Certificates

[johnckirk]

Hmm, this is odd. If I go to:
https://www.paypal.com/
I get a warning telling me that the SSL certificate has expired. More specifically, the PayPal certificate itself is valid from 2006 to 2008 (i.e. that's fine), but it's issued by Ebay Verisign and their certificate was only valid from 1997

Comments

[susannahf]

When I look, the certificate seems to be issued by Verisign. But I didn't log in (can't remember details) if that affects anything.

[johnckirk]

Yes, sorry, you're quite right (post edited). You don't need to log in (and arguably you shouldn't if the certificate is dodgy!), but do you get any warnings about the Verisign certificate (the middle one in the tree)?

[susannahf]

I don't get any warnings. Viewing the certificate:
Paypal validity:
Not before: 09/02/06 00:00:00
(09/02/06 00:00:00 GMT)
Not after: 09/02/08 23:59:59
(09/02/08 23:59:59 GMT)
Issuer: OU = www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
OU = VeriSign International Server CA - Class 3
OU = VeriSign, Inc.
O = VeriSign Trust Network

Verisign (middle) validity:
Not before: 17/04/97 01:00:00
(17/04/97 00:00:00 GMT)
Not after: 25/10/11 00:59:59
(24/10/11 23:59:59 GMT)
Issuer: OU = Class 3 Public Primary Certification Authority
O = VeriSign, Inc.
C = US

Verisign (top) validity:
Not before: 29/01/96 00:00:00
(29/01/96 00:00:00 GMT)
Not after: 02/08/28 00:59:59
(01/08/28 23:59:59 GMT)
Issuer: OU = Class 3 Public Primary Certification Authority
O = VeriSign, Inc.
C = US

No sign of Ebay at all. And all looks kosher to me.

[billyabbott]

I get no warnings, and a "Not After" of 24/10/2011 23:59:59 GMT on the Verisign one.