Greenies Posted April 12, 2005 Share Posted April 12, 2005 Hi, When I try to log in on the http://www.lockon.ru site, I get a warning that says the following: - The server's name "lockon.ru" does not match the certificate's name "www.lockon.ru". Somebody may be trying to eavesdrop on you. - The certificate for "www.lockon.ru" is signed by the unknown Certificate Authority "Snake Oil CA". It is not possible to verify that this is a valid certificate What does this mean, and who is "Snake Oil CA?" Sounds like a phony name to me (sorry if I am offending someone). Does anyone else get this warning? Did you still choose to accept the certificate? I want to get away, I wanna fly away. Yeah, yeah, yeah! - Lenny Kravitz - Fly Away Link to comment Share on other sites More sharing options...
coldcrew Posted April 12, 2005 Share Posted April 12, 2005 This is what happens when a company is cheap and doesn't want to pay verisign for a real certificate Link to comment Share on other sites More sharing options...
Nate--IRL-- Posted April 12, 2005 Share Posted April 12, 2005 It is the default name for the certifcate software, i used it, seems fine. But you make your own mind up :) Nate Ka-50 AutoPilot/stabilisation system description and operation by IvanK- Essential Reading Link to comment Share on other sites More sharing options...
Guest ruggbutt Posted April 12, 2005 Share Posted April 12, 2005 I used it too. Link to comment Share on other sites More sharing options...
Sealpup Posted April 12, 2005 Share Posted April 12, 2005 This is what happens when a company is cheap and doesn't want to pay verisign for a real certificate Like the US Air Force for example...none of our security cetificates are Verisign friendly...because there is absolutely no reason for them to be! Link to comment Share on other sites More sharing options...
coldcrew Posted April 12, 2005 Share Posted April 12, 2005 Like the US Air Force for example...none of our security cetificates are Verisign friendly...because there is absolutely no reason for them to be! verisign isn't the only authorithy that can sign certificates. I just used them as an example. Try browsing your system root trusted certificate store and you'll see more than a hundred valid signers, I doubt that "snake oil" is one of them tho. Link to comment Share on other sites More sharing options...
Sealpup Posted April 12, 2005 Share Posted April 12, 2005 Try browsing your system root trusted certificate store and you'll see more than a hundred valid signers, I doubt that "snake oil" is one of them tho. From what I heard, 'Snake Oil' is a default CA name for a certain flavor of certificate generating software. ED likely generated their own certificate, rather than pay someone else for the same quality product, only to get MS Exploder's complaints to stop.. Link to comment Share on other sites More sharing options...
PnHobbit Posted April 12, 2005 Share Posted April 12, 2005 bwuahhahahaha you all hit ok. You agreed to have ED steal your soul! Prepare for your doooomm!!!! Link to comment Share on other sites More sharing options...
coldcrew Posted April 12, 2005 Share Posted April 12, 2005 From what I heard, 'Snake Oil' is a default CA name for a certain flavor of certificate generating software. ED likely generated their own certificate, rather than pay someone else for the same quality product, only to get MS Exploder's complaints to stop.. You misunderstand why certificates need to be signed by trusted authorities. It is to prove that you say who you say you are. Signing your own certificate is like creating your own ID card, it is worthless. I'll never use my creditcard on a website that has a self signed certificate. Using a certificate from verisign, thwarte, securenet, certisign or whatever is saying to the visitor to your website that your identity has been checked out by a legit thirdparty company and there won't be any popups or questions like the original poster asked about. Link to comment Share on other sites More sharing options...
Sealpup Posted April 13, 2005 Share Posted April 13, 2005 Ok, I might be talking from my rectal area in saying this, as I'm going on stuff I've learned from being a general purpose information sponge. But, these certificates are an encryption means, and encryption is considered a 'munition' by alot of countries, and thus a no-no for export. So, maybe poor ED here cant get find a Russian CA, and legally cant use one from anywhere else. Another possibility is it is a legit CA, but explorer doesn't recognize it for some reason. (which means I heard wrong about 'Snake Oil' being a default name) Again, I'm just going by bits and pieces of stuff I've picked up, so I might just be spouting total BS here. EDIT: Used the wrong word somewheres EDIT2: Ok. so Snake Oil was mentioned in THIS thread...god, I really need to stop posting before bed time Link to comment Share on other sites More sharing options...
Greenies Posted April 13, 2005 Author Share Posted April 13, 2005 You misunderstand why certificates need to be signed by trusted authorities. It is to prove that you say who you say you are. Signing your own certificate is like creating your own ID card, it is worthless. I'll never use my creditcard on a website that has a self signed certificate. Using a certificate from verisign, thwarte, securenet, certisign or whatever is saying to the visitor to your website that your identity has been checked out by a legit thirdparty company and there won't be any popups or questions like the original poster asked about. ED recently stated that they are going to launch a VeriSign payment solution soon, so maybe something will be done about that snakey/sneaky certificate... :) I want to get away, I wanna fly away. Yeah, yeah, yeah! - Lenny Kravitz - Fly Away Link to comment Share on other sites More sharing options...
Recommended Posts