Paypal.com SSL certificate invalid, issued to BitPay.com

ssl paypal

Solution 1:

I don't think we need to say this, but do not accept that certificate.

Either something is wrong with your connection and you have a man in the middle, or something went terribly wrong on your browser, or some application server at PayPal was compromised.

Since everything looks normal from here, and the certificate is legitimate, don't trust whatever is on the other side.

Can you download the certificate and share it with us, out of curiosity?

Are you using a proxy somewhere? Even if you think you aren't, can you check your network and browser configuration to find it out? You may have malware installed or are using a rogue proxy.

Since the problem was fixed by changing the DNS server to Google's, I wonder what was your DNS server. It may have suffered a DNS cache poisoning, or RAM problems in the server may have mixed up cache entries. But I suspect the former: maybe your ISP has suffered an attack. The output of the host or dig commands, directed at the server, may be useful to debug.

dig www.paypal.com @8.8.8.8

dig www.paypal.com @(your DNS server)

host www.paypal.com 8.8.8.8

host www.paypal.com (your DNS server)

Also: if even your iPhone was having similar problems, the problem is most certainly in your ISP's DNS server. I'm not sure how effective it will be to warn them, but it may be a good idea.

Solution 2:

  1. On a trusted third-party computer that is not connected to your internet connection, download Ubuntu or something similar and slap it on a thumb drive or DVD.
  2. Boot this live operating system.
  3. Try to access PayPal from this environment
  4. Run dig paypal.com and post it here (not sure whether dig is available by default though)

If you still experience problems, it’s likely your router had its DNS services manipulated. This is possible when the router’s web interface has bugs which allow changing settings without authentication.

Sample output for comparison:

; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> paypal.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27146
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;paypal.com.                    IN      A

;; ANSWER SECTION:
paypal.com.             300     IN      A       66.211.169.66
paypal.com.             300     IN      A       66.211.169.3

;; Query time: 8 msec
;; SERVER: 108.59.15.5#53(108.59.15.5)
;; WHEN: Thu Jul 24 15:30:13 2014
;; MSG SIZE  rcvd: 60

Last but not least, the redirect doesn’t make too much sense: After all, BitPay is not grabbing PayPal credentials.

Related

What kind of power port is this?
Missing /usr/include in OS X El Capitan
Change framerate in ffmpeg without reencoding
How to export an minified/optimized svg from Inkscape?
Windows 10 - Change Display Numbers / Identity
How do I use the awesome window manager?
RSS feed reader from the terminal in Linux [closed]
Cursor not changing on mouseover in OSX
How do I add a apt-get repository without editing /etc/apt/sources.list?
How to save all the webpages linked from one
Linux realtime audio visualizer
How do we assemble a computer properly?