Skip navigation.

The Opera Rootstore

The Roots of Internet trust

Temporarily missing EV indication with Verisign EV certificates

By Yngve Nysæter Pettersen. Friday, 4. September 2009, 23:34:56

, , , ,

Due to an unfortunate misunderstanding, Opera had not received an updated EV audit from Verisign in time for the latest rootstore update. As a result, our automatic system reverted to showing a yellow bar instead of a green bar on sites with EV certificates signed by Verisign, Thawte and Geotrust.

We have in the meantime received a currently valid EV audit. The update took effect Sep 3rd 1900 UTC, and the sites in question will start displaying the green EV bar again after the next time the browser contacts our server. This takes place on a weekly basis.

Users can rest assured that this does not signify any reduced trustworthiness for the sites in question, their certificates remain valid and are recognized by Opera. It is only the additional EV indication that will be off until the next time the browser downloads certificate information from our servers.

Unfortunately, there is a minor bug in the newly released Opera 10 that prevents the user from forcing a manual update of the rootstore in this version. This will be fixed in a maintenance build. A workaround for users that want an immediate update is to shut down Opera and delete/rename the file "tasks.xml" in the profile folder and then restart Opera.

GlobalSign SHA-256, Verisign roots, new repository versionSecom, CNNIC, Buypass Root, Izenpe EV-enabled, and more

Comments

Chas4 5. September 2009, 04:22

:smile: Nice to know

dantesoft 5. September 2009, 07:38

Next time I'll see a yellow padlock on login.live.com I'll investigate :smile:

BTW, what are the consequences for the user, when a website genuinely downgrades its certificate's validation? Should the UA issue a warning?

Chas4 5. September 2009, 13:53

found a strange https at https://www.bing.com/ Why do they have a 3rd part listed on the https certificate

yngve 5. September 2009, 17:02

Chas4: They are hosting the bing.com servers at Akamai to better handle the load; I guess they are not planning to have the service as a secure service. However, the akamai servers themselves may have a secure server for other purposes.

yngve 5. September 2009, 17:04

Originally posted by dantesoft:

BTW, what are the consequences for the user, when a website genuinely downgrades its certificate's validation? Should the UA issue a warning?



The issue, particularly dealing with less secure certificates has been discussed on and off for a while in several places. One issue is that it will require the client to store more information about the sites you visit.

Chas4 5. September 2009, 20:31

yngve do you know if Akamai is own by Microsoft?

yngve 5. September 2009, 21:02

It's a Nasdaq traded public company, so I doubt Microsoft have any significant holdings in the company, assuming they have any.

Paypal is another company using Akamai to host content (in their case secure content, so the certificate is correct). There are many others as well.

Chas4 5. September 2009, 21:44

Interesting I have seen the Akamai name on a lot of Microsoft sites and a few others

yngve 5. September 2009, 22:14

They have been a (I believe the) major international hosting provider for quite a while, providing web sites with the ability to host content geographically and netwise close to the consumer, increasing the performance of websites. You might find this article of interest.

Write a comment

You must be logged in to write a comment. If you're not a registered member, please sign up.