Root Certificates

[viking33]

Windows 7 64 bit, Firefox 4.01, TBird 3.1.10.
When I try to open an email from my Car Insurance Company, I get an invalid security certificate error message. I have not seen this message using slightly older versions of FF and TB.
Checking with the company they say they have a valid certificate with Verisign and it's good from Jan 1 2011 to 2013.
They suggested a hotfix but it seems to be for IE not FF. I have asked them if there was a way to update or manually include their certificate but have not received an answer as yet.
Any ideas from our resident pros?

Capture.PNG

[StuartR]

Bob,

Use the View Certificate button to find the details of the issuer for this certificate, then look on the Verisign web site to see if this certificate looks valid. If you are COMPLETELY confident then the View Certificate button will probably lead to an option for marking the issuing certificate as trusted.

[viking33]

Bob,

Use the View Certificate button to find the details of the issuer for this certificate, then look on the Verisign web site to see if this certificate looks valid. If you are COMPLETELY confident then the View Certificate button will probably lead to an option for marking the issuing certificate as trusted.

Stuart,
The certificate IS valid, however, I see no option on the view certificate button for any way to mark it as valid or trusted.

[StuartR]

Does the View Certificate button show you details of the higher level certificate that issued the certificate to your car insurance company. Hopefully this was issued by a company such as Verisign that you have heard of. You can then visit their web site to look for updated root certificates.

[viking33]

Does the View Certificate button show you details of the higher level certificate that issued the certificate to your car insurance company. Hopefully this was issued by a company such as Verisign that you have heard of. You can then visit their web site to look for updated root certificates.

It does show a Verisign certificate as seen in the attached. Never having done this, I'm not sure just how and what to search for on the Verisign site.

Capture3.PNG

[viking33]

Added note.
I still haven't heard anything back from the insurance company.

[StuartR]

According to the VeriSign web site, the root certificate for this is the "VeriSign Class 3 Primary CA - G5" certificate, which you can download from here.

Assuming that the certificate from your insurance company includes all of the intermediate certificates on the path you should be OK if this one is installed.

Edited by StuartR to add
You can check what root certificates are installed in Firefox from Options > Advanced > Authorities.

[viking33]

According to the VeriSign web site, the root certificate for this is the "VeriSign Class 3 Primary CA - G5" certificate, which you can download from here.

Assuming that the certificate from your insurance company includes all of the intermediate certificates on the path you should be OK if this one is installed.

Edited by StuartR to add
You can check what root certificates are installed in Firefox from Options > Advanced > Authorities.

I downloaded the package of ALL of the Verisign roots certs and as the site suggests I imported ( the G5 ) and checked that all others were installed in FF. Still no good.
I checked the serial number of the cert shown by the insurance company and it's different from any of the Verisign S/Ns???
It suspect more and more that the insurance company cert is corrupt somehow. I will wait for an answer from them. ( at least wait a few days )
It's interesting at any rate, since I have never delved into this area at all.

[viking33]

Just an update of sorts.
Finally heard back from the car insurance company. They sent some suggestions that were only for IE not Firefox or TBird. Said that's the best they could do.
I replied that the best I might do is to change insurance companies!

I know the emails are legit but then I wonder how secure and up to date their site really is? I expect them to reply, just pay your premiums. Trust us.