I got twice an email supposedly from CACERT with the heading
[CAcert.org] Your Certificate is about to expire

When I follow the link the error page says :
Secure Connection Failed
www.cacert.org uses an invalid security certificate.

This sounds bizarre.

Anyone here with an ideas whether this is a phishing attack ?

- ft



-------- Original Message --------
From: - Fri Jul 18 15:28:41 2008
X-Account-Key: account19
X-UIDL: 1216276959.4618.mrelay3-g25
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <returns@cacert.org>
Delivered-To: xxx@xxx.xx
Received: (qmail 4587 invoked from network); 17 Jul 2008 06:42:39 -0000
Received: from 193.238.157.112 (HELO hlin.cacert.org) (193.238.157.112)
by mrelay3-g25.free.fr with SMTP; 17 Jul 2008 06:42:39 -0000
Received: from hlin.cacert.org (localhost [127.0.0.1]) by
hlin.cacert.org (Postfix) with SMTP id C0D32B005D for
<frank.thomasftr@free.fr>; Thu, 17 Jul 2008 08:45:05 +0200 (CEST)
X-Mailer: CAcert.org Website
X-OriginatingIP:
Sender: returns@cacert.org
Errors-To: returns@cacert.org
Reply-To: support@cacert.org
From: support@cacert.org
To: xxx@xxx.xx
Subject: [CAcert.org] Your Certificate is about to expire
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Message-Id: <20080717064505.C0D32B005D@hlin.cacert.org>
Date: Thu, 17 Jul 2008 08:45:05 +0200 (CEST)


Hi Frank,

You are receiving this email as you are the listed contact for:

/CN=xxx@xxx.xx/emailAddress=xxx@xxx.xx

Your certificate is set to expire in approximately 30 days time, you can
renew this by going to the following URL:

https://www.cacert.org/account.php?id=5

Best Regards
CAcert Support

On 21-07-2008 16:38 CET, FTR composed this enchanting statement:
> I got twice an email supposedly from CACERT with the heading
> [CAcert.org] Your Certificate is about to expire
>
> When I follow the link the error page says :
> Secure Connection Failed
> www.cacert.org uses an invalid security certificate.
>
> This sounds bizarre.
>
> Anyone here with an ideas whether this is a phishing attack ?
>
> - ft
>
>
>
> -------- Original Message --------
> From: - Fri Jul 18 15:28:41 2008
> X-Account-Key: account19
> X-UIDL: 1216276959.4618.mrelay3-g25
> X-Mozilla-Status: 0001
> X-Mozilla-Status2: 00000000
> X-Mozilla-Keys:
> Return-Path: <returns@cacert.org>
> Delivered-To: xxx@xxx.xx
> Received: (qmail 4587 invoked from network); 17 Jul 2008 06:42:39
> -0000
> Received: from 193.238.157.112 (HELO hlin.cacert.org)
> (193.238.157.112) by mrelay3-g25.free.fr with SMTP; 17 Jul 2008
> 06:42:39 -0000
> Received: from hlin.cacert.org (localhost [127.0.0.1]) by
> hlin.cacert.org (Postfix) with SMTP id C0D32B005D for
> <frank.thomasftr@free.fr>; Thu, 17 Jul 2008 08:45:05 +0200 (CEST)
> X-Mailer: CAcert.org Website
> X-OriginatingIP:
> Sender: returns@cacert.org
> Errors-To: returns@cacert.org
> Reply-To: support@cacert.org
> From: support@cacert.org
> To: xxx@xxx.xx
> Subject: [CAcert.org] Your Certificate is about to expire
> Mime-Version: 1.0
> Content-Type: text/plain; charset="utf-8"
> Content-Transfer-Encoding: 8bit
> Message-Id: <20080717064505.C0D32B005D@hlin.cacert.org>
> Date: Thu, 17 Jul 2008 08:45:05 +0200 (CEST)
>
>
> Hi Frank,
>
> You are receiving this email as you are the listed contact for:
>
> /CN=xxx@xxx.xx/emailAddress=xxx@xxx.xx
>
> Your certificate is set to expire in approximately 30 days time, you
> can renew this by going to the following URL:
>
> https://www.cacert.org/account.php?id=5
>
> Best Regards
> CAcert Support
>
Have you installed the Root Certificate, yet?

--
Kind regards,
Melchert

(MacOS 10.3.9 / Firefox 2.0, Thunderbird 2.0)

Melchert Fruitema wrote:
> On 21-07-2008 16:38 CET, FTR composed this enchanting statement:
>> I got twice an email supposedly from CACERT with the heading
>> [CAcert.org] Your Certificate is about to expire
>>
>> When I follow the link the error page says :
>> Secure Connection Failed
>> www.cacert.org uses an invalid security certificate.
>>
>> This sounds bizarre.
>>
>> Anyone here with an ideas whether this is a phishing attack ?
>>
>> - ft
>>
>>
>>

>>
>> Your certificate is set to expire in approximately 30 days time, you
>> can renew this by going to the following URL:
>>
>> https://www.cacert.org/account.php?id=5
>>
>> Best Regards
>> CAcert Support
>>
> Have you installed the Root Certificate, yet?
>


All I get at the link provided is

Secure Connection Failed



www.cacert.org uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.

(Error code: sec_error_unknown_issuer)



* This could be a problem with the server's configuration, or it
could be someone trying to impersonate the server.

* If you have connected to this server successfully in the past,
the error may be temporary, and you can try again later.







Or you can add an exception…

FTR wrote:
> I got twice an email supposedly from CACERT with the heading
> [CAcert.org] Your Certificate is about to expire
>
> When I follow the link the error page says :
> Secure Connection Failed
> www.cacert.org uses an invalid security certificate.
>
> This sounds bizarre.
>
> Anyone here with an ideas whether this is a phishing attack ?
>
> - ft

<snip the email>

Doesn't look like a phish to me. <https://www.cacert.org/> is CAcert's
website. The mail headers look authentic too. Unless they're trying to
phish themselves...

If you don't use CAcert yourself, someone else did using your email
address. You should bring this up with CAcert. (Or if you did use
CAcert, you should do something about your cert before it expires!)

Firefox doesn't include CAcert's root cert, so it will give you that
error. You can add an exception and/or add the root cert if you want to.
(Of course, someone might actually be impersonating www.cacert.org and
using an invalid cert.)

(Wow, how many times did I use "cert" in that message?)
--

On Mon, 21 Jul 2008 15:06:42 -0400
"Moz Champion (Dan)" <moz.champion@sympatico.ca> wrote:

> All I get at the link provided is
>
> Secure Connection Failed
>
>
>
> www.cacert.org uses an invalid security certificate.
>
> The certificate is not trusted because the issuer certificate is
> unknown.
>
> (Error code: sec_error_unknown_issuer)
>
>
>
> * This could be a problem with the server's configuration, or it
> could be someone trying to impersonate the server.
>
> * If you have connected to this server successfully in the past,
> the error may be temporary, and you can try again later.
>
>
>
>
>
>
>
> Or you can add an exception…

It's really horrible UI, as far as I'm concerned. To get any info
about the certificate, you have to

1) Click that Oor you can add an exception..." link at the bottom of the
warning page. Note that clicking that doesn't actually add the
exception, as anyone would think it would.

2) Click on the "Add Exception" button that appears after step (1).
Note that clicking the "Add Exception" button also does *not* add the
exception. Now we at least see where the certificate will come from.

3) Click the "Get Certificate" button. This button at least makes
sense, and results in the certificate being downloaded.

4) Now we can click "View" to see something about the certificate.

But note again we had to click *two* things that said "add exception"
before we got to step 4. That's very bad, IMO -- any user who
doesn't know what's going on would be scared to click them.

5) After viewing, we can choose to confirm the security exception
either temporarily or permanently.

Also note that if you do it permanently and later want to get delete
the security exception, you will waste your time if you try the
Security tab of Options/Preferences -- you can only do it from the
Advanced tab.