Yikes! Another security certificate warning.
When you have been using things on the TIP secure web server such as Secure Email (from another ISP), Web mail, Your TIP User area etc. Are you bugged by those Warnings about security certificates that look like this one?
If like me you were using Internet Explorer and clicked on the 'View Certificate' button you get a window which looks like this one on the right. And if you then clicked on the Install Certificate button you would have invoked a 'Certificate import Wizard'.
And if you had followed the wizard and installed the Certificate you would have felt a warm glow of achievement. That is until you next visited that page. Same problem again......
This I had been bugging me for a while - but no time to investigate further until Peter Wishart (one of our fine TIP admins) answered a message from Mike Cassidy.
-----Original Message-----
From: Mike Cassidy [mailto:mikec@pcug.org.au] Sent: Monday, 19
September 2005 10:56 AM
To: PCUG Executive Secretary
Subject: Internet Security Warning for TIP Mail Server
Dear ExecSec,
Would you please pass this on to the appropriate TIP Admin person.
To be able to send my mail from other accounts, I have followed
advice from TIP to use the secure smtp server. That is working fine.
However, every time I send a message I get this Internet security
warning regarding the security certificate. It seems that the certificate is
not fully validated. Is this a known situation and can anything be done
so I do not have to respond to the warning every time I send mail, please?
Regards,
Mike Cassidy
Peter Wishart responded:
To: <mikec@pcug.org.au
Cc: <tip.accounts@tip.net.au ; <pcug@pcug.org.au ; "TIP Postmaster"
<postmaster@tip.net.au
Sent: Monday, September 19, 2005 11:33 AM
Subject: Re: [tip.accounts] FW: Internet Security Warning for TIP Mail
Server
Mike,
The certificate used by smtps.tip.net.au is valid and current. It
has been issued by CAcert.
The most likely problem is that your email client and/or your web
browser have not installed the root certificate from CAcert. Old
versions of some products (Microsoft et al) do not issue the CAcert
root certificate as part of their standard distribution. You need
the root certificate to provide validation of the CAcert issued
certificates.
To fix this problem, please go to the CAcert web site
( www.cacert.org ), click on the Root
Certificate link and follow the
instructions to get the certificate. You may then need to install
this certificate in your email client and/or web browser. The
method for doing this will depend on the particular email client and
browser you use.
I followed up with:
----- Original Message -----
From: "John Saxon" <jsaxon@pcug.org.au
To: "Postmaster" <postmaster@tip.net.au ; <mikec@pcug.org.au ; "issc Internet
Services Sub Committee" <issc@tip.net.au
Cc: <tip.accounts@tip.net.au ; <pcug@pcug.org.au ; "TIP Postmaster" <postmaster@tip.net.au
; "Office Manager" <offcmngr@pcug.org.au ; "Trevor Frew" <tfrew@pcug.org.au
Sent: Monday, September 19, 2005 12:56 PM
Subject: Re: [tip.accounts] FW: Internet Security Warning for TIP Mail Server
G'day Peter et al....
This problem has been annoying me for a year or two - primarily when
accessing my TIP User area or Web Mail.
I had been fiddling around with installing the PCUG certificate, adding
https://tip.net.au to my IE trusted sites list (which only added different
warnings etc.).
It's been in my 'get around tuit' basket for quite a while.
Your explanation below is much appreciated and followed with instant
success. Though I note for IE only....
I have now removed the 'trusted sites' stuff and get no more warnings when
using the TIP secure server.
I would like to publish this exchange of Emails in '16 Bits' as I know many
others who have been bothered by this. Any objections?
Ideally we should also add a web page to the TIP side of the house.
Many thanks - JohnS
Peter has asked me to emphasise that that TIP uses CAcert
for
our server certificates because they are reliable and free.
And that most of the TIP and PCUG certificates are from CAcert, so, as
you have already discovered, it should apply to the other TIP/PCUG
certificates as well.
Thanks Peter - John S
22Sep05