Sarad AV wrote:
Another question, this one is specific to gmail - which the entire session is on https.
when i click a pdf in my gmail to be opened with google docs, the certificate is signed by google(used a third part browser plugin to check this). that is fine, however my browser never alerts me as a potential untrusted certificate and if want to add it as an exception. does that mean google is an intermediate CA or what does that mean?
Dave Howe wrote:
You should be able to check the certificate chain on the object and see. I haven't tried this (and given its 1am I am not going to now, but I may do so when I get time :)
I checked it out. When I open any pdf or ppt from my gmail(persistent https) using google documents, the certificate is issued by Google Internet Authority and issued to Google Inc. From the firefox trusted certificate list it is seen that Equifax is a root CA and has issued certificate to Google Internet Authority. This being said why does google gets certified from thawte and prsents us its certificate when we open gmail.com? The firefox browser trusts Google Internet Authority and doesnot warn of a potential untrusted site when i open a pdf from gmail(https) with google docs. Thanks, Sarad.