Bitcoin Forum

Economy => Trading Discussion => Topic started by: Jan on April 01, 2012, 10:15:44 AM


Title: MtGox SSL certificate security warning on Android
Post by: Jan on April 01, 2012, 10:15:44 AM

Visiting https://mtgox.com using the web-browser on my Android 2.2 device gives me a security warning.

http://i40.tinypic.com/o6y5w6.png

Certificate details:
http://i40.tinypic.com/2j0fau0.png
http://i43.tinypic.com/2dabtiq.png

This does not happen on my iPhone, desktop Chrome/Firefox browser.

I don't think that this was the case a few days ago.

I wonder whether they have recently updated their certificate and that it has been issued by a root certificate that my device does not know.

Title: Re: MtGox SSL certificate security warning on Android
Post by: rjk on April 01, 2012, 01:19:45 PM
The main site's certificate is signed by Verisign, but the socket connection for displaying the current price is served with a StartSSL certificate. Likely, the StartSSL root cert isn't trusted on your device.

Title: Re: MtGox SSL certificate security warning on Android
Post by: paraipan on April 01, 2012, 01:24:30 PM
maybe they forgot to add the intermediate cert For StartSSL, http://www.startssl.com/?app=25#31

Title: Re: MtGox SSL certificate security warning on Android
Post by: Cusipzzz on April 01, 2012, 02:17:57 PM
getting same SSL error on mobile client on android, when trying to see BTC history. Everything else seems to work - weird.

Title: Re: MtGox SSL certificate security warning on Android
Post by: Tritonio on April 01, 2012, 11:12:02 PM
Did anyone tell Mt Gox about this?

Title: Re: MtGox SSL certificate security warning on Android
Post by: grue on April 02, 2012, 01:01:58 AM
Quote from: rjk on April 01, 2012, 01:19:45 PM
The main site's certificate is signed by Verisign, but the socket connection for displaying the current price is served with a StartSSL certificate. Likely, the StartSSL root cert isn't trusted on your device.
but it says that the problem cert is issued by verisign

Title: Re: MtGox SSL certificate security warning on Android
Post by: rjk on April 02, 2012, 01:15:50 AM
Quote from: grue on April 02, 2012, 01:01:58 AM
Quote from: rjk on April 01, 2012, 01:19:45 PM
The main site's certificate is signed by Verisign, but the socket connection for displaying the current price is served with a StartSSL certificate. Likely, the StartSSL root cert isn't trusted on your device.
but it says that the problem cert is issued by verisign
Yeah I noticed that, but I guessed maybe that the "view certificate" dialog defaulted to opening the main site cert, instead of the one that was causing the error. Not sure, but in any case you need to compare the cert fingerprint with one from a trusted computer/connection, and make sure they match.

I had the same issue on my Blackberry until I added the StartSSL CA cert to my trusted roots, and then I stopped getting errors. YMMV.


Title: Re: MtGox SSL certificate security warning on Android
Post by: Jan on April 02, 2012, 07:55:31 PM
Seems fixed now.


Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines