Donations to SETI


log in

Advanced search

Questions and Answers : Web site : Donations to SETI

1 · 2 · Next
Author Message
Profile Dune Finkleberry
Avatar
Send message
Joined: 22 Sep 99
Posts: 1305
Credit: 608,889
RAC: 600
United States
Message 1053557 - Posted: 7 Dec 2010, 14:56:16 UTC

I've recently decided to donate a bit of extra cash to SETI, but when I go to HERE to make the donation I get this popup when I try to enter "Click here to make an online credit card or VISA check card donation" I can do it.



It's all coming from my BitDefender Security, calling the site's security certificate invalid. Call me paranoid but...

Lately Firefox has been acting weird, and I'm just not really sure anymore if it can be trusted. All virus scans come up clean.
____________
The Old Dune Finkleberry

Eric Korpela
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1085
Credit: 8,290,496
RAC: 7,545
United States
Message 1053625 - Posted: 7 Dec 2010, 22:51:10 UTC - in response to Message 1053557.
Last modified: 8 Dec 2010, 18:59:16 UTC

Hi Dune,

It appears that your computer isn't recognizing "COMODO CA, Ltd." as a valid certification authority. The most common cause of that would be, either your browser or BitDefender using doesn't include COMODO CA in its cacert file.

Upgrading might help. The version of Firefox I have (3.6.12) has the COMODO CA cert in it, as does IE8. I doubt it would be in IE6. I don't know what version of Firefox was the first to include it.

Safari 4.0.4 does not have the proper certificate installed. Again, I don't know which version of Safari would first have the proper certification. Matt tells me that recent versions of Safari on iPhone and iPad have the correct certificates.

Recent versions of Chrome appear to have the proper certificate. However the Google browser on my Android phone does not.

If your browser doesn't have the correct certificate, you can verify that the one you have is correct by viewing the certificate. If the certificate has following properties, you've got the right one.

* Issued to Common Name devcomm.urel.berkeley.edu
* Issued by Common Name COMODO High-Assurance Secure Server CA
* Serial Number 00:E2:95:17:C5:2F:C2:72:C1:8B:10:08:65:A2:E0:55:E2
* SHA1 Fingerprint 4F:8F:C7:66:9E:1E:04:D1:A9:60:4D:A1:7F:8D:91:0E:6D:90:34:3D
* MD5 Fingerprint D9:49:A1:D3:28:86:9D:41:B4:F9:11:BE:D8:BB:44:5B

Once you're sure you have the right certificate you can safely grant an exception.

Eric
____________

Profile Dune Finkleberry
Avatar
Send message
Joined: 22 Sep 99
Posts: 1305
Credit: 608,889
RAC: 600
United States
Message 1053658 - Posted: 7 Dec 2010, 23:35:01 UTC

Thx for the response. It's odd that I'm also running Firefox (3.6.12). But even odder that three days ago I went in to the site without a whimper. I'll check IE8 as have that too, but I hate running IE.

This too shall pass. I'll make that donation within a couple of days.
____________
The Old Dune Finkleberry

Profile Uli
Volunteer tester
Avatar
Send message
Joined: 6 Feb 00
Posts: 9578
Credit: 5,300,610
RAC: 3,977
Germany
Message 1053742 - Posted: 8 Dec 2010, 3:20:32 UTC

AAAAAAAAAAAASSSSSSSSSSSSSSSOOOOOOOOOOOOOOMMMMMMMMMMMMMMEEEEEEEEEEEEEE got a preci.
Dune
I see a shining Star.

____________
Pluto will always be a planet to me.
Order your 15th Seti Anniversary Shirt today. Just PM me for details.
Cash Donation Specialist

Seti Ambassador

Profile Dune Finkleberry
Avatar
Send message
Joined: 22 Sep 99
Posts: 1305
Credit: 608,889
RAC: 600
United States
Message 1053758 - Posted: 8 Dec 2010, 4:03:30 UTC - in response to Message 1053742.

I see a shining Star.

Already!
____________
The Old Dune Finkleberry

Profile Uli
Volunteer tester
Avatar
Send message
Joined: 6 Feb 00
Posts: 9578
Credit: 5,300,610
RAC: 3,977
Germany
Message 1053763 - Posted: 8 Dec 2010, 4:18:41 UTC - in response to Message 1053758.

I see a shining Star.

Already!

Yep...................Dune
____________
Pluto will always be a planet to me.
Order your 15th Seti Anniversary Shirt today. Just PM me for details.
Cash Donation Specialist

Seti Ambassador

Profile KWSN THE Holy Hand Grenade!
Volunteer tester
Avatar
Send message
Joined: 20 Dec 05
Posts: 1897
Credit: 9,156,986
RAC: 11,880
United States
Message 1054005 - Posted: 8 Dec 2010, 18:33:02 UTC

Firefox 3.6.8 comes up with the security exception...
____________
.

Profile Dune Finkleberry
Avatar
Send message
Joined: 22 Sep 99
Posts: 1305
Credit: 608,889
RAC: 600
United States
Message 1054013 - Posted: 8 Dec 2010, 18:50:15 UTC - in response to Message 1054005.
Last modified: 8 Dec 2010, 18:54:07 UTC

Firefox 3.6.8 comes up with the security exception...

Must be a beta version. My Firefox 3.6.12 is still showing no updates available. And I don't do beta versions. I'll let someone who knows what they're doing get the bugs out.

Whatever the case may be, I've got my star.

Interesting that I just got a call this morn from my bank. They wanted to know if Berkley was authorized. :-)
____________
The Old Dune Finkleberry

Eric Korpela
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1085
Credit: 8,290,496
RAC: 7,545
United States
Message 1054016 - Posted: 8 Dec 2010, 18:53:25 UTC - in response to Message 1054013.

Because giving your money to a University is what thieves commonly do if they get your credit card number?
____________

Profile Dune Finkleberry
Avatar
Send message
Joined: 22 Sep 99
Posts: 1305
Credit: 608,889
RAC: 600
United States
Message 1054022 - Posted: 8 Dec 2010, 18:56:56 UTC - in response to Message 1054016.

Because giving your money to a University is what thieves commonly do if they get your credit card number?

Ha! I guess you'd have more donations if that were true.

HEY! I thought you were banned!
____________
The Old Dune Finkleberry

Eric Korpela
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1085
Credit: 8,290,496
RAC: 7,545
United States
Message 1054024 - Posted: 8 Dec 2010, 19:00:41 UTC - in response to Message 1054022.


HEY! I thought you were banned!


I was framed by the CRL! So they let me off with a warning.
____________

Profile KWSN THE Holy Hand Grenade!
Volunteer tester
Avatar
Send message
Joined: 20 Dec 05
Posts: 1897
Credit: 9,156,986
RAC: 11,880
United States
Message 1054034 - Posted: 8 Dec 2010, 19:15:53 UTC - in response to Message 1054013.

Firefox 3.6.8 comes up with the security exception...

Must be a beta version. My Firefox 3.6.12 is still showing no updates available. And I don't do beta versions. I'll let someone who knows what they're doing get the bugs out.

Whatever the case may be, I've got my star.

Interesting that I just got a call this morn from my bank. They wanted to know if Berkley was authorized. :-)


that was 3.6.8, which (IIRC) is before 3.6.12... [evil grin]
____________
.

Profile Richard Babylon
Send message
Joined: 20 Dec 99
Posts: 7
Credit: 842,661
RAC: 0
United States
Message 1054186 - Posted: 9 Dec 2010, 6:06:32 UTC - in response to Message 1053625.

Hi Eric,

I don't really understand how certificates work, but I ran into this exact same problem. I checked your hash numbers and all the rest -- it all matches what I'm seeing on my screen -- and I trust the site, so I'll make a certificate exception.

But just so you know, I also have Firefox 3.6.12.

This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations. If I weren't so patient and so dedicated I may have deemed it not worth the effort of researching this and checking those long strings of characters. I've been with the project since '99 and I'm not giving up that easy.

Anyway, thanks for the instructions -- and thanks to Dune for the screenshot.
____________

Profile ProTON
Avatar
Send message
Joined: 17 Aug 02
Posts: 7
Credit: 2,847,041
RAC: 1,077
Lithuania
Message 1054204 - Posted: 9 Dec 2010, 8:52:24 UTC

As for IE, it uses system certificates. So you should ensure that you have the latest Update for Root Certificates from Microsoft installed. At the time of this writing the latest is http://www.microsoft.com/downloads/en/details.aspx?FamilyID=25249786-2b8e-4c51-8f4b-727ce25cc2c5
____________
days go by, and still I think of you...

Profile Dune Finkleberry
Avatar
Send message
Joined: 22 Sep 99
Posts: 1305
Credit: 608,889
RAC: 600
United States
Message 1054205 - Posted: 9 Dec 2010, 9:01:05 UTC - in response to Message 1054204.

As for IE, it uses system certificates. So you should ensure that you have the latest Update for Root Certificates from Microsoft installed. At the time of this writing the latest is http://www.microsoft.com/downloads/en/details.aspx?FamilyID=25249786-2b8e-4c51-8f4b-727ce25cc2c5

IE showed the same. It was weird, because I was in there a few days earlier with no problems.

Weird....
____________
The Old Dune Finkleberry

OzzFan
Volunteer tester
Avatar
Send message
Joined: 9 Apr 02
Posts: 13541
Credit: 29,356,099
RAC: 15,847
United States
Message 1054231 - Posted: 9 Dec 2010, 13:12:35 UTC - in response to Message 1054186.

This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations. If I weren't so patient and so dedicated I may have deemed it not worth the effort of researching this and checking those long strings of characters. I've been with the project since '99 and I'm not giving up that easy.


If the user's browser doesn't have the CA listed as a trust, how does SETI fix that?

Profile Richard Babylon
Send message
Joined: 20 Dec 99
Posts: 7
Credit: 842,661
RAC: 0
United States
Message 1054311 - Posted: 9 Dec 2010, 17:32:58 UTC - in response to Message 1054231.

This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations...


If the user's browser doesn't have the CA listed as a trust, how does SETI fix that?


That's a good question and I don't know the answer. (As I said above, I don't really understand how certificates work.) But it seems to me that communication to the certificate authority (COMODO CA in this case) about their "unrecognized" status would be a good start. They could then complain to the Mozilla community and to the creators of any other affected browser.
____________

Eric Korpela
Volunteer moderator
Project administrator
Project developer
Project scientist
Avatar
Send message
Joined: 3 Apr 99
Posts: 1085
Credit: 8,290,496
RAC: 7,545
United States
Message 1054336 - Posted: 9 Dec 2010, 18:22:19 UTC - in response to Message 1054311.

COMODO is aware of the problem. Even though they are a recognized CA, some browsers makers haven't been very good about updating their certification files, especially for browsers on older operating systems. I'm guessing there are some negotiations going on regarding more recent browsers.

As for why Firefox 6.3.12 sometimes has them and sometimes doesn't, maybe Firefox on Windows also checks the system certification key archive.
____________

Profile Pappa
Volunteer tester
Avatar
Send message
Joined: 9 Jan 00
Posts: 2562
Credit: 12,301,681
RAC: 0
United States
Message 1054521 - Posted: 10 Dec 2010, 5:00:14 UTC

Public Key Infrastructure (PKI)

The very short course.

With the advent of doing "secure transactions" on the Internet (shopping, code signing, personal identification etc). A method had to be formed to secure the connection from the User, to the Server and/or to the Agency that processes the Card/transactions. Yes there is more.

Both camps (Win, Nix), created Certificate Services (along with Versign and others) becoming Certificate Authorities. and Providing Server based Certificate Services that would provide for the creation of a "Trusted" Certificate Server. In this day an age there are about 30 different things that a specific Secure Certificate could be issued for. If you really want to know Google is your friend and please it will take some time to read and understand.

In most cases, the OS (Windows, Nix etc) houses the Root, Intermediate and other Certificates. It then becomes the problem of various software(s) (Browsers etc) which are supposed to "read" from the Base Certificates Stores in the OS. Updates for the OS normally provide updates to the Root Certificates. That means that YOU the User has to go get those updates. Yes Certificates do expire, and there is facility for that.

Now in the case of this browser or that browser having or not having an issue. Then it becomes a Browser correctly reading what is embedded in the OS (back to up0dates). That is a "Browser" issue (or in some cases the user checked a check box, they did not fully understand now are now stuck with the undsired choice).

In the case of UCB, The Certificate under "Give to Cal" was updated 5 December 2010. There appears to be a problem with the certificate. As Eric states Comodo has been notified. So we wait.

Regards

Pappa

____________
Please consider a Donation to the Seti Project.

Profile Richard Babylon
Send message
Joined: 20 Dec 99
Posts: 7
Credit: 842,661
RAC: 0
United States
Message 1054533 - Posted: 10 Dec 2010, 6:08:38 UTC

Thanks Eric and Pappa. It's gratifying to see that my guess about what could be done -- based on only slight knowledge and logical deduction -- is not only plausible, but is already underway.
____________

1 · 2 · Next

Questions and Answers : Web site : Donations to SETI

Copyright © 2014 University of California