Chase.com not loading
August 17, 2011 8:04 AM   Subscribe

I have a PC running Firefox 6 as of yesterday. When I try to go to www.chase.com I get the following message: An error occurred during a connection to www.chase.com. Peer's Certificate has been revoked. (Error code: sec_error_revoked_certificate) Googling is not helping perhaps because I am not familiar enough with certificates and how they work. Any ideas on how to use the site without turning off certificates? Is it important to keep them on?
posted by yfatah to Computers & Internet (8 answers total)
 
I see the same w/ Firefox 5. It's probably fine, but I wouldn't use the site until it's resolved.
posted by reptile at 8:13 AM on August 17, 2011


Their certificate may have been revoked for a reason. Odd that they're not sending a new one, though.
posted by wierdo at 8:13 AM on August 17, 2011


For what it's worth, I'm getting the same error in Firefox 5, but not Chrome or IE. Could be a glitch with Chase's web server, or an error in Firefox's certificate revocation list, or it could be that someone is actively trying to intercept traffic to Chase's servers using a fraudulent certificate. I would just advise waiting a while and seeing what happens.
posted by Nothlit at 8:13 AM on August 17, 2011


Hmm. I get the same error (security certificate revoked) using Google Chrome.
posted by Telpethoron at 8:14 AM on August 17, 2011


Best answer: I'm seeing it on Chrome and Firefox here, not with Chromium (an open source compilation of Chrome).

I'd call up Chase and ask them. The certificates are telling you that a very trusted third party has confirmed the identity of Chase.com. If you turn that off, then anyone can set up a "man in the middle" attack that says "yeah, I'm Chase.com, even if these other guys don't vouch for me".

This could be happening because the third parties that the various browsers trust for this have screwed up, and there are reasons to be somewhat suspicious, but this is very much something that Chase needs to fix, and you shouldn't just willy-nilly turn off the certificate authority checking without understanding why.
posted by straw at 8:19 AM on August 17, 2011 [2 favorites]


Best answer: Chase Bank's website is completely down right now, FWIW. Seems like they may be aware of this problem - or suffering from an attack.
posted by IAmBroom at 8:33 AM on August 17, 2011


It's showing as revoked because Verisign's system says it's revoked. (Chase uses Verisign for their SSL certs):
--------
Response verify OK
0x58390C351B84D5E3C4CF8FE0FEDAD9F0: revoked
This Update: Aug 17 14:39:44 2011 GMT
Next Update: Oct 2 14:30:35 2011 GMT
Reason: unspecified
Revocation Time: Aug 17 14:37:42 2011 GMT
--------

It should look something like this (from my bank):
--------
Response verify OK
0x38F9EF4CF80E2553C89395A230CD7586: good
This Update: Aug 16 10:05:03 2011 GMT
Next Update: Aug 23 10:05:03 2011 GMT
--------
posted by wierdo at 8:40 AM on August 17, 2011 [1 favorite]


I should add that any browser that supports EV certificates (or otherwise has OCSP support) should be throwing an error. That should include IE7+, but not IE6.
posted by wierdo at 8:45 AM on August 17, 2011


« Older How do you know that a relationship is progressing...   |   What is the best iPhone app to track car mileage? Newer »
This thread is closed to new comments.


Tags

Share