VeriSign moved to allay confusion on Thursday, after the expiration of some of its certificates that verified it as a certificate-issuing authority.
Users have experienced problems when accessing pages that use secure sockets layer (SSL) encryption on sites whose certification depended on VeriSign's own expired certificates.
Get Up to Speed on... Enterprise security Get the latest headlines and company-specific news in our expanded GUTS section.
The Mountain View, Calif.-based company said that older versions of its Intermediate Certificate Authority (CA) expired on Wednesday. "As a result, users attempting to establish SSL session with sites that had not updated their CA certificates may start encountering error messages," VeriSign said in a statement. "There is no security danger, and users who ignore these error messages can successfully establish secure SSL connections. However, sites should update their CA certificates if they have not already done so, to avoid user confusion. No action is required on the part of end users."
VeriSign posted instructions on how to update certificates on its Web site.
Explaining the problem, VeriSign said CA certificate expiration is a normal event that is considered best practice when issuing and managing certificates. "In anticipation of this expiration event, VeriSign changed to a new version of CA certificates in December of 2001. All SSL certificates issued by VeriSign since that date have been issued in conjunction with the newer CA certificates."
The company said that since 2001, it has taken steps to notify its customers of the situation and, with each communication, alert them to the expiration date and steps necessary to obtain a new Intermediate CA. However, some companies missed or ignored the warnings, resulting in error messages for users trying to access secure areas.
VeriSign said it was taking additional actions to help those still experiencing difficulties. All employees in its client services team have been made available to answer questions and walk customers through the process which, it said, will take only a short time and will not result in any disruption of service.
Customers using VeriSign certificates have previously dealt with telephone carrier BT in the United Kingdom, but after setting up a U.K. presence at the end of 2003, VeriSign started to operate its certificate business directly. BT continues to issue VeriSign certificates for its hosting customers along with other services, said Francois Steiger, senior vice president for Europe, when he spoke to ZDNet UK in December. Steiger said VeriSign issues 25 percent of SSL certificates in Western Europe, and has 370,000 digital certificates installed in the region.
Web giant is spending $120 million to beef up its Mountain View, Calif., headquarters, according to filings with the city reviewed by the San Jose Mercury News.
The Samsung Galaxy Mini 2 S6500 could make its debut at the Mobile World Congress in Barcelona later this month, according to a leaked promotional image.
MIT creates a simulation to celebrate the 50th anniversary of Spacewar. A relic of the early days of minicomputers, it was one of the first computer video games and set the stage for many others, including Asteroids.
Join the conversation