[Dshield] NAV problems question
pmarsh at nmefdn.org
Thu Jan 8 21:52:28 GMT 2004
Below is an explanation as to why NAV was/is having issues today. Can
some one please enlighten me as to why NAV would be having a problem
because of Verisign Cert. I'm having problems on 4 out of 25
workstations, when you launch and office app it hangs but finally loads.
On the same workstation when I launch Sys. Works2k4 it hangs but finally
loads. All other workstations are running fine no problem. Maybe I'm
just missing the boat but I don't get how a cert. has anything to do
Verisign Certificate Expiration linked to Symantec AV issue
Today, a Verisign root certificate included with Internet Explorer
expired. As a result, Verisign's certificate revocation list server was
not able to handle all the requests from clients attempting to contact
it as a result of the expiration.
Verisign, apparently to lower the load on its server, now resolves this
server to non-routable 10/8 IP addresses 50% of the time.
Some applications, most notably Norton Antivirus, use this server to
verify certificates. In the case of Norton Antivirus, it is used to
verify its signature file.
As 50% of the time, users will not be able to contact Verisigns
certificate revocation list, Norton Antivirus will stall.
Verisign set the TTL of its DNS records rather short. So if you try
after one minute again, you will likely get a valid IP address. If this
is not an option, edit your hosts file and insert one of these IPs for
'crl.verisign.net': 220.127.116.11, 18.104.22.168, 22.214.171.124,
However, this is not recommended as a long term solution, as these IPs
may change at any time.
More information about the list