Don't know whether to proceed.

eliallen · Mar 7, 2015

I get the following message (See attachment) when I go to this site. http://milconnect.dmdc.mil.. The address provided from a TriCare post card. I am on a wired connection.

cadee2c · Mar 7, 2015

What browser are you using?

Ned · Mar 7, 2015

That message means the site uses SSL but their certificate is invalid. Here's what Firefox has to say:

www.dmdc.osd.mil uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)

It's up to you whether you trust the site enough to ignore the message, but if you do, I would report it to the webmaster.

eliallen · Mar 7, 2015

Internet Explorer and Chrome. Ned I will contact the site. Thanks

John From Detroit · Mar 7, 2015

That sounds like something your anti-mal-ware software might toss up.. mine does that from time to time.. There is an option to tell it to shut up and let me connect.

Ned · Mar 7, 2015

I have already explained the source and cause of the message, it has absolutely nothing to do with anti-malware software.

Al Todalen · Mar 7, 2015

I used to get a similar message about a problem with the security certificate when trying to log on to myhealthevet at the VA using my phones default browser. I could not get past the message and I don't think the VA was going to change it's ways based on my feedback. I switched to using FireFox and although it warned me of a potential security risk I was allowed to continue once I acknowledged that it may be unsafe.
Al

99WinAdventurer37G · Mar 7, 2015

Ned said:
I have already explained the source and cause of the message, it has absolutely nothing to do with anti-malware software.

Ned, I am always wary when I get a message like that and shut it down. Not sure what could happen if I go anyway. Same thing with software downloads. Is there any way to know if it is a phishing attempt, or they actually got some of your information, such as passwords, financial info, etc.?

Ned · Mar 7, 2015

At the time of the message, the browser has not fully connected with the web site and is just telling you that there is a problem with the SSL certificate. If you know the site is trustworthy, it may just be that they forgot to renew their certificate, but it could also be a symptom of a man-in-the-middle attack. The safest thing to do is to not proceed and to notify the site owner via other means (like email or telephone) about the problem. It's not a phishing attack nor has any of your information been compromised.

cadee2c · Mar 7, 2015

It could also be that the date setting in your computer is wrong, making it think that their certificate is expired.

Ned · Mar 8, 2015

It's not that the certificate is expired, but the issuer isn't a know trusted certificate authority. This happens with self issued certificates.

Wizard46 · Mar 8, 2015

Ned, can you explain certificate in layman's terms. Is that like a license to operate a website???

Cant Wait · Mar 8, 2015

I've noticed that I've gotten a similar warning when trying to get on several different Gov. web sites that are connected to the VA, Tricare, and other veteran related sites. Is it that they all use the same licensing systems'(?) that causes this so much?

Ned · Mar 8, 2015

An SSL certificate is issued by a certificate authority (CA), like Comodo, that is used to encrypt the data between the browser and the server. You can see the certificates and the CAs in your browser. In Firefox, Options | Advanced | Certificates | View Certificates. Before the browser accepts a certificate from a server, it verifies that the certificate was issued by a trusted CA and if not, then you get the warning shown in the original message. If the certificate is expired, you'll get a message about that. If the certificate is valid and not expired, then it's used to set up the encryption with the server. The certificate contains the server's public key that the browser uses to encrypt everything sent to the server.

And that's the simple version

Ned · Mar 8, 2015

Cant Wait said:
I've noticed that I've gotten a similar warning when trying to get on several different Gov. web sites that are connected to the VA, Tricare, and other veteran related sites. Is it that they all use the same licensing systems'(?) that causes this so much?

They may all be using the same certificate authority, which may be themselves, called a self issued certificate, and if the browser doesn't have them listed as a trusted CA, then you get the warning message. If you go to the certificates in your browser options and look under Servers, you should find the web site listed and you can examine the certificate. That will tell you who issued the certificate and you can then look under Authorities to see if they're listed. If not, then it's not a trusted CA.

Gary RV_Wizard · Mar 8, 2015

Let me try it in layman's terms. A "certificate" isn't really a license. It's more like a letter of recommendation. A "certificate authority" is a trusted entity that issues a digital certificate saying "we know who this website is and they are legit". [The certificate is actually an encryption key - see Ned's reply.] The web site and those who use it have to trust the certificate issuer to have verified it. Your browser checks for a valid certificate from a known issuing authority but you can tell it to accept one from an authority the browser does not recognize, or even to accept one that is out of date or otherwise invalid. It's not real unusual for a certificate to be expired - they often don't get renewed until web site or server users start complaining! It's also common for small, privately operated web sites to issue their own certificate. If the data being passed back and forth is not real critical (e.g. forum messages, blogs, etc.) there is little need to worry about imposters, so accepting a site certificate from an unknown issuing authority isn't much risk. However, you might want to avoid sending any important private data via that site unless you are really sure you know who they are and what they might do with your data.

Wizard46 · Mar 8, 2015

Thanks, Ned and Gary, that's about what I thought.

I too have gotten that message on VA sites and have told Firefox to go to it anyway knowing that I was on the right site.

eliallen · Mar 9, 2015

With all the scams on the web today, I do not connect until I am sure that it is safe. I contacted the Company and they assured me that it secure. The person I spoke with could not tell me why the warning , so I found another way to complete my task.

Don't know whether to proceed.

Well-known member

Attachments

Well-known member

Moderator Emeritus

Well-known member

Well-known member

Moderator Emeritus

Active member

Well-known member

Moderator Emeritus

Well-known member

Moderator Emeritus

Well-known member

Well-known member

Moderator Emeritus

Moderator Emeritus

Site Team

Well-known member

Well-known member

Forum statistics