Hi,
i often get a popup window from my browser telling me that the authenticity
of the software i'm trying to download or the site i'm trying to access can't
be verified, and therefore it can't be trusted.
here's an example with some details i got yesterday:
------------------------------------------------------------------------------
-----------------
version : V3
serialnumber : 8B37 799F BE20 F081 4C0C 3D19 F618 80DD
signature algorithm : md5RSA
Issuer : CN = Root Agency
valid from : Tuesday, April 23, 2002 9:58:27 AM
valid to : Saturday, December 31, 2039 4:59:59 PM
subject : CN = Privatenet Corporation
public key (512 bits) RSA
Authority key id KeyID=12E4 092D 061D 1D4F 008D 6121 DC16 6463
Certificate Issuer: CN=Root Agency
Certificate SerialNumber=0637 6C00 AA00 648A 11CF B8D4 AA5C 35F4
thumbprint algorithm : sha1
thumbprint : FB8F C086 B8FC CA23 F240 71D1 AF6E 13BA 33CB 6BF5
------------------------------------------------------------------------------
-------------------------------
this happens for me even with great companies sites. most of the time the
browser tells me that the certificate is valid but the root issuer can't be
trusted or even it doesn't exist and can't be contacted.
are there any invalid CAs on the net? if yes, how can someone distinguish
them from trusted CAs?
thanks for your help,
------------------------------------------
Omar Djaiz
Networking students at Ecole Polytechnique of Montreal - CA
omar(_dot_)djaiz(_at_)polymtl(_dot_)ca