ACS with Yahoo IP - SSL Error

Question

we have our web app with ACS federated authentication. One of our IPs is Yahoo.

From yesterday we have noticed the reditected URL: https://open.login.yahooapis.com/openid/op/auth?openid.ns=* is throwing a SSL certificate error. The others IPs works fine. But Yahoo sudelly crash.

Anyone else noticed the same error?

What can we do to solve this problem in our production web site?

Answer 1

I have a feeling this is an oversight on Yahoo's part. The certificate expired today (December 10, 2013) at 7:00am. You'll probably have to wait for Yahoo to fix this issue by getting a new certificate deployed. But, I don't see it taking long for Yahoo to realize this mistake and fixing it.

In the meantime, if you (or your users) feel safe enough, you can ignore the certificate warning. Just verify the certificate chain manually to ensure you trust the chain of signing and nothing malicious is happening.