• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

When will HMRC...

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    When will HMRC...

    Sort out their website certificate

    Bunch of amateurs!

    Your connection is not private
    Attackers might be trying to steal your information from www.gov.uk (for example, passwords, messages, or credit cards). Learn more
    NET::ERR_CERT_AUTHORITY_INVALID
    Subject: www.gov.uk

    Issuer: GlobalSign Organization Validation CA - SHA256 - G2

    Expires on: Oct 15, 2018

    Current date: Jan 18, 2018
    "Is someone you don't like allowed to say something you don't like? If that is the case then we have free speech."- Elon Musk

    #2
    what's wrong with a cert with 9 months left to go?

    the question is why does your browser think the authority is invalid. Looks OK to me.
    See You Next Tuesday

    Comment


      #3
      Fine here. Cert valid, not revoked.

      Do you need to update your root CA's? Did you check it via any other means? SSL Labs is giving them an A+ rating which is normally an excellent start.

      (Amateurs indeed!)

      Comment


        #4
        Originally posted by vwdan View Post
        Fine here. Cert valid, not revoked.

        Do you need to update your root CA's? Did you check it via any other means? SSL Labs is giving them an A+ rating which is normally an excellent start.

        (Amateurs indeed!)
        I don't think updating the root CAs will help. GlobalSign have been around year. Unless OP is using Windows 95 I think it's more likely that the OS or browser CA list has been modified. That would make the OS/browser untrusted rather than the website IMO.
        See You Next Tuesday

        Comment


          #5
          Nowt wrong with it: https://www.ssllabs.com/ssltest/anal....33.144&latest

          Comment


            #6
            Must be a problem at clientco then
            "Is someone you don't like allowed to say something you don't like? If that is the case then we have free speech."- Elon Musk

            Comment


              #7
              Originally posted by Jog On View Post
              Must be a problem at clientco then
              Are they using SSL Interception, where the proxy spoofs the client cert so they can inspect the traffic and see if you are up to naughty things.

              To achieve this, they install new root certs on their estate. The proxy regenerates the website certs and signs them with the interceptor root. Maybe you don't have that root installed.

              What's the root cert in the chain - not the issuer as that could have been spoofed as well.

              Comment


                #8
                Originally posted by Jog On View Post
                Must be a problem at clientco then
                So let’s get this right. You trusted your clients PC setup more than gov.uk ssl cert?
                Personally I’d treat both with some caution.

                Do you use internet banking with clients PC?
                See You Next Tuesday

                Comment


                  #9
                  Originally posted by centurian View Post
                  Are they using SSL Interception, where the proxy spoofs the client cert so they can inspect the traffic and see if you are up to naughty things.

                  To achieve this, they install new root certs on their estate. The proxy regenerates the website certs and signs them with the interceptor root. Maybe you don't have that root installed.

                  What's the root cert in the chain - not the issuer as that could have been spoofed as well.
                  Perhaps ever PC has the same error and they’re breeding bad user behaviour (ignoring cert errors).
                  See You Next Tuesday

                  Comment


                    #10
                    Originally posted by Lance View Post
                    So let’s get this right. You trusted your clients PC setup more than gov.uk ssl cert?
                    Personally I’d treat both with some caution.

                    Do you use internet banking with clients PC?
                    At ClientCo, they use SSL interception, but some sites (internet banking, NHS etc.) are on a whitelist for no interception.

                    Comment

                    Working...
                    X