[Dshield] 0wnlng Windows machines

Tony Earnshaw tonni at hetnet.nl
Mon Feb 26 06:13:29 GMT 2007

Stasiniewicz, Adam wrote, on 26. feb 2007 05:27:

> Glad it made sense.  As for the certificate errors, I see them both in IE 7
> and FireFox on both the p0f and Webmail sites.  Both present the
> same error: the certificate is not issued by a trusted root CA (which is
> inline your description of the server's configuration).  IE 7 has changed
> the way in reports certificate errors since IE 6 so maybe that is what Allen
> is seeing.  But once I acknowledge the warning, both browsers will let me
> see your site.
> As of why your users don't see it, your Windows admin could use GPOs to
> automatically configure trusts for all your internal certificates on your
> internal computers.

Thanks to all who answered and especially Stuart for the helpful 
explanation of the IE7 certificate phenomenon.

I have FF on Linux, decided to remove the Barlaeus cert from my 
store and retry the url. FF said only that there was a cert that wasn't 
trusted and asked me what I wanted to do - stop, install for the session 
or install permanently - no hassle. I presume that the behavior shown by 
the Windows FF version conforms with certificate Windows policy.

FWIW use https not for certified authentication, but purely to encrypt 
all traffic between the site and the client; it is webmail, after all. 
We insist on 128 bits or better encryption to ensure a minimum of 
protection against cracking connections - some older browsers can't cope 
with more.



Tony Earnshaw
Email: tonni at hetnet dot nl

More information about the list mailing list