[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now



Posted on 2013-02-06
Medium Priority
Last Modified: 2013-02-10
I feel terribly ignorant on this subject.  Everywhere I've looked seems to be a collection of highly technical stuff and not much in the way of practical things.  I don't mind reading the technical stuff but if it only tells me how things are supposed to work, etc. etc. and not how to fix my problems then it's not all that much use.  
There must be a pony in there somewhere!!

Some things I've found are just way too technically complex for an average user.  So, while I may be a bit of an expert on some things and could probably wade through it all, I just cannot imagine that normal folks have to deal with intricate instructions and command line instructions, etc. etc.  There must be a better way  - and that's what I'm trying to find.

Cases in point:

I go to "webmail.drroofinc.com" which is hosted by linknowmedia.
I get a Certificate Error.
I told the mail service provider about it and they said that I have to "download a certificate into my browser" .. I'm not sure what that means or how to do it.

I have some newer "Cisco" RV042 routers (V03).  If I set up the management interface for https then I get the same thing.  I'm pretty sure that there's nobody I can go to to "solve" this.  I figure I have to solve it myself.

Now, sure, I can just bypass the warning but the purpose of this question is to learn how to do something better than that.
Question by:Fred Marshall
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 10

Expert Comment

ID: 38860802
when you get the cert error you probably have the choice to view the certificate or continue on.  choose to view the cert and then you should get the option to install.  Install the cert. let IE choose the location as this works most of the time. You should get a successful install response, once you do this you won't get the certificate error anymore.

Assisted Solution

multimac earned 1000 total points
ID: 38860829
I am not sure how to help you?

The reason you got a warning for the certificate @  "webmail.drroofinc.com" is easy: Its self-signed, and not signed by some "trustful" certificate authority that your computer or your browser have already known before or was imported by the operating system or browser vendor. Same thing goes to your CISCO-Router.

There are now two possibilities:
a.) You accept the "not trustful" certificate. Most browsers have some 'Accept Always'-button for this.
b.) You go ahead and buy some "real" certificate e.g. for your CISCO-Router. But thats just  wasted money as long as you are the only person to connect.

Another thing to understand is the following: The kind of a SSL certification does not decide the privacy or the encryption of the connection. Its just more a hint that "Company $CA checked for $$$$ money that the domain or the host you connect is under property of company $BUYER".
LVL 26

Author Comment

by:Fred Marshall
ID: 38861147
OK.  I played around a bit with IE8 and Chrome using a new RV042.
First, I had to figure out on my own that if one clicks on the "warning icon" then there MAY be some actions one can take:
e.g. on IE if one clicks on "Continue to this website"
THEN in the address bar there is a short section that says: "Certificate Error".
IF one clicks on that secton of the address bar, a popup appears that says:
"Certificate Error" and gives an option: View Certificate.
Then, depending on the OS:

In Windows XP it gives you the option to Install Certificate and you can either allow automatic selection of the "store" or you can manually select a store from a provided list.
In one case it says: "To enable trust, install this certificate in the Trusted Root Certification Authorities store.
So, I did that and there is no difference in how the browser behaves.  It's as if nothing had been done.

In Windows 7 it doesn't provide that option at all that I can tell.

Chrome doesn't appear to provide a similar option that I can tell.

All that said, while *I* can ignore warnings with perhaps reasonable judgement, that's not the case for my clients.  I don't want to tell them to ignore a warning from an outside website for the obvious reasons.  So, I need the warning to go away using some up-front judgement and preparation.

If I didn't say it, I have not been able to get rid of the warning on either the RV042 or the webmail site on any of the three computers I have here in front of me.  Except for the XP/Win7 difference and the IE/Chrome differences - they all behave the same.
LVL 22

Accepted Solution

Jakob Digranes earned 1000 total points
ID: 38863551
Just to add to @multimacs comment:
-EDITED --- Sorry; @multimac did explain this -- leaving it in the comment, as the rest depend n it: - Certificates that are self-signed and certificates signed by an untrusted root are quite different things. I guess we have the same opinion on the error.

On the firewall the certificate is indeed self-signed - and as mentioned earlier - don't bother with that.

But for the webmail, the error might as well be that the certificate is from an untrusted root. This could be untrusted because it's from an internal PKI solution, or it might be that the Trusted Root Certificate, or certificate chain, isn't in your PCs Trusted Root Authority store. I've come across this several times in different Lync/Exchange installations, partiularly Comodo/Entrust/UserTrust certificates, which indeed are a trusted 3rd party is missing. To veriify this - open certificate that the website is secured with, go to details and look at certificate chain. This will tell you if the certificate is self-signed, from an internal untrusted root CA or from a 3rd party public CA - that your windows installation doesn't trust. As they say - you can downlod root certificate to your trusted authorities store and then be able to trust the certificate.

But - more importantly - if this is your webmail, make sure that is secured with a valid 3rd party certificate from a trusted CA, like thawte, DigiCert or OpenSSL.
Saying that proper trusted certificates from public CAs are only there for the CAs to get the cash from you is absolutely bs - and wrong.
google PHISHING and that will give you quite a few hints. Without a valid certificate, an attacker can easily set up fake webmail page, redirect all requeste to that page, have your users log in to that page - thus getting usernames and passwords, which he easily could use later on.
With a valid certificate - you know that the webpage is secured by someone with access to that URL, and computer

Certificates and securing login portals is essential (!)
LVL 26

Author Closing Comment

by:Fred Marshall
ID: 38873738
I never did figure out how to get the browser to "accept" the certificates once and for all....

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question