[ale] Suntrust.com - Live Solid, Bank Solid... Just not securely without a warning :)

David Tomaschik david at systemoverlord.com
Sat Aug 18 23:56:30 EDT 2012


On Sat, Aug 18, 2012 at 7:11 PM, Jeremy T. Bouse
<jeremy.bouse at undergrid.net> wrote:
>         So I have a business checking account with Suntrust... I was elated and
> pleasantly surprised when I go to log into my account and every single
> secure certificate presents me with a failure in Firefox and have to put
> in exceptions. Looking into it shows that SunTrust enjoys using GeoTrust
> SSL certificates but their IT department is unable to successfully
> install them along with the proper GeoTrust SSL Intermediate CA certificate.
>
>         I'm not sure which incompetence scares me more... That a large bank's
> IT department is unable to do such a simple step as install an
> intermediate CA certificate when they install their server certificates
> or the fact that browsers like Google Chrome and IE happily except this
> certificate and state it's all valid without actually validating the
> certificate chain.
>

openssl s_client -CApath /etc/ssl/certs/ -connect suntrust.com:443
verifies the chain just fine.

IIRC, Firefox uses its own CA root store, and Chrome (on Linux) uses
the system CA store.

David



-- 
David Tomaschik
OpenPGP: 0x5DEA789B
http://systemoverlord.com
david at systemoverlord.com


More information about the Ale mailing list