Is your browser configured to check for cert revocation?

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,134
Reaction score
252
Use Steve Gibsons site HERE to check that your browser is checking for certificate revocation.

In FireFox
Tools -> Options -> Advanced -> Certificates -> Validation
Today, only one browser offers
you the choice to be totally safe:

Firefox today offers what could be described as “Must OCSP.” If you enable the second option, you will be completely protected at the theoretical cost of false positive blocks.
We have always had it enabled and have never encountered a single false positive.
 
Last edited:
Joined
Mar 8, 2009
Messages
5,063
Reaction score
1,185
Can you explain the importance of certificates? I shamefully admit, to knowing nothing about them.
 

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,134
Reaction score
252
Web site Certificates obtained from a certificate authority ensure that you are indeed communicating with who you think you are communicating with. For example it would be a bad thing if you thought you were communicating with Paypal only to find out it was some site in Russia that was stealing all your money.
Some basic terms are explained HERE.

By encrypting the communication between you and a Trusted web site, there is no chance that anyone can intercept (sit between you and the Trusted web site (Also known as the man-in-the-middle)) and steal your data. Because all they will see is seemingly random text.

The problem with not checking for revocation of Certificates, is that you are not sure if you are talking with the web site, that you think you are. For example you think it's Paypal.com but it is actually Paypal.ru.

I use the Firefox addon HTTPS Everywhere so that I can use encrypted communication as much as possible.

Hope this helps.
 
Last edited:
Joined
Mar 8, 2009
Messages
5,063
Reaction score
1,185
Can the certificates not be spoofed the same as email and site pages? Maybe I should just read a few of your links before asking any further questions.
 

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,134
Reaction score
252
No, but there can be problems if the CA (Certificate Authority) is breached.
HERE is a answer to your spoofing question.

HERE is a Microsoft Security Advisory that was issued when Comodo issued Certificates when it shouldn't have. HERE is Comodo owning up to the breach.

Which is why it is important that your browser checks for the revocation of certificates.
 

Shintaro

Moderator
Joined
Mar 1, 2012
Messages
2,134
Reaction score
252
Mate,

Happy to help. Sharing information is important for everyone.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top