{"id":214,"date":"2012-09-20T21:54:00","date_gmt":"2012-09-21T05:54:00","guid":{"rendered":"http:\/\/unmitigatedrisk.com\/?p=214"},"modified":"2012-09-20T21:54:00","modified_gmt":"2012-09-21T05:54:00","slug":"a-look-at-untrusted-certificates","status":"publish","type":"post","link":"https:\/\/unmitigatedrisk.com\/?p=214","title":{"rendered":"A look at untrusted certificates"},"content":{"rendered":"<div>\n<p>Today I did a <a href=\"http:\/\/unmitigatedrisk.com\/?p=207\">blog post on how browsers show expired certificates<\/a>. I figured I would take the opportunity to capture a few of the other failure cases for certificates.<\/p>\n<p>&nbsp;<\/p>\n<\/div>\n<p>The most severe example is that of an untrusted root certificate, for this scenario I figured the use of <a href=\"https:\/\/cacert.org\">https:\/\/cacert.org<\/a> was the most direct example.<\/p>\n<p>&nbsp;<\/p>\n<p>There are a few cases where this error condition will come up, for example another one is if a server doesn\u2019t include all of the intermediate certificates the clients cannot determine which Certificate Authority issued the certificate.<\/p>\n<p>According to the current <a href=\"https:\/\/www.trustworthyinternet.org\/ssl-pulse\/\">SSL Pulse data<\/a> about 7.4% of the servers in the Alexa top one million may fall into this case.<\/p>\n<p>&nbsp;<\/p>\n<h2>Chrome<\/h2>\n<p><a href=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/chrome-untrusted.png\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"158\" class=\"alignnone size-medium wp-image-219\" title=\"chrome-untrusted\" src=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/chrome-untrusted-300x158.png\" alt=\"\" srcset=\"https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/chrome-untrusted-300x158.png 300w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/chrome-untrusted-1024x541.png 1024w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/chrome-untrusted-283x150.png 283w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/chrome-untrusted.png 1358w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h2><\/h2>\n<h2>Internet Explorer<\/h2>\n<p><a href=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/ie-untrusted.png\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"158\" class=\"alignnone size-medium wp-image-218\" title=\"ie-untrusted\" src=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/ie-untrusted-300x158.png\" alt=\"\" srcset=\"https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/ie-untrusted-300x158.png 300w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/ie-untrusted-1024x542.png 1024w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/ie-untrusted-283x150.png 283w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/ie-untrusted.png 1360w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h2>Mozilla<\/h2>\n<p><a href=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/mozilla-untrusted.png\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"157\" class=\"alignnone size-medium wp-image-217\" title=\"mozilla-untrusted\" src=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/mozilla-untrusted-300x157.png\" alt=\"\" srcset=\"https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/mozilla-untrusted-300x157.png 300w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/mozilla-untrusted-1024x537.png 1024w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/mozilla-untrusted-285x150.png 285w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/mozilla-untrusted.png 1352w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<h2>Opera<\/h2>\n<p><a href=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/opera-untrusted.png\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"155\" class=\"alignnone size-medium wp-image-216\" title=\"opera-untrusted\" src=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/opera-untrusted-300x155.png\" alt=\"\" srcset=\"https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/opera-untrusted-300x155.png 300w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/opera-untrusted-1024x532.png 1024w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/opera-untrusted-288x150.png 288w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/opera-untrusted.png 1345w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<h2>Safari<\/h2>\n<p><a href=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/safari-untrusted.png\"><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"158\" class=\"alignnone size-medium wp-image-215\" title=\"safari-untrusted\" src=\"http:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/safari-untrusted-300x158.png\" alt=\"\" srcset=\"https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/safari-untrusted-300x158.png 300w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/safari-untrusted-1024x539.png 1024w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/safari-untrusted-284x150.png 284w, https:\/\/unmitigatedrisk.com\/wp-content\/uploads\/2012\/09\/safari-untrusted.png 1355w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today I did a blog post on how browsers show expired certificates. I figured I would take the opportunity to capture a few of the other failure cases for certificates. &nbsp; The most severe example is that of an untrusted root certificate, for this scenario I figured the use of https:\/\/cacert.org was the most direct [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[3,4],"tags":[58,56,53,54],"class_list":["post-214","post","type-post","status-publish","format-standard","hentry","category-security","category-thoughts","tag-chrome","tag-internet-explorer","tag-mozilla","tag-opera"],"_links":{"self":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=214"}],"version-history":[{"count":0,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=\/wp\/v2\/posts\/214\/revisions"}],"wp:attachment":[{"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/unmitigatedrisk.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}