SSL Certificate from 'localhost'

Operating System, Common Application & ThinkPad Utilities Questions...
Post Reply
Message
Author
RealBlackStuff
Admin
Admin
Posts: 17512
Joined: Mon Sep 18, 2006 5:17 am
Location: Mt. Cobb, PA USA
Contact:
Contact RealBlackStuff

SSL Certificate from 'localhost'

#1 Post by RealBlackStuff » Thu Apr 24, 2008 8:35 am

Since a few days my Windows XP does a strange thing.
When I pay with a credit card on a secure website, I get a warning about an expired Security Certificate, issued by 'localhost'.
I'm using Firefox 2.0.0.14.

Going into about:config I find this:
security. default_personal_cert
Determines the selection of a security certificate to present to web sites that require one.
Select Automatically (default): Automatically choose the certificate
Ask Every Time: Prompt user with a choice of certificate options every time
Note: In Firefox, this can be changed via "Tools → Options → Advanced → Certificates → Client Certificate Selection"

My entry has/was changed to: Ask Every Time.
Anybody knows HOW or WHY?

I have changed it back to the (default), and wait and see what happens next time.

The only change I can think of, that may have caused this, is installing Apache/MySQL/PHP on my PC to run a trial of the 'ZenCart' shopping cart.
To make that work I had to enter 3 new lines in my hosts file:

# ZenCart entries
127.0.0.1 www.example.com # For browser access
127.0.0.1 mail.example.com # For email access
127.0.0.1 example.com # For mercury mail server

Does this ring a bell for any of you?
Lovely day for a Guinness! (The Real Black Stuff)

Check out The Boardroom for Parts, Mods and Other Services.
Top
davidspalding
ThinkPadder
ThinkPadder
Posts: 1593
Joined: Mon Nov 14, 2005 2:39 pm
Location: Durham, NC
Contact:
Contact davidspalding

#2 Post by davidspalding » Thu Apr 24, 2008 3:32 pm

Stop shopping at those sites. Any site that serves a cert issued by "localhost" during checkout is highly, highly suspect.

-OR-

Update your antivirus and anti-spyware software and do a complete scan. Though unlikely, I wonder if you've got a Trojan that is intercepting https calls to commerce sites, routing it to a local program, which is using an invalid certificate. Firefox could be alerting you that you are being hitting with a man-in-the-middle attack coming from your own localhost.


Your hosts file looks benign. A third party commerce site shouldn't be redirecting to your local Apache installation.
2668-75U T43, 2GB RAM, 2nd hand NMB kybd, Dock II, spare Mini-Dock, and spare Port Replicators. Wacom BT tablet. Ultrabay 2nd HDD.
2672-KBU X32, 1.5GB RAM, 7200 rpm TravelStar HDD.
Top
RealBlackStuff
Admin
Admin
Posts: 17512
Joined: Mon Sep 18, 2006 5:17 am
Location: Mt. Cobb, PA USA
Contact:
Contact RealBlackStuff

#3 Post by RealBlackStuff » Fri Apr 25, 2008 8:19 pm

Have not yet had the issue again, but then, I did not buy anything since the change-back.

I have no spyware or trojans of any kind on my PC, checked and double-checked and then checked again.
Lovely day for a Guinness! (The Real Black Stuff)

Check out The Boardroom for Parts, Mods and Other Services.
Top
RealBlackStuff
Admin
Admin
Posts: 17512
Joined: Mon Sep 18, 2006 5:17 am
Location: Mt. Cobb, PA USA
Contact:
Contact RealBlackStuff

#4 Post by RealBlackStuff » Sat Apr 26, 2008 6:42 am

Found the culprit.
Apache starts automatically at bootup, instead of manually, and this produces the 'localhost' SSL-cert message.

Removing the 'autostart' solved the problem.
Pfhui!
Lovely day for a Guinness! (The Real Black Stuff)

Check out The Boardroom for Parts, Mods and Other Services.
Top
Post Reply

Return to “Windows OS (Versions prior to Windows 7)”

Who is online

Users browsing this forum: No registered users and 2 guests