't see any issues either, so it's still the most likely that something interferes with your connections.
It also doesn't make sense that you don't have a certificate chain at all.
Please do note that if you say "do not trust secured pages" then you are telling software to intercept your secure connections and play man-in-the-middle (which is what you don't want).
Note: OU is optional in a certificate. It doesn't have to be filled in (depending on issuing CA).
Once again though, the bank seems to be fine, and I don't see any issues with the browser (it gets presented with a proper chain and certificate every time). So I'm not 100% sure what is going on, but it does seem like something is intercepting your https connections and trying to mangle them. I don't think there's a direct risk for your password since it's still encrypted, but these issues should not occur anyway.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
barbara
Re: Security Issue: certificate confusion while banking online
Now my USB bootable Linux also do not recognize the owner of cert. - so this will be blue lock in Palemoon, I believe?
Yes, I also want to rectify my last post - no Organizational Unit (OU) doesn't affect presence of certification hierarchy in Details tab - sorry for this misleading.
@Moonchild - thanks a lot for checking this in so detailed way! Marvelous work, thanks once again. I'll try to reinstall whole Windows or try to contact with my ISP? I'll write here the end of this story (hope soon).
I do appreciate help from all posters of this thread! You are great!
Yes, I also want to rectify my last post - no Organizational Unit (OU) doesn't affect presence of certification hierarchy in Details tab - sorry for this misleading.
@Moonchild - thanks a lot for checking this in so detailed way! Marvelous work, thanks once again. I'll try to reinstall whole Windows or try to contact with my ISP? I'll write here the end of this story (hope soon).
I do appreciate help from all posters of this thread! You are great!