Problem With Trying Log Into My Bank Account

Hi when trying to log into my bank account via safepay I get the following message


"The security certificate for this page is not to be trusted. Safepay attempted to connect too aa.online-metrix.net, but the server certififcate appears to be issued by an entity that is not trusted by your computer. Either the has generated security credentials on it's own (and we cannot rely on for identity information), or an outside attacker may be trying to tamper with your communications". The server's certificate revocation mechanism is not available.


I am using the latest version of Firefox on a Window 7 64 bit system

Comments

  • Unknown
    edited December 2012

    Hello and welcome to our forum!


    Could you please provide us with the full link you are trying to access?


    Kind regards!


    Andrei Burdun

  • Hi,


    I don't think that I can as its a secure page, you have to already have signed in on one page to get this page. Ideally you would need to be a customer of the same bank


    Krazy


    Hello and welcome to our forum!


    Could you please provide us with the full link you are trying to access?


    Kind regards!


    Andrei Burdun

  • Hello,


    One of the features of Safepay is to check the security certificates of websites and block traffic if they are not properly configured. Safepay can detect SSL configuration errors that are not always captured by other browsers.


    Websites can request data from third parties URLs to get info regarding stats, traffic information, etc. Those third parties might have periods when their SSL certificates are not properly set-up. They usually fix them quickly so you might not encounter the issue at the time you read this reply. Anyway, if the error still occurs, please provide us with the bank url you are accessing prior to logging in. It might help.


    Thank you for your feedback!


    Andrei Burdun

  • I get the same message krazy mentions in his first comment. The button on this message allows me to continue on but I still get the message.


    I'm using IE on Windows 7 64 bit.


    My bank is USAA and is extremely involved in security. Don't know why they might be questioned.

  • camarie
    camarie Principal Software Developer BD Staff
    I get the same message krazy mentions in his first comment. The button on this message allows me to continue on but I still get the message.


    I'm using IE on Windows 7 64 bit.


    My bank is USAA and is extremely involved in security. Don't know why they might be questioned.


    That is probably unlikely, but what happened (until now) regarding a certificate error is not from the original domain. I suspect - as happened before - their page embeds (using a FRAME, IFRAME or so) an external URL, and it is this one that have the certificate error.


    If you can spare 2 minutes, the method to investigate is this:


    1. navigate with Safepay to the URL that gives you the certificate error


    2. read carefully the SSL error message - inside the text it will be also the domain name causing the error, let's say its name is trends.acme.com


    3. close Safepay and use another browser to navigate to the initial page; Chrome, for example - it will most likely *allow* you to go there without any message


    4. now open in another tab and navigate to the domain from point 2 (what I named as trends.acme.com)


    5. if I am right, you will get also in this browser a similar (or the same) certificate error as Safepay reports.


    This has happened with several bank websites, which embedded various other domains (facebook.com, trends measurement websites, commercials etc.). In all the cases it was the embedded website which was not trusted by Safepay due to certificate error.


    Since the embedding is in the same web page as the main one - even if the main one is trusted - this second gave a SSL error which Safepay detects it. And being a browser oriented on security, obviously it won't allow any further actions since the security is compromised.


    So, if this is the case, one can contact the bank domain (usually they have a contact form), with some form of High Importance type of message, and letting them know that they embed a page with certificate errors (either expired, certificate with another domain name than the embedded page, revoked - whatever the error is reported).


    Let me know if that helps.


    Regards,


    Cristian Amarie

  • That is probably unlikely, but what happened (until now) regarding a certificate error is not from the original domain. I suspect - as happened before - their page embeds (using a FRAME, IFRAME or so) an external URL, and it is this one that have the certificate error.


    If you can spare 2 minutes, the method to investigate is this:


    1. navigate with Safepay to the URL that gives you the certificate error


    2. read carefully the SSL error message - inside the text it will be also the domain name causing the error, let's say its name is trends.acme.com


    3. close Safepay and use another browser to navigate to the initial page; Chrome, for example - it will most likely *allow* you to go there without any message


    4. now open in another tab and navigate to the domain from point 2 (what I named as trends.acme.com)


    5. if I am right, you will get also in this browser a similar (or the same) certificate error as Safepay reports.


    This has happened with several bank websites, which embedded various other domains (facebook.com, trends measurement websites, commercials etc.). In all the cases it was the embedded website which was not trusted by Safepay due to certificate error.


    Since the embedding is in the same web page as the main one - even if the main one is trusted - this second gave a SSL error which Safepay detects it. And being a browser oriented on security, obviously it won't allow any further actions since the security is compromised.


    So, if this is the case, one can contact the bank domain (usually they have a contact form), with some form of High Importance type of message, and letting them know that they embed a page with certificate errors (either expired, certificate with another domain name than the embedded page, revoked - whatever the error is reported).


    Let me know if that helps.


    Regards,


    Cristian Amarie

  • I only have one browser(IE). Imbedded message was, "Safepay attempted to connect to AKAMAI.MATHTAG.COM but the server certificate appears to be issued by an entity that is not trusted by your computer. The Server certificate common name did not match the host name". There is a "button" on the screen called BACK TO SAFETY which, when I click on it, allows me to continue with my banking. I know USAA Federal Savings Bank uses tight security but I don't want to contact and then expect them to tell me about their internal security restrictions. If the BACK TO SAFETY button use works and doesn't cause Safepay security problems, I guess I'll just include this unfortunate extra step. As I have said before, I am a very new user to Safepay and like the concept of tight security, especially with my banking, but if it causes me problems I'll just stop using it. I've done very well with my on-line banking with USAA for several years and will continue to use them.

  • I only have one browser(IE). Imbedded message was, "Safepay attempted to connect to AKAMAI.MATHTAG.COM but the server certificate appears to be issued by an entity that is not trusted by your computer. The Server certificate common name did not match the host name". There is a "button" on the screen called BACK TO SAFETY which, when I click on it, allows me to continue with my banking. I know USAA Federal Savings Bank uses tight security but I don't want to contact and then expect them to tell me about their internal security restrictions. If the BACK TO SAFETY button use works and doesn't cause Safepay security problems, I guess I'll just include this unfortunate extra step. As I have said before, I am a very new user to Safepay and like the concept of tight security, especially with my banking, but if it causes me problems I'll just stop using it. I've done very well with my on-line banking with USAA for several years and will continue to use them.


    Hello Mr Ed,


    Please read the comment Cristian Amarie - the Lead Developer for Safepay - wrote above. He has explained in details why this happens.


    I've just navigated on https://akamai.mathtag.com/ using IE and Chrome and got a SSL Security Alert.


    I encourage you to report the issue to the bank your are using.


    Best regards!


    Andrei Burdun

  • Hello Mr Ed,


    Please read the comment Cristian Amarie - the Lead Developer for Safepay - wrote above. He has explained in details why this happens.


    I've just navigated on https://akamai.mathtag.com/ using IE and Chrome and got a SSL Security Alert.


    I encourage you to report the issue to the bank your are using.


    Best regards!


    Andrei Burdun


    Dear Andrei: I am a recent user of Bitdefender and only now (October 25,2013) I found these comments that show the same problem I had with my Bank account. I believe that my Bank site is secure, but what I expected was someting similar to what Windows Internet tools do, that is,a possibility to the user inform Bitdefender that the site is secure and that BitDefender must not block it.Is it possible?


    Thanks

  • camarie
    camarie Principal Software Developer BD Staff
    Dear Andrei: I am a recent user of Bitdefender and only now (October 25,2013) I found these comments that show the same problem I had with my Bank account. I believe that my Bank site is secure, but what I expected was someting similar to what Windows Internet tools do, that is,a possibility to the user inform Bitdefender that the site is secure and that BitDefender must not block it.Is it possible?


    Thanks


    The bank site is secure, we don't argue that.


    What do you see is because in a web page are gathered all kind of resources (frames, links, images, scripts etc.) which all have all kind of properties: if they are https (secure) or just http; if they have certificates etc.


    The message you are seeing is not necessarily for the main domain page, but probably for a sub-resource coming from another domain, and this one have an error in certificate (reported by Safepay).


    (For the link originally reported: I just navigated to https://akamai.mathtag.com/ in Chrome and I see no SSL error is reported).


    Can you tell us to what address did you navigated and what is the message you encounter?


    Regards,


    Cristian