Questions and Answers :
Web site :
Donations to SETI
Message board moderation
Author | Message |
---|---|
Dune Finkleberry Send message Joined: 22 Sep 99 Posts: 1314 Credit: 1,124,651 RAC: 0 |
I've recently decided to donate a bit of extra cash to SETI, but when I go to HERE to make the donation I get this popup when I try to enter "Click here to make an online credit card or VISA check card donation" I can do it. It's all coming from my BitDefender Security, calling the site's security certificate invalid. Call me paranoid but... Lately Firefox has been acting weird, and I'm just not really sure anymore if it can be trusted. All virus scans come up clean. |
Eric Korpela Send message Joined: 3 Apr 99 Posts: 1382 Credit: 54,506,847 RAC: 60 |
Hi Dune, It appears that your computer isn't recognizing "COMODO CA, Ltd." as a valid certification authority. The most common cause of that would be, either your browser or BitDefender using doesn't include COMODO CA in its cacert file. Upgrading might help. The version of Firefox I have (3.6.12) has the COMODO CA cert in it, as does IE8. I doubt it would be in IE6. I don't know what version of Firefox was the first to include it. Safari 4.0.4 does not have the proper certificate installed. Again, I don't know which version of Safari would first have the proper certification. Matt tells me that recent versions of Safari on iPhone and iPad have the correct certificates. Recent versions of Chrome appear to have the proper certificate. However the Google browser on my Android phone does not. If your browser doesn't have the correct certificate, you can verify that the one you have is correct by viewing the certificate. If the certificate has following properties, you've got the right one. * Issued to Common Name devcomm.urel.berkeley.edu * Issued by Common Name COMODO High-Assurance Secure Server CA * Serial Number 00:E2:95:17:C5:2F:C2:72:C1:8B:10:08:65:A2:E0:55:E2 * SHA1 Fingerprint 4F:8F:C7:66:9E:1E:04:D1:A9:60:4D:A1:7F:8D:91:0E:6D:90:34:3D * MD5 Fingerprint D9:49:A1:D3:28:86:9D:41:B4:F9:11:BE:D8:BB:44:5B Once you're sure you have the right certificate you can safely grant an exception. Eric @SETIEric@qoto.org (Mastodon) |
Dune Finkleberry Send message Joined: 22 Sep 99 Posts: 1314 Credit: 1,124,651 RAC: 0 |
Thx for the response. It's odd that I'm also running Firefox (3.6.12). But even odder that three days ago I went in to the site without a whimper. I'll check IE8 as have that too, but I hate running IE. This too shall pass. I'll make that donation within a couple of days. |
Uli Send message Joined: 6 Feb 00 Posts: 10923 Credit: 5,996,015 RAC: 1 |
AAAAAAAAAAAASSSSSSSSSSSSSSSOOOOOOOOOOOOOOMMMMMMMMMMMMMMEEEEEEEEEEEEEE got a preci. Dune I see a shining Star. Pluto will always be a planet to me. Seti Ambassador Not to late to order an Anni Shirt |
Dune Finkleberry Send message Joined: 22 Sep 99 Posts: 1314 Credit: 1,124,651 RAC: 0 |
I see a shining Star. Already! |
Uli Send message Joined: 6 Feb 00 Posts: 10923 Credit: 5,996,015 RAC: 1 |
I see a shining Star. Yep...................Dune Pluto will always be a planet to me. Seti Ambassador Not to late to order an Anni Shirt |
KWSN THE Holy Hand Grenade! Send message Joined: 20 Dec 05 Posts: 3187 Credit: 57,163,290 RAC: 0 |
Firefox 3.6.8 comes up with the security exception... . Hello, from Albany, CA!... |
Dune Finkleberry Send message Joined: 22 Sep 99 Posts: 1314 Credit: 1,124,651 RAC: 0 |
Firefox 3.6.8 comes up with the security exception... Must be a beta version. My Firefox 3.6.12 is still showing no updates available. And I don't do beta versions. I'll let someone who knows what they're doing get the bugs out. Whatever the case may be, I've got my star. Interesting that I just got a call this morn from my bank. They wanted to know if Berkley was authorized. :-) |
Eric Korpela Send message Joined: 3 Apr 99 Posts: 1382 Credit: 54,506,847 RAC: 60 |
Because giving your money to a University is what thieves commonly do if they get your credit card number? @SETIEric@qoto.org (Mastodon) |
Dune Finkleberry Send message Joined: 22 Sep 99 Posts: 1314 Credit: 1,124,651 RAC: 0 |
Because giving your money to a University is what thieves commonly do if they get your credit card number? Ha! I guess you'd have more donations if that were true. HEY! I thought you were banned! |
Eric Korpela Send message Joined: 3 Apr 99 Posts: 1382 Credit: 54,506,847 RAC: 60 |
I was framed by the CRL! So they let me off with a warning. @SETIEric@qoto.org (Mastodon) |
KWSN THE Holy Hand Grenade! Send message Joined: 20 Dec 05 Posts: 3187 Credit: 57,163,290 RAC: 0 |
Firefox 3.6.8 comes up with the security exception... that was 3.6.8, which (IIRC) is before 3.6.12... [evil grin] . Hello, from Albany, CA!... |
Richard Babylon Send message Joined: 20 Dec 99 Posts: 7 Credit: 842,661 RAC: 0 |
Hi Eric, I don't really understand how certificates work, but I ran into this exact same problem. I checked your hash numbers and all the rest -- it all matches what I'm seeing on my screen -- and I trust the site, so I'll make a certificate exception. But just so you know, I also have Firefox 3.6.12. This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations. If I weren't so patient and so dedicated I may have deemed it not worth the effort of researching this and checking those long strings of characters. I've been with the project since '99 and I'm not giving up that easy. Anyway, thanks for the instructions -- and thanks to Dune for the screenshot. |
Vilius Send message Joined: 17 Aug 02 Posts: 7 Credit: 5,414,436 RAC: 0 |
As for IE, it uses system certificates. So you should ensure that you have the latest Update for Root Certificates from Microsoft installed. At the time of this writing the latest is http://www.microsoft.com/downloads/en/details.aspx?FamilyID=25249786-2b8e-4c51-8f4b-727ce25cc2c5 days go by, and still I think of you... |
Dune Finkleberry Send message Joined: 22 Sep 99 Posts: 1314 Credit: 1,124,651 RAC: 0 |
As for IE, it uses system certificates. So you should ensure that you have the latest Update for Root Certificates from Microsoft installed. At the time of this writing the latest is http://www.microsoft.com/downloads/en/details.aspx?FamilyID=25249786-2b8e-4c51-8f4b-727ce25cc2c5 IE showed the same. It was weird, because I was in there a few days earlier with no problems. Weird.... |
OzzFan Send message Joined: 9 Apr 02 Posts: 15691 Credit: 84,761,841 RAC: 28 |
This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations. If I weren't so patient and so dedicated I may have deemed it not worth the effort of researching this and checking those long strings of characters. I've been with the project since '99 and I'm not giving up that easy. If the user's browser doesn't have the CA listed as a trust, how does SETI fix that? |
Richard Babylon Send message Joined: 20 Dec 99 Posts: 7 Credit: 842,661 RAC: 0 |
This seems like the kind of thing that should be fixed, if commonplace, because you're cheating yourselves of possible donations... That's a good question and I don't know the answer. (As I said above, I don't really understand how certificates work.) But it seems to me that communication to the certificate authority (COMODO CA in this case) about their "unrecognized" status would be a good start. They could then complain to the Mozilla community and to the creators of any other affected browser. |
Eric Korpela Send message Joined: 3 Apr 99 Posts: 1382 Credit: 54,506,847 RAC: 60 |
COMODO is aware of the problem. Even though they are a recognized CA, some browsers makers haven't been very good about updating their certification files, especially for browsers on older operating systems. I'm guessing there are some negotiations going on regarding more recent browsers. As for why Firefox 6.3.12 sometimes has them and sometimes doesn't, maybe Firefox on Windows also checks the system certification key archive. @SETIEric@qoto.org (Mastodon) |
Pappa Send message Joined: 9 Jan 00 Posts: 2562 Credit: 12,301,681 RAC: 0 |
Public Key Infrastructure (PKI) The very short course. With the advent of doing "secure transactions" on the Internet (shopping, code signing, personal identification etc). A method had to be formed to secure the connection from the User, to the Server and/or to the Agency that processes the Card/transactions. Yes there is more. Both camps (Win, Nix), created Certificate Services (along with Versign and others) becoming Certificate Authorities. and Providing Server based Certificate Services that would provide for the creation of a "Trusted" Certificate Server. In this day an age there are about 30 different things that a specific Secure Certificate could be issued for. If you really want to know Google is your friend and please it will take some time to read and understand. In most cases, the OS (Windows, Nix etc) houses the Root, Intermediate and other Certificates. It then becomes the problem of various software(s) (Browsers etc) which are supposed to "read" from the Base Certificates Stores in the OS. Updates for the OS normally provide updates to the Root Certificates. That means that YOU the User has to go get those updates. Yes Certificates do expire, and there is facility for that. Now in the case of this browser or that browser having or not having an issue. Then it becomes a Browser correctly reading what is embedded in the OS (back to up0dates). That is a "Browser" issue (or in some cases the user checked a check box, they did not fully understand now are now stuck with the undsired choice). In the case of UCB, The Certificate under "Give to Cal" was updated 5 December 2010. There appears to be a problem with the certificate. As Eric states Comodo has been notified. So we wait. Regards Pappa Please consider a Donation to the Seti Project. |
Richard Babylon Send message Joined: 20 Dec 99 Posts: 7 Credit: 842,661 RAC: 0 |
Thanks Eric and Pappa. It's gratifying to see that my guess about what could be done -- based on only slight knowledge and logical deduction -- is not only plausible, but is already underway. |
©2024 University of California
SETI@home and Astropulse are funded by grants from the National Science Foundation, NASA, and donations from SETI@home volunteers. AstroPulse is funded in part by the NSF through grant AST-0307956.