Digital certificate expiration could affect millionsgreenspun.com : LUSENET : TimeBomb 2000 (Y2000) : One Thread
Users of Netscape Communications Corp.'s Navigator and Communicator browsers 4.06 and older, as well as users of Microsoft Corp.'s Internet Explorer 4.5 for Macintosh and older, could have problems buying goods online after the clock strikes midnight at the new year.
The problem is with digital certificates from VeriSign Inc. that are stored in the browsers. The certificates are used to authenticate a user and, in turn, authenticate a Web site and encrypt electronic-commerce transactions.
The certificates, first created five years ago, are set to expire at midnight on Dec. 31. That means some users are going to have a tough time conducting some transactions if they haven't updated their browsers. About 150,000 commerce and finance sites support the VeriSign certificate.
But officials are quick to point out that this isn't an unanticipated glitch. The certificates are supposed to work this way. Any digital certificate, which depends upon a standard from the Internet Engineering Task Force called x.509, has an expiration date. When VeriSign first built its certificates, they had a five-year life span. They were set to expire on Dec. 31 because most browsers when built couldn't support dates with four digits, said Ben Golub, director of Internet product marketing at VeriSign in Mountain View, Calif.
"In retrospect, maybe we should have chosen a date like Dec. 15," Golub said.
Help is on the way
Netscape users who have not updated their browsers -- Netscape estimates there are 5 million to 10 million of them -- will see a dialogue box on some secure sites after Dec. 31. They'll be able to click "continue" to get a secure connection. Users of the Microsoft browsers for the Mac may see an "expired certificate" warning and won't be able to conduct their transactions securely.
IE users can upgrade their browsers to IE 4.51 at www.microsoft.com/mac/download. More information is available at www.microsoft.com /mac/iesecissue.
Netscape users can update their browsers for free at home.netscape.com/computing/download/index.html. Or they can order a CD-ROM at cd.netscape.com. More information is available at www.netscape.com/cms/certinfo.html?cp= hom12n1. See this story in context on ZDNet
Netscape site to download upgrade is VERY busy. I haven't been able to get in to do a download. Guess I'll have to order that CD.
I'm curious what will happen when I got into DLJDirect [my on-line stockbroker]. Last year I set my computer to January 1 and forgot to change back to the actual date. I couldn't access my account because of "certificate expiration". I really panicked - but then remembered I had the computer set to January 1, 2000. When I reset the date, I was able to access my account.
That was then. This is now. Wonder what will happen?
-- Cheryl (Transplant@Oregon.com), January 02, 2000
That was then. This is now. Wonder what will happen?
Everything. The world will blow up. Just like the Y2K rollover. Didn't you read the discussions here a couple of days ago?
-- Truk (firstname.lastname@example.org), January 02, 2000.
I won't buy anything on line, never have and never will, so it doesn't make a difference to me.
-- not so dumb (email@example.com), January 02, 2000.
Thanks for the heads-up, Cheryl. For confirmation, I received this from my IPS (BellSouth):
Subject: Netscape Browser Update May Be Required
Date: Wed, 22 Dec 1999 19:07:10 -0500 (EST)
To: All BellSouth.net Internet Service Customers Subject: Netscape Browser Update May Be Required
This notice is intended for customers who use the BellSouth.net Netscape browser distributed through our registration CD or website. Netscape has informed us that all customers with any browser version 4.05 or earlier will need to update it to ensure a continued smooth experience while conducting secure online transactions such as shopping or banking. If you use Microsoft's Internet Explorer or a more recent version of Netscape, please disregard this message.
The issue is the expiration of a certificate license that allows your browser to verify, during a secure Web connection, that the Web site you are connected to is the actual site you intended to visit. Most online commerce sites that request or use personal financial information are generally characterized as "secure"; however the vast majority of Web sites are not. You can generally tell you are on a secure site by the presence of a closed padlock or a key in the lower left or right corners of your computer screen.
If you attempt to connect to a secure site with an expired certificate you will be presented with a pop-up box reminding you that it has expired. It is then your choice to continue the transaction or cancel it. If you choose to continue, your connection will still be secure and should proceed normally. The problem, however, is that the pop-up box will confront you every time you attempt a secure connection. To proactively provide our customers with the most enjoyable and easy online experience, we suggest you take steps to upgrade the browser.
The certificate for the older Netscape browsers expires on December 31, 1999. The expiration date is a coincidence only, and has absolutely nothing to do with any Y2K computer-related issues. We ask that you implement this change before December 31, 1999, to avoid the appearance of the pop-up box.
Please click on the following Netscape link to find answers to the most frequently asked questions surrounding this issue:
Once you have read the contents of the link, we recommend that you follow the instructions given to download an upgrade to your browser. Depending on your computer and connection speed, downloading the upgrade could take more than an hour.
If you have any additional questions or concerns, please contact our technical help staff at 1-800-4DOTNET.
BellSouth.net Customer Care
-- Spindoc' (firstname.lastname@example.org), January 02, 2000.
I've already made my first purchase of the new year...secure transaction to Dixie Gun Works seemed to work! (They have a neat catalogue...)
-- Mad Monk (email@example.com), January 02, 2000.