Skip to main content

Ralsina.Me — Roberto Alsina's website

valicert

Be­cause of var­ied rea­son­s, I have spent a lit­tle time in my life look­ing at SSL cer­tifi­cates. I have spent time cre­at­ing, sign­ing, con­fig­ur­ing, buy­ing, de­ploy­ing and val­i­dat­ing them. I have hard­ly ev­er seen some­thing like Val­icert, though.

So, a us­er has a SSL er­ror, and there ap­pears a cer­tifi­cate that has noth­ing to do with the site he's sup­posed to be ac­cess­ing. It's marked as in­valid (n­ev­er­mind) and is from a CA I have nev­er heard of, called Val­icert.

It seems to be a valid CA, its cer­tifi­cates most­ly val­i­date, etc, but some­thing is fishy (be­sides the fact that there is a freak­ing Val­icert cer­tifi­cate where there should not be one and I have no idea why).

It seems Val­icert is or was owned by Go­Dad­dy, which should al­ready be a prob­lem, but it gets worse. The URL for the CA? val­icert.­com which is not con­fig­ured as a site. Then I try www.­val­icert.­com which does ex­ist but is not about a CA but about AxWay, a "Busi­ness In­ter­ac­tion Net­works com­pa­ny".

It con­tains nuggets like "What can our cloud-based com­mu­ni­ty man­age­ment so­lu­tion do for your bot­tom line?" and "Is your file trans­fer sys­tem vis­i­bil­i­ty-im­paired?" and "Our award-win­ning prod­uct­s, so­lu­tions and ser­vices en­able the busi­ness-­crit­i­cal trans­ac­tions re­quired to ac­cel­er­ate per­for­mance with­in and among en­ter­pris­es – while pro­vid­ing man­age­men­t, se­cu­ri­ty and gov­er­nance on in­ter­ac­tions through­out busi­ness net­work­s."

And then I had the (bad) idea to try http­s://www.­val­icert.­com ... a pic­ture should be enough:

//ralsina.me/galleries/random/valicert.thumbnail.png

AxWay, you are lame.

These bo­zos, this com­pa­ny that dares of­fer file trans­fer what­nots and has "award win­ning prod­uct­s"... has a self­-signed cer­tifi­cate, that ex­pired in 2010, for lo­cal­host freak­ing lo­cal­do­main in their pub­lic web­serv­er.

So, I am guess­ing Val­icert does­n't ex­ist any­more, go­dad­dy kept the CA alive un­til all certs ex­pire and for some rea­son AxWay is a bunch of in­com­pe­tents who bought the do­main (but why???) and re­al­ly, trust­ing CAs is get­ting hard­er each day.

Magnus Reftel / 2012-05-04 19:42:

Yup, the CA modem is broken. I've switched to convergence.io, and keep telling anyone who will listen to do the same. So go do it :-)