Passport seva portal invalid security certificate by mozilla!!!!!

160 views
Skip to first unread message

Karthik R

unread,
Mar 1, 2011, 4:02:51 AM3/1/11
to null-co-in
Hi all,

Today when i was registering at the passport seva portal I got an invalid certificate error from mozilla telling it as untrusted. Guys help me out.. whats the problem here?? Anyone any idea..

"portal2.passportindia.gov.in uses an invalid security certificate"

Your help is really appreciated.

Thank You

Cheers
Karthik

Shreyas Zare

unread,
Mar 1, 2011, 5:34:10 AM3/1/11
to null-...@googlegroups.com
Hi,

This is because the cert is signed by "Tata Consultancy Services Certifying Authority" which is not trusted by your browser by default.

Regards,

("If Java had true garbage collection, most programs would delete themselves upon execution." -- Robert Sewell)

Shreyas Zare
Sr. Information Security Researcher
Secfence Technologies
www.secfence.com


--
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
 
This list is supported by Institute of information security http://iisecurity.in
Join our Penetration Testing/Training team at NII/IIS (jo...@niiconsulting.com, jo...@iisecurity.in)

Karthik R

unread,
Mar 1, 2011, 5:36:37 AM3/1/11
to null-...@googlegroups.com
Oh! ok.. thanx for the info.. :) cheers :)

Riyaz Ahemed

unread,
Mar 1, 2011, 4:57:15 AM3/1/11
to null
There are multiple things that you could check before jumping to
conclusions:
1. Check the date and time on your system.
2. Make sure you are not connecting to the website via an application
proxy like Paros.
3. Use a different browser to connect to the site and verify whether
the error is shown.
4. Use a different computer to connect to the site.

Regards,
karniv0re

Vimal Kumar G - Proprietor, M/s. Varun Infosys

unread,
Mar 1, 2011, 5:46:01 AM3/1/11
to null-...@googlegroups.com, Karthik R
Hi,
Karthik 
Just try to update the Mozilla Browser Latest Version. As you are using old dated version.
As it open Mozilla 3.6.13 Ver.
Your Problem will be solved.

------------------------------------------------------
Mr. G. Vimal Kumar, Proprietor
------------------------------------------------------
M/s. VARUN INFOSYS
Shop No: S.F. 8 & 9, Sri Krishna Devaraya Shopping Complex,
Eluru Road, Vijayawada - 520002. Andhra Pradesh, INDIA.
Phone Office : +91 0866 6666631
Tele Fax       : +91 0866 6666632, Ph/Cell/Mobile : +91 9848687816 
Note: If more than 3 -4 rings from same mobile / land line it will be treated in blacklist of continuous ringing for the  Mobile Numbers. 9848687816 / 8008887816no persons will be entertained * (if customers / clients, etc) or any official matters. No Excuses to any one. Please Consider this or its your problem not to me.
Email: vi...@varuninfosys.in 
Website : http://www.varuninfosys.com || http://www.varuninfosys.in || 
------------------------------------------------------------------------------------------------
Save a tree. Don't print this e-mail unless it's really necessary
--------------------------------------------------------------------------------------------
This email and any attachments to it contain confidential information and are intended solely for the use of the individual to whom it is addressed.If you are not the intended recipient or receive it accidentally, please immediately notify the sender by e-mail and delete the message and any attachments from your computer system, and destroy all hard copies. If any, please be advised that any unauthorized disclosure, copying, distribution or any action taken or omitted in reliance on this, is illegal and prohibited. Furthermore, any views or opinions expressed are solely those of the author and do not represent those of VARUN INFOSYS. Thank you for your cooperation.
--------------------------------------------------------------------------------------------
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



On Tue, Mar 1, 2011 at 2:32 PM, Karthik R <karthi...@gmail.com> wrote:

--

TAS

unread,
Mar 6, 2011, 2:26:02 AM3/6/11
to null-...@googlegroups.com, Karthik R
It has nothing to do with the browser not being update. And the
behavior is not going to change even if you try an alternate browser.
And any browser though understands a SSL certificate, it will throw
you a warning if it is not issued by CA, Verisign, Thawte etc (Only
licensed certificate issuing authorities)

The problem with the certificate is written on the page

portal2.passportindia.gov.in uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)

This is because the certificate is self signed by TCS. And TCS is
providing this services
http://www.google.co.in/search?q=tcs+passport+seva

-
TAS
http://twitter.com/p0wnsauc3

शंतनू

unread,
Mar 6, 2011, 7:57:42 AM3/6/11
to null-...@googlegroups.com, Karthik R
Reply Inline.

On 06-Mar-2011, at 12:56 PM, TAS wrote:

> It has nothing to do with the browser not being update. And the
> behavior is not going to change even if you try an alternate browser.
> And any browser though understands a SSL certificate, it will throw
> you a warning if it is not issued by CA, Verisign, Thawte etc (Only
> licensed certificate issuing authorities)

Can you explain little more about 'Only licensed certificate issuing authorities'?
AFAIK, Tata Certifiying Authority is approved CA by GoI. IMO, one should not see such warning.

> The problem with the certificate is written on the page
>
> portal2.passportindia.gov.in uses an invalid security certificate.
> The certificate is not trusted because the issuer certificate is unknown.
> (Error code: sec_error_unknown_issuer)
>
> This is because the certificate is self signed by TCS. And TCS is
> providing this services
> http://www.google.co.in/search?q=tcs+passport+seva

Aren't all certificates self signed by the CA? Or am I missing something?

TAS

unread,
Mar 6, 2011, 8:50:04 AM3/6/11
to null-...@googlegroups.com
Reply inline

>Can you explain little more about 'Only licensed certificate issuing authorities'?
>AFAIK, Tata Certifiying Authority is approved CA by GoI. IMO, one should not see such warning.


For a proper SSL certificate check the Verified by and check the
verified by of certificate below
https://portal2.passportindia.gov.in/

TCS CA are only vendors for selling certificates issued by CA.
http://www.tcs-ca.tcs.co.in/index.jsp?rightHtml=includeJSP/chainDownload_current.jsp&leftTitle=CA%20Certificates&right1stTitle=Current%20Certificates&right2ndTitle=CA%20Certificates&highlight=0

> Aren't all certificates self signed by the CA? Or am I missing something?

They are self signed by CA. CA is an authority and when you generate
one you are not. At least I would not trust one if I am doing
something sensitive.

<--snipped from http://en.wikipedia.org/wiki/Certificate_authority

A CA issues digital certificates that contain a public key and the
identity of the owner. The matching private key is not similarly made
available publicly. (when you generate a self signed certificate both
the keys are with you. Not sure how credible the cert will be) A CA's
obligation in such schemes is to verify an applicant's credentials, so
that users and relying parties can trust the information in the CA's
certificates. CAs use a variety of standards and tests to do so. In
essence, the Certificate Authority is responsible for saying "yes,
this person is who they say they are, and we, the CA, verify that".

And may be you should also read.
http://en.wikipedia.org/wiki/Self-signed_certificate

-
TAS
http://twitter.com/p0wnsauc3


2011/3/6 शंतनू <shan...@gmail.com>:

> --
> null - Spreading the right Information
> null Mailing list charter: http://null.co.in/section/about/null_list_charter/
>

> This list is supported by Institute of Information Security http://iisecurity.in
> Real-world hackers, real-world training – Certified Professional Hacker at IIS
>

Ravikiran Mane

unread,
Mar 7, 2011, 1:05:42 AM3/7/11
to null-...@googlegroups.com
Hello,

Usually, there are three main reasons for such an error :

 1. CN[Common Name] name in digital certificate not matching the hostname sending it.

 2. CA[Certifying Authority] ,signing the certificate ,not recognised by the browser [ which is the case in the aforementioned scenario ].
        Usually, the root certificates of all known CA's is present into browser's trust [i.e. it is aware of the signing authority] as soon as you install the   
        browser. However, for less popular CA's, you explicitly need to import the root certificate from them. 

 3. Certificate expired.

Hope that helps!

Regards,
Ravikiran.

secretx...@gmail.com

unread,
Mar 6, 2011, 3:17:59 AM3/6/11
to null-...@googlegroups.com
Hey ppl is there anyway I own a domain name on a web site but don't own the site is there anyway I could get rid of my web master & start my own site, because he won't sell me the site, he said I learn his codes wtf is that anyway? And is there a way I can get a free mobile ready site I pay for it but I don't want my members paying for it, & I don't want any webmaster(s), help me out people?
Sent via BlackBerry by AT&T
Reply all
Reply to author
Forward
0 new messages