Welcome to the Forum Archive!

Years of conversation fill a ton of digital pages, and we've kept all of it accessible to browse or copy over. Whether you're looking for reveal articles for older champions, or the first time that Rammus rolled into an "OK" thread, or anything in between, you can find it here. When you're finished, check out the boards to join in the latest League of Legends discussions.

GO TO BOARDS


LoL Client Store Certificate Issue

1
Comment below rating threshold, click here to show it.

Blocksbox

Senior Member

04-20-2013

When trying to access the store via the game client from a Windows 8 machine, I get the following untrusted certificate error:

http://oi37.tinypic.com/in4xn4.jpg

The problem lies with the issuer of the store.na1.lol.riotgames.com certificate, "DigiCert High Assurance CA-3." Unfortunately, the trusted root CA store of Windows machines only contains a root certificate from "DigiCert High Assurance EV Root." The intermediate certificate that circumvents this problem either isn't being pushed down or isn't being received correctly.

The "DigiCert High Assurance CA-3" intermediary certificate can be found on the following page:

https://www.digicert.com/digicert-root-certificates.htm

Presently it is impossible to tell if you are actually connecting to the Riot Games store or a hijacked server used to farm credit card information.


Comment below rating threshold, click here to show it.

Jaichim Carridin

Junior Member

04-20-2013

Also experiencing this on a Mac OS X Mountain Lion machine.


Comment below rating threshold, click here to show it.

Cälm

Junior Member

04-20-2013

Yeah I'm experiencing the same thing on my Mac. Should I just avoid the store for now?


Comment below rating threshold, click here to show it.

Blocksbox

Senior Member

04-20-2013

The store is 100% functional, so you don't have to worry about purchases not going through. It's very unlikely that anything negative with come from this certificate problem, but theoretically someone can get in the middle of your connection and steal the session information. It probably won't happen, but without receiving the verified cert you can't guarantee that.


Comment below rating threshold, click here to show it.

Ukitaa

Junior Member

04-20-2013

Yeah, I kind of ignored it. Malwarebytes would have (hopefully) picked up anything if there was a reason to be worried.


1