What to do about 3rd-Party Certificates when syncing?


#1

Received the following dialog when resuming my macbook from sleep today. Last night I put it to sleep at home then resumed it this morning in a cafe.

Message reads: “The server certificate for “sync.omnigroup.com” is not signed by any root server. This site may not be trustworthy. Would you like to connect anyway?”

It is a self-signed root certificate from Organization Name: Aruba Networks Organization Unit: Instant in Sunnyvale, CA.


Server certificate not signed by any root server
#2

Oops, I forgot to place my question!

I can’t sync with the omnigroup server unless I accept this certificate as valid.

Is there a way to validate the certificate fingerprint if it looks valid?


#3

That is not Omni’s certificate.

Omni’s cert is ultimately signed by Thawte. Here’s the chain I get from openssl s_client:

Certificate chain
 0 s:/C=US/ST=Washington/L=Seattle/O=The Omni Group/OU=Sync Server/CN=sync.omnigroup.com
   i:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
 1 s:/C=US/O=Thawte, Inc./CN=Thawte SSL CA
   i:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
 2 s:/C=US/O=thawte, Inc./OU=Certification Services Division/OU=(c) 2006 thawte, Inc. - For authorized use only/CN=thawte Primary Root CA
   i:/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting cc/OU=Certification Services Division/CN=Thawte Premium Server CA/emailAddress=premium-server@thawte.com

It looks like someone is attempting to intercept your SSL connection. (Perhaps to serve you ads?)


#4

When these dialogs pop up, they deserve your attention - they don’t always indicate a problem, but they always indicate that you should examine the dialog, make an informed decision as to what to do, and if you’re not sure what to do, cancel the connection/sync.

The vast majority of the cases where these dialogs pop up do not have anything to do with our server - even when ‘omnigroup.com’ appears in the text at the top of the dialog. For example, in the screenshot here, ‘instant.arubanetworks.com’ has inserting themselves into the secure connection between the original posters’ Mac and our server.

There are legitimate reasons for something like this to happen, but there are also a number of nefarious reasons why someone might try to do this. We aren’t the party inserting ourselves into the connection, so it’s hard to say why it’s happening. By far the safest thing to do in cases like this are to simply hit the cancel button and try the sync again later.

That said, if you (or your IT staff) have sufficient experience reading dialogs like this to understand what it’s saying, and if what the dialog is saying to you indicates that the situation is benign, you can click the “Continue” button to proceed with the connection on a one-time basis. If you’ll be making connections from this location on a regular basis, checking the “Always trust” box and then clicking “Continue” will prevent the dialog from popping up in the future.

That all said, the most important thing to remember is this: if you are not sure what this dialog is telling you, the safest thing to do is to click Cancel and try your sync at a later time and/or from a different network.

Hope that helps!