Good idea. Ya. I know. But what percentage of the computers the bank deals with are filled with malware?
On Thu, Aug 25, 2011 at 04:06:02PM -0500, Michael S. Zick wrote: > On Thu August 25 2011, t...@terralogic.net wrote: > > Sorry > > > > http://www.tdwaterhouse.ca/ > > > > Its my old cert chain which is broken. I jsut want to go to them and ask > > them to supply the root cert so I can install it and get rid of the error > > message which Firefox generates because I can't find the root cert. > > They are the wrong people to ask. > > Capture the certificate chain being sent by their server, > examine it to find what "root cert" you need, > then get that "root cert" from somewhere else, somewhere you can trust. > > The entire concept of "third party trust" is broken when you by-pass > the third party. ;-) > > Mike > > > > > > On Thu, Aug 25, 2011 at 04:44:07PM -0400, Crypto Sal wrote: > > > Can you please *be* specific and provide us with an exact URL for those > > > of thus that don't live in Canada or use TDWaterhouse? I see TD has > > > several sites and this is why we need you to be specific so we can tell > > > you which root to get. > > > > > > > > > On 08/25/2011 03:06 PM, t...@terralogic.net wrote: > > > > TDWaterhouse In Canada. I'm in Calgary. THose idjots tell me to > > > > reboot my computer when their Apache servers in TO send me a > > > > misconfiguration message. I told them yesterday we build it and you > > > > break it. Something is desperatly wrong. > > > > > > > > > > > > On Thu, Aug 25, 2011 at 02:10:11PM -0400, Crypto Sal wrote: > > > >> Firefox has its own certificate store. It doesn't share > > > >> '/etc/ssl/certs'. > > > >> > > > >> If we had the bank URL, we would be able to better help you to resolve > > > >> this issue. > > > >> > > > >> > > > >> On 08/25/2011 01:45 PM, t...@terralogic.net wrote: > > > >>> I know you are trying to help. But it doesn't help me to defer to a > > > >>> package manager because I'm trying to fix what the last package > > > >>> managers screwed up. > > > >>> > > > >>> On Thu, Aug 25, 2011 at 04:09:44AM -0500, Michael S. Zick wrote: > > > >>>> On Wed August 24 2011, t...@terralogic.net wrote: > > > >>>> Top posting to a hijacked thread is not the way to get > > > >>>> a quick and useful reply. > > > >>>> Next time, start your own. Mailing list threads are cheap. > > > >>>> > > > >>>>> I see my bank has an invalid cert. Likely I have an old cert > > > >>>>> chain. I'm running Debian Linux and firefox. > > > >>>>> > > > >>>> Use anyone of the distribution provided package managers to download > > > >>>> and > > > >>>> install the most recently released package of certificates. > > > >>>> > > > >>>>> Can anyone tell me where to install a valid root cert? Like what > > > >>>>> directory? > > > >>>>> I would think the bank should be able to provide the root of the > > > >>>>> chain. > > > >>>>> I'll need to know SPECICALLY what to ask them for. > > > >>>>> > > > >>>> Asking the operator of the site you wish to authenticate for the > > > >>>> certificate > > > >>>> is similar to asking the Fox to guard your Chicken House. > > > >>>> > > > >>>> Get the root certificate from an "independent", trusted, source. > > > >>>> Using your distribution's package management will take care of that > > > >>>> concern. > > > >>>> > > > >>>>> I've created my own certs of course but just not recently. > > > >>>>> Also I never tried to install the CA cert for firefox. > > > >>>>> > > > >>>> Your distribution's package manager already has that handled. > > > >>>> All you have to do is use it. > > > >>>> > > > >>>> Mike > > > >>>> ______________________________________________________________________ > > > >>>> OpenSSL Project > > > >>>> http://www.openssl.org > > > >>>> User Support Mailing List > > > >>>> openssl-users@openssl.org > > > >>>> Automated List Manager > > > >>>> majord...@openssl.org > > > >>> ______________________________________________________________________ > > > >>> OpenSSL Project http://www.openssl.org > > > >>> User Support Mailing List openssl-users@openssl.org > > > >>> Automated List Manager majord...@openssl.org > > > >>> > > > >> ______________________________________________________________________ > > > >> OpenSSL Project http://www.openssl.org > > > >> User Support Mailing List openssl-users@openssl.org > > > >> Automated List Manager majord...@openssl.org > > > > ______________________________________________________________________ > > > > OpenSSL Project http://www.openssl.org > > > > User Support Mailing List openssl-users@openssl.org > > > > Automated List Manager majord...@openssl.org > > > > > > > > > > ______________________________________________________________________ > > > OpenSSL Project http://www.openssl.org > > > User Support Mailing List openssl-users@openssl.org > > > Automated List Manager majord...@openssl.org > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > > > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org