Broadband Tech > Security > Security > Mozilla: Revoking Trust in Two TurkTrust Certificates

reply to chachazz

Re: Mozilla: Revoking Trust in Two TurkTrust Certificates

reply to StuartMW
Thank you stuartMW for explaining that since they are built in I should untick them. (I also had the problem of highlighting the title.)

Am I suppose to be doing anything about the two different certificates I found in IE? I imagine everyone has them.

Sincerely, Libra

Microsoft has a patch for the IE ones. You should get them via Windows Update.

»Microsoft untrusted certificate store update (Dec 31st)
--
Don't feed trolls--it only makes them grow!

Thank you. I'll keep my eye out for it - that might be the one listed in the Event Viewer!

Sincerely, Libra

reply to chachazz
SSL certificates are clearly a market failure. The Government should step in and start regulating this industry, by enforcing clear security requirements for any organisation who issues certificates.

The Australian Government has a framework for it's own Department's who issue certs, with annual certification requirements. Something similar should be extended for commercial entities.

reply to StuartMW

Untrusted publishers

continued

I don't see Turktrust listed anywhere?

Not sure what the issue is. Are the certs under one of the "trusted" tabs?

If they're not anywhere at all then by default they'll be untrusted.
--
Don't feed trolls--it only makes them grow!

Thank you. I'll check that.

I just checked. Under Trusted Root Certificate Authorities, I have 5 Turktrusts listed. Three are for Serificat Hizmet Sag (bad one) and two are for Electronik Islem Hiz. Under Trusted Publishers I have nothing listed.

I don't think Defense Wall is behind this because I just checked another computer (7 64bit) and it also had the event showing the disallowed certificates updated and when I view IE 8 I have the same results as listed above. Defense Wall isn't on that computer.

It would be nice if these roots certificates worked as designed.

Sincerely, Libra

libra, maybe you are confusing things.. this thread is about mozilla's supposedly removing the trust for some-or-all turktrust certificates.. what you are looking at, it seems, is the certificates for "IE", for "internet explorer"..

here is MS's advisory regarding the "bad" turktrust certificates:

»technet.microsoft.com/en-us/secu···/2798897

if you installed the certificate-update for IE, mentioned in the MS-advisory, you should see these added to IE's "untrusted publishers" (see the last entry in the advisory's FAQ's):

(1) *.google.com *.EGO.GOV.TR

(2) e-islem.kktcmerkezbankasi.org TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

(3) *.EGO.GOV.TR TURKTRUST Elektronik Sunucu Sertifikasi Hizmetleri

that is all there is to it.. the three entries, posted above, should be included in IE's "untrusted publishers"..

with "firefox", again, it appears that mozilla failed to do anything about the bad turktrust certificates.. all you can do is edit-and-disable the "trust" for the two turktrust certficates, and hope that, one day, mozilla will get a clue as to which way is up..

I am definitely getting confused. I did change the two certificates in Pale Moon to untrusted. I don't have the three certicates you listed in IE as untrusted. I believe the untrusted list is being updated by what is listed in the Event Viewer.

I just made a copy of the instructions to view the certificate store in a snap in. I'll try that out on this computer later (I don't know the runtime on the other two to know if the instructions are the same.)

I appreciate your help with this.

Sincerely, Libra

libra, here is a link to a MS webpage with links for downloading the update for the revoked certificates.. just download and install the "update" that is appropriate for your computer, depending on which windows operating system you are using:

»support.microsoft.com/kb/2798897

Thank you, thank you, thank you I installed that update and now I show the three untrusted publishers.

I still find it odd that Event Viewer said they were put into the computer. But I'm quite happy, with your help, to have them now listed.

I put the update on a flash drive and I'll run it on my other two computers.

Again, I appreciate your help. (I wasn't looking forward to trying to access that snap in.)

Sincerely, Libra