kcbecker
asked on
Security certificate revocation question pops up even though no changes made in MSIE.
I am using MS XP Pro, SP2. All Windows updates have been applied. I am using Norton AV 2005 and Zonealarm Pro. Again all updates have been applied. I have made no changes to the compter for a number of weeks and lately (in the last 2 weeks) I have been getting the "Revocation information for the secuity certificate for this site is not available. Do you want to proceed?" window popping up when I visit sites such as PayPal. I do not get the message every time I visit a secure website and I have received the message visiting both secure and non-secure websites.
The privacy control in Zonealarm is set to high for banner control and medium for cookie control. The secuity setting in MSIE is set to high for restricted sites, medium for the Internet.
I have run Ad-Aware, Spybot and XoftSpy to check for trojans and have found none.
Any ideas on what may be causing this to suddenly do this?
Kevin
The privacy control in Zonealarm is set to high for banner control and medium for cookie control. The secuity setting in MSIE is set to high for restricted sites, medium for the Internet.
I have run Ad-Aware, Spybot and XoftSpy to check for trojans and have found none.
Any ideas on what may be causing this to suddenly do this?
Kevin
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You are right, ok:
I found it in Internetoptions -> Advanced Settings -> Security -> Check for server certificate revocation (requires restart)
Tolomir
I found it in Internetoptions -> Advanced Settings -> Security -> Check for server certificate revocation (requires restart)
Tolomir
Internet Explorer Slow When Going to Secure Web Sites
Question: I notice that often when I go to secure (SSL) Web sites, it takes forever for the Web page to load. This doesn't happen on regular non-SSL Web sites. Is there anything I can do in Internet Explorer to speed things up? Thanks! -Ricky M.
Answer: It could be that the secure Web sites you're visiting haven't published their Certificate Revocation Lists (CRLs). This is a list that allows the browser to check whether the digital certificate used to secure the Web site has been revoked. While checking for server certificate revocation is a good security measure, it can slow down connections to smaller Web sites that don't publish their CRLs. Here's how to disable CRL checking:
Open Internet Explorer
Click the Tools menu and click Internet Options.
On the Internet Options dialog box, click the Advanced tab.
On the Advanced tab, scroll down the list until you find the Security group of options.
Remove the checkmark in the Check for server certificate revocation (requires restart) option.
Close Internet Explorer and open it again.
Tolomir
Question: I notice that often when I go to secure (SSL) Web sites, it takes forever for the Web page to load. This doesn't happen on regular non-SSL Web sites. Is there anything I can do in Internet Explorer to speed things up? Thanks! -Ricky M.
Answer: It could be that the secure Web sites you're visiting haven't published their Certificate Revocation Lists (CRLs). This is a list that allows the browser to check whether the digital certificate used to secure the Web site has been revoked. While checking for server certificate revocation is a good security measure, it can slow down connections to smaller Web sites that don't publish their CRLs. Here's how to disable CRL checking:
Open Internet Explorer
Click the Tools menu and click Internet Options.
On the Internet Options dialog box, click the Advanced tab.
On the Advanced tab, scroll down the list until you find the Security group of options.
Remove the checkmark in the Check for server certificate revocation (requires restart) option.
Close Internet Explorer and open it again.
Tolomir
ASKER
I found the "Check for server certificate revocation (requires restart)". It's checked so I am assuming the problem (if there is one) is due to the site manager not keeping the CRL's up to date. I'll also assume that I am safe sticking to well known sites such as PayPal and when the message comes up it's OK to proceed.
Thanks for your help.
Thanks for your help.
Yep,
I but would use a tool like spoofstick, to be sure, paypal is really paypal.com
http://www.corestreet.com/spoofstick/index.html
What is SpoofStick?
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as “phishing".
It's apart from frefox, available for IE too.
Tolomir
I but would use a tool like spoofstick, to be sure, paypal is really paypal.com
http://www.corestreet.com/spoofstick/index.html
What is SpoofStick?
SpoofStick is a simple browser extension that helps users detect spoofed (fake) websites. A spoofed website is typically made to look like a well known, branded site (like ebay.com or citibank.com) with a slightly different or confusing URL. The attacker then tries to trick people into going to the spoofed site by sending out fake email messages or posting links in public places - hoping that some percentage of users won't notice the incorrect URL and give away important information. This practice is sometimes known as “phishing".
It's apart from frefox, available for IE too.
Tolomir
can someone suggest how the web manager (I manage a site that is having this issue) updates the CRL?
Much appreciated, Duncan
Much appreciated, Duncan
ASKER
Is there another place to look to look for the" Check for server certificate revocation (requires restart)" ?