Slashdot Mirror


Verisign Certificate Expiration Causes Multiple Problems

We had to do a little sleuthing today. Many readers wrote in with problems that turned out to be related. A certificate which Verisign used for signing SSL certificates has expired. When applications which depend on that certificate try to make an SSL connection, they fail and try to access crl.verisign.com, the certificate revocation list server. This has effectively DOS'ed that site, and Verisign has now updated the DNS record for that address to include several non-routable addresses, reducing the load on their servers. Some applications affected include older Internet Explorer browsers, Java, and Norton Antivirus (which may manifest itself as Microsoft Word being very slow to start). Hope this helps a few people, and if you have other apps with problems, please post about them below.

18 of 360 comments (clear)

  1. Now I'm confused. by grub · · Score: 5, Funny


    (which may manifest itself as Microsoft Word being very slow to start)

    But.. I thought this SSL certificate expired just today..

    --
    Trolling is a art,
  2. The reason is obvious by Anonymous Coward · · Score: 5, Funny

    In an effort to have us forget about SiteFinder, they're going for an even bigger fuck-up.

    Nice try, guys... now turn the CRL server back on.

  3. Hmmmm... by TWX · · Score: 5, Funny

    Well, it's good to know that not only crackers or script kiddies are good at taking down Verisign's services, that their own staff is good at it too.

    --
    Do not look into laser with remaining eye.
  4. A little testy... by tcopeland · · Score: 5, Funny
    ...from the article:


    Although VeriSign has been providing instructions on how to manually install
    the new Global Server Intermediate Root CA to all GSID customers since
    December, 2001, it is possible that some customers may not have noticed the
    reminder and are unaware of this issue.


    Heh.
    1. Re:A little testy... by schon · · Score: 5, Funny

      Although VeriSign has been providing instructions on how to manually install the new Global Server Intermediate Root CA to all GSID customers since December, 2001, it is possible that some customers may not have noticed the reminder and are unaware of this issue.

      Of course they neglected to include that the notice was on display on the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying 'Beware of the Leopard.'

  5. Progress by Patrik_AKA_RedX · · Score: 5, Funny
    they fail and try to access crl.verisign.com, the certificate revocation list server. This has effectively DOS'ed that site
    They DOSed their own site? Damn, they've made script kiddies obsolete.
  6. Duke Nukem by pantycrickets · · Score: 5, Funny

    and if you have other apps with problems, please post about them below.

    I can't get the DOS version of Duke Nukem to run in Windows XP. Is this at all somehow related? Is there a fix??

  7. Heh. by American+AC+in+Paris · · Score: 4, Funny
    We had to do a little sleuthing today.

    In other news, Microsoft, Red Hat, Oracle, Sun, and Apple had to do a little coding today.

    Rumors abound that Arnold Schwarzenegger had to do a little governing today, but these allegations remain unconfirmed at this time. More at eleven.

    --

    Obliteracy: Words with explosions

  8. Fee was too high by sphealey · · Score: 4, Funny
    I bet their CFO wouldn't approve payment of Verisign's tremendously high fee to renew the certificate. "'Highway robbery,' he fumed. 'We aren't paying that fee!'".

    sPh

  9. You mean they didn't... by ricochet81 · · Score: 3, Funny

    route the traffic to some "SiteFinder service"?

    --
    Error: Id10t detected
  10. Re:Who needs them? by John+Hasler · · Score: 5, Funny

    > ...when you're about to enter a credit card number
    > online it's assuring to see that the SSL cert is
    > signed by a real organization...

    Unfortunately, we usually have to settle for Verisign instead.

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  11. problems by chunkwhite86 · · Score: 4, Funny

    ...if you have other apps with problems, please post about them below.

    Well, now that you mention it, my mother hasn't been able to print for a week, my uncle's PC keeps running checkdisk on startup, and I'm having trouble compiling kernel 2.6.0.

    Oh yeah, and Unreal 2k3 has crappy frame rates on the 'Antalus' level, but maybe thats just my old ti4200 card.

    Um. I think that's it for now. So when are you going to help me with these?

    --
    I'd rather be a conservative nutjob than a liberal with no nuts and no job.
  12. What are you talking about? by Pieroxy · · Score: 5, Funny

    Unless you have a P75, I don't see what you are talking about. MSWord has always started in less that 3 seconds on my system (PIII 700) and I can tell you that sometimes it is terribly bloated (My system, not Word).

    Wait, did I just admit running Windows on slashdot? Bye bye Karma.

  13. Re:Fixed this today... by Soko · · Score: 4, Funny

    One fix up to this:

    Lesson: if the certificate expired yesterday, remove IIS and then reboot the thing.

    HTH. HAND.

    Soko

    --
    "Depression is merely anger without enthusiasm." - Anonymous
  14. Re:null routing Certificate Revocation List Server by davidstrauss · · Score: 3, Funny
    I find it particularly disturbing that their solution to too much traffic to their CRL server is to use non-routable addresses in DNS.

    I think it beats another new "helpful" feature like "CRL Finder."

  15. Re:Fixed this today... by nettdata · · Score: 5, Funny

    Or, in the case of MS:

    Lesson: If __________________, reboot the thing.

    --



    $0.02 (CDN)
  16. Re:Uhm... by Valdrax · · Score: 3, Funny

    What the hell does that mean, what does it do, and who do we sue[...]?

    With that kind of reaction, I think you've more than proved you've got the mettle to be in management.

    --
    If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").
  17. The one thing I could never stand about Santa Cruz by Thud457 · · Score: 3, Funny
    Personally, I trust you more that Verisign to :

    1. Not fuck up,
    2. Not fuck me over
    But don't let it go to your head, l33t_d00d, that says more about them than you.
    --

    the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff