I was working with Logan on a presentation about security practices for online banking in Mauritius. I asked Logan to access https://www.mcb.mu/. He told me that his browser displayed an error about an expired SSL certificate. I found that odd as my browser was not displaying an error about an expired SSL certificate. Logan used several browsers (Chrome, Firefox, Safari) and they all displayed an error message about an expired SSL certificate.
I was puzzled as the possible explanations were that Logan's computer had been compromised or that somebody was intercepting the connection between Logan's computer and the web site. I accessed https://www.mcb.mu/ again and the browser showed the following:
The warning displayed in Firefox was: "This connection is Untrusted". I looked at the technical details to understand what was wrong:
According to Firefox www.mcb.mu uses an invalid security certificate. The SSL certificate expired on 11-06-2014.
Logan and I discussed about doing a test from outside Mauritius to see whether it would give the same result. We noticed that https://www.mcb.mu/ was sending the following for the first test:
/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 and that the SSL certificate was valid from "May 21 00:00:00 2012 GMT" to "Jun 11 23:59:59 2014 GMT"
The second test showed the following:
/C=US/O=VeriSign, Inc./OU=Class 3 Public Primary Certification Authority and that the SSL certificate is valid from "Jun 26 00:00:00 2014 GMT" to "Jun 25 23:59:59 2016 GMT ".
The results point to a security problem at www.mcb.mu.