Security Certificate cannot be verified

Question

I'm trying to get my mails using outlook 2007 and pop3 using SSL. but I get this Security Warning every time I try to recieve mails:

The Server you are connected to is using a security certificate that cannot be verified. The Target principal name is incorrect.

When I open the crtificate I see this message in the first tab (General):

All the intended purposes of this certificate could not be verified.

Issued by: GeoTrust SSL CA
Issued to: *.justhost.com

which is one of the trusted providers.

Do you think it's a man in the middle attack or a security risk? or it's just kind of an error with certificate that i can ignore?

Answer 1

That is a very good observation. It very well could be especially if you are on a wireless network. A common strategy during a MITM (man in the middle attack) is that s/he will be the go-between between you and the server.

When an SSL session is started, the MITM attacker can substitute the genuine SSL certificate of *.justhost.com with one that is self-signed by the attacker. The certificates are almost identical between the real site's ssl cert and the self-signed cert. However, the self-signed cert is not trusted by your browser although the information looks correct.

If you click "I trust this certificate" on the self-signed certificate, then the hacker will be able to see your info like username and passwords...bad news.

Answer 2

ck the particular settings of it.