Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

BOI Internet Banking SSL Cert Expired

Options

Comments

  • Options
    #2
    Lucutus
    Registered Users Posts: 2,831 ✭✭✭Lucutus


    Weird, the info on the cert states the 'Valid To' date as being 09 September 2004 23:59:59.


  • Options
    #3
    vinnyfitz
    Closed Accounts Posts: 805 ✭✭✭vinnyfitz


    I was getting that message too untill a moment ago. Seems fixed now though?
    What could be the cause of that?


  • Options
    #4
    Faltermyer
    Closed Accounts Posts: 373 ✭✭Faltermyer


    Possibly related, but I got that on www.o2.ie earlier today aswell, but not now.... possibly something to do with (the) SSL?


  • Options
    #5
    parsi
    Site Banned Posts: 5,904 ✭✭✭parsi


    Probably related to this email which all Verisign Customers got:

    WARNING: DO NOT REPLY TO THIS E-MAIL. RESPONSES WILL NOT BE READ.
    PLEASE DIRECT ALL QUESTIONS TO: support@verisign.co.uk

    Dear VeriSign Secure Site Pro Customer:

    This message is to remind you that the VeriSign Global Server ID Intermediate Root CA expires on 1/7/2004, inform you about the potential impact of this expiration on your server using VeriSign 128-bit SSL certificates (Global Server IDs) and invite you to a Web seminar regarding this subject on Wednesday, December 17, 2003 (see below for Web seminar details).

    Summary
    The old VeriSign [128-bit SSL] Global Server Intermediate Root CA will expire on 1/7/2004. Servers that have not been updated with the new Global Server Intermediate Root CA will experience issues establishing SSL (https) sessions after 1/7/2004.

    Note: This issue does not impact servers using VeriSign [40-bit] Secure Server ID certificates.

    Who should read this bulletin?
    Customers who have not installed the new VeriSign Global Server Intermediate Root CA on their server(s) or who are not sure which intermediate root CA is installed on their server(s). The new VeriSign Global Server Intermediate Root CA has the following properties:

    Issued to: www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
    Issued by: Class 3 Public Primary Certification Authority
    Valid from: 4/16/97 to 10/24/11

    Specific Issue
    In December, 2001, VeriSign started issuing a new Intermediate Root CA with all [128-bit SSL] Global Server IDs (GSIDs), signed by a new root certificate that expires in 2028. The new Global Server Intermediate Root CA expires in 2011.

    All GSIDs VeriSign has issued since December, 2001, have included the new [2011] Global Server Intermediate Root CA. Some server software automatically updates the intermediate root CA certificate in the server certificate store, while other server software requires manual updates of the intermediate root CA. Although VeriSign has been providing instructions on how to manually install the new Global Server Intermediate Root CA to all GSID customers since December, 2001, it is possible that some customers may not have noticed the reminder and are unaware of this issue.

    Error Condition
    If an application uses PKI best practices, it will check that the validity periods of all certificates in the trusted chain do not overlap, and report an error accordingly. Because 24-month certificates issued after 1/8/2002 and 12-month certificates issued after 1/8/2003 would have validity periods in excess of the original Intermediate CA, when you obtained a new GSID that expired beyond 1/6/2004, your server application should have generated an error.

    Solution
    The solution is to update the intermediate root CA certificate store on your server(s) with the latest version of the VeriSign Global Server Intermediate Root CA. A copy of the new Intermediate Root CA (along with instructions on updating Microsoft IIS 4.0, Microsoft IIS 5.0, Apache, and Netscape 3.6) is available at the following link:
    https://www.verisign.com/support/site/caReplacement.html.


  • Options
    #6
    dahamsta
    Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    In short, the key that signed BOI's certificate expired today, which makes the reference Verisign certificates stored on all servers that use SSL invalid. BOI's SSL cert is fine, the sysop just screwed up by not installing the (free) CA reference certificate on their server(s). Duh.

    adam


  • Advertisement
  • Options
    #7
    vinnyfitz
    Closed Accounts Posts: 805 ✭✭✭vinnyfitz


    Actually its still acting up as of 6PM on the 8th. Not very confidence inspiring...


  • Options
    #8
    phoenix2181
    Closed Accounts Posts: 479 ✭✭phoenix2181


    what dahamsta says is true, I work for a company called Itsis who look after the banks computer systems, the ssl cert was fine (actually checked myself) but their was a fup up with the ca ref cert,

    also when people say it doesn't inspire confidence I can understand what they mean, we are a 100% owned BOI company who has been sold out to HP & a lot of the people in the company couldn't care less now, as a majority of us feel we've been royally fooked by BOI, thats why I bank with AIB....as they say ignorance is bliss!


Advertisement