|
Title: CA Root certificate not trusted Post by: FiendCoin on March 19, 2017, 08:53:34 PM Avast is telling me that I need to add a security exclusion for Electrum and I shouldn't have to do that if it was legitimate.
Is this normal? Title: Re: CA Root certificate not trusted Post by: Abdussamad on March 20, 2017, 07:24:54 AM yes electrum servers use self-signed certs. these are the servers that give electrum blockchain data not the website where you download electrum from.
btw you did download electrum from electrum.org right? if you did that then it's ok. i ask because there are malware copies floating around so you have to make sure you download it from the official site. Title: Re: CA Root certificate not trusted Post by: mocacinno on March 20, 2017, 07:33:28 AM yes electrum servers use self-signed certs. these are the servers that give electrum blockchain data not the website where you download electrum from. btw you did download electrum from electrum.org right? if you did that then it's ok. i ask because there are malware copies floating around so you have to make sure you download it from the official site. This is great advice, i only wanted to add that a second option is to check the signature. All releases of electrum should be signed by ThomasV https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6 If the signature checks out, it doesn't really matter where you downloaded the release ;) (altough it might be a good idear to download from electrum.org, so you're sure you have the lastest stable release) Edit Howto (linux) for the 2.8.1-portable binary for windows: Code: wget https://download.electrum.org/2.8.1/electrum-2.8.1-portable.exe The output contained this line: Good signature from "Thomas Voegtlin (https://electrum.org) <thomasv@electrum.org>" So, it doesn't matter where i downloaded it, it was signed by ThomasV, thus it was real :) Title: Re: CA Root certificate not trusted Post by: FiendCoin on March 20, 2017, 07:41:49 AM yes electrum servers use self-signed certs. these are the servers that give electrum blockchain data not the website where you download electrum from. btw you did download electrum from electrum.org right? if you did that then it's ok. i ask because there are malware copies floating around so you have to make sure you download it from the official site. This is great advice, i only wanted to add that a second option is to check the signature. All releases of electrum should be signed by ThomasV https://pgp.mit.edu/pks/lookup?op=vindex&search=0x2BD5824B7F9470E6 If the signature checks out, it doesn't really matter where you downloaded the release ;) (altough it might be a good idear to download from electrum.org, so you're sure you have the lastest stable release) Edit Howto (linux): Code: wget https[Suspicious link removed] Thanks for the replies, I did download from electrum.org The cert thing had me worried, not so much now :) |