Revocation information for security certificate

Hi ss1,

Thanks for your response. It's crucial to have a valid and secure, trusted root authentication certificate. I'm sorry for the inconvenience caused by the invalid URL. As we need to investigate it further, I recommend reaching out to our MOCA directly for information about the correct link to the trusted root authentication certificate. They are the best equipped to provide you with the most accurate and secure information.

Please continue to use your current browser and security settings, as you've mentioned they are up-to-date.

Kind regards,

Shella

Our IT have contacted TBS-certificates (see my quote from them above). The URL for the trusted auth cert you provided has been confirmed BY THEM to be invalid and MYOB should not be providing this to its customers.

If you (or someone in the MYOB Security team) could provide us with a valid link to the trusted root auth cert, we can manually install it (that's not the issue here).

BTW The missing cert looks like it is from Google not TBS.

We also don't use IE 11 as that was made obsolete by MS several years ago. We use WIn Pro 11 with Edge and all the latest security patches.

Hi ss1,

Thanks for the response. The issue isn't caused by MYOB and relates to an issue blocking the client computer from downloading or installing the new certificate. Simply means that the Trusted Root certificate is missing. To confirm this:

Open Internet Explorer and enter the web address login.myob.com.

• Green address bar: A successful connection should not have any issues. (See photo attached below.).
• Red address bar or unable to connect: The connection is not successful, and you will need to follow the resolution provided below.

You will need to install the certificate manually. I recommend following the instructions again. Please note that you'll need to follow this with the help of your IT specialist or department.

Let me know if you require any further assistance with this. I'm happy to assist you.

Otherwise, if my response has answered your inquiry, please click "Accept as Solution" to help other users find this information.

Kind regards,

Shella

We contacted TBS Certificates and this was their response:

Hi

This supplier of yours should not be giving our outdated URLs…

This website has been closed a while ago

Regards,

The MYOB Trusted Root Authority certificate seems to be NOT VALID (at least the one from TBS).

It would be great if the MYOB security team could investigate this at their earliest convinence. As noted, the Trust Auhority seems to be Google and not TBS.

BTW the workaround doesn't work when submitting payroll records to the ATO - that still fails probably because the trusted root cert is not found or is invalid.

So yes, we can login, but some functionality still doesn't work (prob for good reason).

So, the question is, why does a website MYOB recommends for downloading the "trusted" root certificate (that is required for their software) itself be not trusted??

This seems a MYOB issue NOT an issue for us. If we cannot trust the "trusted" cert that MYOB AR uses, who can we trust? Asking us to solve the issue seem very bizare to say the least.

I raised a support ticket with MYOB support but they just referenced this questionable download page too.

Someone in MYOB security needs to address this and at least explain why the site MYOB uses is not secure itself.

Hi ss1,

Thanks for the response and for providing the screenshot of the page. At MYOB, we take security very seriously and have several measures in place to ensure the safety and reliability of our systems. Your connection is not private, typically due to a problem with the website's security certificate. It's generally advisable not to ignore this warning and not to proceed to the website unless your company's IT is certain it's safe to do so.

For the error message you're receiving, as a workaround, I recommend clicking "yes" to get rid of the warning message and proceed with your file. However, it will still pop up every time you log in, as this is a security alert from your device. To remove this permanently, I recommend seeking the assistance of your company's IT personnel, as this is regarding the internal security of your computer.

Please don't hesitate to reach out or use our online virtual help MOCA in case you still need further assistance.

Kind regards,

Shella

That site itself doesn't seem secure. See attached image.

Hi ss1,

Thanks for your post, and welcome to the Community Forum.

My apologies for the late response. We value your effort in providing a detailed error message. The reason for the message is that a trusted root certificate is missing. To correct the situation, you will need to install the certificate manually. To do this, please refer to the steps provided below:

• Download the required root certificate. https://symantec.tbs-certificats.com/vsign-universal-root.cer
• Double-click the downloaded.cer file.
• Click Open.
• Click Install Certificate.
• Select Local Machine and click Next.
• Select Place all certificates in the following store.
• Click Browse.
• Select Trusted Root Certification Authorities and click OK.
• Click Next.
• Click Finish.
• You can now open AccountRight Live and login as normal.

Please let us know how it goes on your end.

Otherwise, if my response has answered your inquiry, please click "Accept as Solution" to assist other users in finding this information.

Kind regards,

Shella