Clayton’s Weblog

Hi – I’m the “super funny” engineer responsible for Plaxo for Mac (and this cert authentication message). Your assessment that I did not expect the Mac client to get back an invalid cert when making a request to the Plaxo servers is half right. This message was expected to appear to our SQA group during internal testing of the software but I did not believe this would show up in a normal environment. (I’m glad I didn’t put one of my super funny jokes in the message).

All levity aside, I really do appreciate you bringing this issue to light. Is your wifi gateway setup as a proxy server? I’ll pull my “humor” out of this cert check alert and put something appropriate in its place.

Regarding identifying the source of the dialog, you’re correct that this is a system dialog that we utilize to manage cert trust. Given that this system resource can be called from any application or background process, I think Apple does a reasonable job of trying to identify the calling application (by displaying said application’s icon) plus, I think the action of identifying the validity of the cert is really center stage here and not really what application is complaining about it. But I understand your position – a little more information/identification from the calling application would be welcomed.

I just got this weird dialog box. What bothers me is that I cannot close it, dismiss it, not trust it or anything else. I do not want to “Continue” with a certificate that looks like it is the work of a hacker. It is very unprofessional of Plaxo.com to include such dialog box text. If there is one thing I would not trust is someone saying “Trust me…It is super legit.”

Wow i’m glad i found yr post – i fit into the class of those who “freaked out” when i saw this dialog box.

Sounds like its legit & agree it could be presrnted a bit better!

For the record I’m on a hotel network, no login, and believe its tryin to sync.

Drew,

We have a bunch of BlueSocket APs at work, and they all have self-signed certificates. They intercept the first set of HTTP requests, and force you to sign in before you can go further. If it makes you feel better, Entourage generally crashes every time this happens.

As far as Apple goes, I wish they would put the application name there also. The application icon is fairly small, and the user might not necessarily recognize the icon, especially for something like Plaxo where it’s running in the menu bar, not the dock.

Sorry to all the commenters, comment notification was broken, and I didn’t realize they were pending moderation until I went to upgrade Wordpress this morning.

Clayton-

Thanks for the additional info on your setup. After discussing this with a few other folks here at Plaxo we settled on modifying the alert to read:

“Plaxo Notifier is receiving an untrusted certificate while attempting to retrieve updates from the Plaxo servers.” since there is really no way for us to know if there is a legitimate reason (such as in your case) or if something phishy is going on. This change will appear in our next release of Plaxo for Mac.

I hope that this will relieve the anxiety somewhat if someone using Plaxo for Mac runs into this situation.

I’m sorry to all those members that have run across this issue – it was never my intention for this to be seen by anyone other than our SQA staff. The adage, “expect the unexpected” is ringing in my ears forever more.

I’m another one of the “freakers” The odd thing is that I’ve set Plaxo to sync only when I tell it (i.e., manually), and I have also unchecked “Automatically start Plaxo at login” in, so I don’t see why it should need to access the Plaxo servers and then receive this certificate as a result.

Drew – Any thoughts?

BTW I contacted solutioninc about their certificate, and received this reply:

“This certificate is valid and provided by SolutionInc as a standard self
signed certificate.

There will be no issues with accepting.

Yours,
Jerry”

We have worm sign.

http://www.flickr.com/photos/jcuthrell/2595793981/

Just came across the same error dialog, very annoying indeed. Finally killed the Plaxo client once I figured out it was the culprit. This damn popup was showing every 2 minutes, with no other option except to “continue”. According to the dialog box, it looks like the CERT is no longer valid, hence the disagrement. As a side effect, my Mac Book Pro was crawling.
I am connected via ethernet and through ADSL, no wifi here.

More than “expect the unexpected”, it is once again the good old “don’t assume this code will never run” that should be carved with a hammer into every coder head. I think I will wait a few days before running the Plaxo client again…

Fx

Drew,
I got this for the first time today, but it was because the certificate expired. Aren’t tons of people about to get this error?

Drew,

When will this text change be rolled out? I myself just got this message today 20 June 2008 at 6:35 PM EST and again at 9:35 PM EST. I’m guessing it is okay to accept the certificate; I’m still not 100% sure.

Best Regards,
Nate Hanna

My ‘trust me’ certificate says it’s from *.plaxo.com and issued by Go Daddy Secure Certification Authority. I’d put a screenshot up if I could, but it says the certificate is signed by an unknown authority. The issuer name is Go Daddy, Inc. out of Scottsdale, AZ.

I’m not a techie and don’t understand what some of you are talking about so…. what do I do? I have a Mac and can’t get rid of this darned thing and don’t want to hit ‘continue,’ either.

Please help! It’s annoying as all get-out.

Been getting this certificate, too. It’s disconcerting — I won’t hit Continue, so simply had to restart my computer. When I figured out it was the Plaxo client, I uninstalled.