More Opera frustration (SSL)
0
impossible.
On the American Express web site, almost every page works -
except for the ones dealing with viewing statements. I get:
You tried to access the address https://online.americanexpress.com/myca/estmt/us/list.do?request_type=authreg_Statement&Face=en_US&BPIndex=1&sorted_index=0&intlink=USNav_MYCA_eStatement, which is currently unavailable. Please make sure that the Web address (URL) is correctly spelled and punctuated, then try reloading the page.
Secure connection: fatal error (44)
The certificate has been revoked by its issuer.
Make sure your Internet connection is active and check whether other applications that rely on the same connection are working.
This has happened on several different occasions over a
number of weeks.
I strongly doubt that American Express is running any
revoked certificates. The page loads fine on every
other browser, and in fact, the ones that have "verify
certificate chain" functionality show no problems at all.
Yngve Nysaeter Pettersen (Developer, Opera Software A/S)
>Once again, Opera makes what should be easy completely
>impossible.
>
>On the American Express web site, almost every page works -
>except for the ones dealing with viewing statements. I get:
>
>
>You tried to access the address https://online.americanexpress.com/myca/estmt/us/list.do?request_type=authreg_Statement&Face=en_US&BPIndex=1&sorted_index=0&intlink=USNav_MYCA_eStatement, which is currently unavailable. Please make sure that the Web address (URL) is correctly spelled and punctuated, then try reloading the page.
>
>Secure connection: fatal error (44)
>
>https://online.americanexpress.com/myca/estmt/us/list.do?request_type=authreg_Statement&Face=en_US&BPIndex=1&sorted_index=0&intlink=USNav_MYCA_eStatement
>
>The certificate has been revoked by its issuer.
>I strongly doubt that American Express is running any
>revoked certificates. The page loads fine on every
>other browser, and in fact, the ones that have "verify
>certificate chain" functionality show no problems at all.
If the Certificate Issuer's databases tells Opera that a certificate is revoked,
then it is not just revoked, you have to assume that *criminals* are attemptiing
to use it when you encounter it. End of story.
Opera checks a lot more revocation information than the other browsers do,
including CRLs, at least at present. This means that Opera may discover that a
certificate is revoked, while the others don't.
As for this particular site, https://online.americanexpress.com is using a
certificate that DOES NOT specify revocation information, so the other browsers
does not check it. Opera is able to check the revocation information because we
have added an override that tells your installation where the revocation
information is. This is partly to allow these sites to get a full padlock (if
some certificate specify revocation information, and others don't, then we
remove the padlock).
Due to a bug in our server the override this issues was down for a few weeks,
but the bug was fixed last week, and is now being reactivated in all
installations. That is why you have not seen this error report in the past few
weeks.
According to information I just retrieved from the Issuer's site, Amex have two
certificates for this site, one valid and one revoked. My guess is that they had
to correct something (or worse: found that the key had been stolen), got a
reissued certificate which autromatically revoke the old one. Since the
certificate does not specify all the necessary information only Opera will
detect that the certificate has been revoked.
I suggest that you contact American Express and inform them about this.