Some browsers' root certificates for Verisign, AT&T, and GTE CA's expired on Dec 31, 1999
Some customers using older browsers may receive a warning message
after Jan 1, 2000 stating that the "Certificate Authority is Expired" when
accessing a secure server using a certificate issued by Verisign, GTE,
or AT&T.
The browsers that will experience this problem are Netscape v4.06 and
older; also Microsoft Internet Explorer 4.01 and 4.5 for Macintosh have
a similar problem. There is some discrepancy over the actual percentage of
users that will see this problem, as there are no concrete numbers for the
actual market share of these versions of browsers.
Solution ID: S03691
There is nothing that can be done for this problem on the server side exceptto buy a new secure certificate from a certificate authority whose root certificate
does not expire yet (such as Thawte). Otherwise, the customers accessing the secure
server must either upgrade their web browsers to a compliant version or
install the latest root certificate from the Certificate Authority's web site.
It is recommended that store owners create an informational page on their
web site detailing this problem for their customers. This page should let your
customers know what to do to fix the warning message, and provide links
to the browser's web site to upgrade their browser and/or the CA's web site
to download the latest root certificate. It's also important to note that
if the customer clicks to continue through the warning message, a normal
SSL connection will be made and all information will be encypted as it
normally would.
Additional Information:
1. Entrust is a Certificate Authority whose root certificate does not expire at
the end of this year. They are estimating that 25% of users will be affected, but
no verifiable references are made to how this number was reached. More info
can be found at:
http://www.entrust.net/products/rootca.htm
2. Verisign estimates that only about 2% of internet users will be affected by this
problem using information from www.statmarket.com. More information on what
Verisign is saying about the problem can be found at:
http://www.verisign.com/server/cus/rootcert/facts.html
3. GTE provides a browser compatibility table to document which browsers will
be affected, as well as an FAQ for the root rollover issue:
http://www.gte.com/cybertrust/resources/root/root.html
Related Articles
No related articles were found.
Attachments
No attachments were found.
Visitor Comments
Article Details
Last Updated
13th of November, 2008