view certificate

Jump to solution

Every so often i get pop up message that says- The name on the security certificate is invalaid or does not match the name on the site. do i want to proceed? Is this legitement or is malware?

0 Kudos
1 Reply

Re: view certificate

Jump to solution

The message itself is legitimate.

Secure websites are issued a "security certificate".   When you attempt to go to a secure site, the site's certificate is checked to make sure it's valid:   the certificate must be current [not expired, and not revoked], and the site's name must match up.   When something doesn't check-out completely, you get a warning message.

HOW to proceed is not as clear.   If the message is that the certificate has expired RECENTLY [i.e., the past day or so], it's likely just because the company didn't renew it yet.   In such a case, you can probably ignore the message and proceed.

In your case, it's saying the names don't match up.   You need to be a bit more careful here:

Example:   Say you're visiting the CitiGroup site, and its subsidiaries.   From there, you try to access CitiBank, and get a certificate warning.   You need to check the details to see what the non-matching name is on the certificate.   In this example, if the certificate was issued to CitiGroup (the legitmate "parent" company) while you're trying to access CitiBank, then it would be safe to continue.   But if the certificate had some other name on it, then you'd have to determine whether its legitimate [related], or whether you've reached a "spoofed" site that's trying to trap you.

Hopefully, with this in mind, you'll be able examine the certificate's details, and decide for yourself.   If you decide the page is legitimate, and this warning happens regularly there, you might want to contact the company, report it, and hope they'll update things.

Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

Windows 7 Pro SP1 (64-bit), avast! v17 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, MBAE Premium, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), uBlock Origin, CryptoPrevent, Secunia PSI.

[I believe computer-users who sandbox (Sandboxie) are acting prudently.]