Page 1 of 1

Verisign Crazyness

Posted: Thu Apr 24, 2008 4:21 am
by shiznatix
On my companies website we are trying to put up this verisign certified logo, don't ask me why, its so stupid since we bought the stupid certificate just to put the picture on our site, we don't even use ssl. But anyways, we have the code they told us to put up and basically it calls some javascript on their site to make sure we really are "versign certified" but the javascript has to be gotten though ssl. When attempting to load the page here in Estonia and also in Finland you get popup shown in the image. How would verisign itself give this message? How do I make this go away? Why is this happening?

Re: Verisign Crazyness

Posted: Thu Apr 24, 2008 9:51 am
by pickle
I think how it works is there are a few root level certificates that come shipped with all browsers. When you buy a certificate, the reason your browser trusts it is because the certificate basically says: "I am who I say I am and certificate XYZ can vouch for me". Or similarly, "I am who I say I am and certificate ABC can vouch for me, and certificate JKL can vouch for ABC, and XYZ can vouch for JKL, etc". Usually all the certificates needed for authenticating a certificate are installed in the user's browser.

It seems in this case though, that Verisign is using a certificate that is not installed, and the browser is asking if you want to install it.

If I'm correct, then there's no you as the website company, can get around it other than not including the Verisign JS.

Re: Verisign Crazyness

Posted: Fri Apr 25, 2008 4:23 am
by shiznatix
well i went ahead and installed the lastest ubuntu and no problems. perfect on FF and Opera so ummm... im going to venture to say that it was versigns fault.