VeriSign moved to allay confusion on Thursday, after the expiration of some of its certificates that verified it as a certificate-issuing authority.
Users have experienced problems when accessing pages that use secure sockets layer (SSL) encryption on sites whose certification depended on VeriSign's own expired certificates.
The Mountain View, Calif.-based company said that older versions of its Intermediate Certificate Authority (CA) expired on Wednesday. "As a result, users attempting to establish SSL session with sites that had not updated their CA certificates may start encountering error messages," VeriSign said in a statement. "There is no security danger, and users who ignore these error messages can successfully establish secure SSL connections. However, sites should update their CA certificates if they have not already done so, to avoid user confusion. No action is required on the part of end users."
VeriSign posted instructions on how to update certificates on its
web site.
Full article:
zdnet.com
Jan 9, 2004, 09:41 PM
