|
|
Security Certificates and Blocked Content ?
|
Sort:
|
|
 Prev Next |
You are not authorized to post a reply. |
|
Pete Thornton
Conductor
Send Message
Posts:3507
 |
| 09 Dec 2011 12:56 PM |
|
This isn't a specific issue with MLS, but it is driving me crazy so I thought I'd toss it out to you Gurus to see if anyone has a solution. [I've tried various searches, but all I find are dead ends.]
I'm using IE 8 (tried IE 9 and it blew up so I backtracked,) on a 4-year-old desktop with lots of disk, still running Win XP. I was in the computer software business for 20 years so I know how to use a PC.
Every time IE doesn't like a security certificate, it either blocks the content (usually an adv on someone's page being fetched from a different site,) or, more annyingly, I click a link to get to a site and it tells me there are problems with the site's certificate and I shouldn't go there. This is patently rubbish - my GoDaddy.com account does it when I log in and it switches to HTTPS and the same for WFFNB (a bank!) Lots of other sites produce the same result, and seems to be part of the HTTPS mechanism.
I tried "installing" the certificates for the sites I use most, and I tried looking for answers, but all just say that's what IE does !! Very frustrating.
|
|
 |
|
|
krs
1st Class Member
Foreman
Send Message
Posts:2063
|
| 09 Dec 2011 01:28 PM |
|
I'm using a Mac and Camino as the browser - Camino is a Mozilla based browser specifically for the Mac; similar to Firefox which is Mozilla based as well. I get a similar problem more and more lately - Camino comes up with this message: Secure Connection Failed
199.246.2.14 uses an invalid security certificate.
The certificate is not trusted because it is self signed.
The certificate is only valid for Barracuda/emailAddress=sales@barracuda.com
(Error code: sec_error_ca_cert_invalid)
* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
Or you can add an exception… At least this browser lets you add an exception but this problem to me is a web site issue. Knut
|
|
|
|
|
Greg Elmassian
1st Class Member
Engineer
Send Message
Posts:14795
|
| 09 Dec 2011 05:37 PM |
|
Bad certificates.... if someone has a bad certificate, using https on it is worthless...
lots of people don't have a correct certificate, a good one traceable to the top "authorities" is not cheap...
Greg |
|
Be sure to visit my site, lots of technical tips and modifications, and you can search for topics and key words.
Click here for Greg's web site
Note: I'm tired of the acrimony too, so I may not respond or participate in these types of threads. You can email me privately so I can help you without conflict.
PLEASE NOTE: I have disabled Private Messaging, please use regular email: greg@elmassian.com
|
|
|
Pete Thornton
Conductor
Send Message
Posts:3507
|
| 10 Dec 2011 08:38 AM |
|
Bad certificates.... if someone has a bad certificate, using https on it is worthless...
lots of people don't have a correct certificate, a good one traceable to the top "authorities" is not cheap...
Greg,
The certificates seem valid when I inspect them. And there are way too many for it just to be bad websites. WFFNB (a bank) for example?
Another clue is that I always get the "This website's security certificate is not from a trusted source" which according to the help file means "This error occurs when the certificate has been issued by a certification authority that is not recognized by Internet Explorer. "
So where does IE keep a record of what is a "trusted source" I wonder ??
|
|
|
|
|
Greg Elmassian
1st Class Member
Engineer
Send Message
Posts:14795
|
| 10 Dec 2011 08:55 AM |
|
Bad meaning their trust relationship cannot be verified, just as message you posted above. There are a number of "root certificates" in a file, that is updated regularly from Microsoft... in fact the Windows Update process calls them "root certificate updates"... Other than not allowing these updates, then it's as I said, certificates from people who are too cheap to get a real trusted certificate. These sites should not be using https:
Greg |
|
Be sure to visit my site, lots of technical tips and modifications, and you can search for topics and key words.
Click here for Greg's web site
Note: I'm tired of the acrimony too, so I may not respond or participate in these types of threads. You can email me privately so I can help you without conflict.
PLEASE NOTE: I have disabled Private Messaging, please use regular email: greg@elmassian.com
|
|
|
Pete Thornton
Conductor
Send Message
Posts:3507
|
| 10 Dec 2011 09:00 AM |
|
Well, back to Google. Found a ColdFusion Muse describing where all the 'trusted' sites are stored. http://www.coldfusionmuse.com/index...05/12/1/ca Now the question is: why isn't the one I'm seeing on the list. And how do you add one? [And who decides what is 'trusted' or not?] |
|
|
|
|
Greg Elmassian
1st Class Member
Engineer
Send Message
Posts:14795
|
| 10 Dec 2011 09:04 AM |
|
Lots of questions on a complex subject. You probably know by now that I hate to give inaccurate and incomplete information.
And one thing I have trouble with is giving a simplistic answer to a complex question.
I suggest you start googling and reading.. There's a lot to it... Then, once you understand the mechanism, you have to understand the eccentricities of the browser or email client you are using... yet more information. Basically windows and IE pretty much suck in this area, often the trusting and importing of certificates does not work correctly. Greg
|
|
Be sure to visit my site, lots of technical tips and modifications, and you can search for topics and key words.
Click here for Greg's web site
Note: I'm tired of the acrimony too, so I may not respond or participate in these types of threads. You can email me privately so I can help you without conflict.
PLEASE NOTE: I have disabled Private Messaging, please use regular email: greg@elmassian.com
|
|
|
Pete Thornton
Conductor
Send Message
Posts:3507
|
| 10 Dec 2011 09:19 AM |
|
once you understand the mechanism I pretty much understand the mechanism. Been building websites for 10 years and in the computer biz for 40 years. I just hoped there was a simpler explanation that I had missed! Basically windows and IE pretty much suck in this area, often the trusting and importing of certificates does not work correctly. You're not kidding. I dug deeper, and found that my "trusted root" certificates included "Entrust.net secure server certification authority" but my certificate has "Entrust.net certification authority L1C". You and I know that a computer is dumb enough not to be able to figure out if they are the same or different. Anyway, I exported the certificate from the WFFNB website and imported it into my IE list, and it is now in the 'other people' list of certificates - but STILL isn't accepted. |
|
|
|
|
Greg Elmassian
1st Class Member
Engineer
Send Message
Posts:14795
|
| 10 Dec 2011 09:30 AM |
|
I've made myself crazy on this a few times, and purchased some of the "wildcard" certificates for our company, and that introduced a new set of problems, programs that cannot accept wildcard certificates...
Then there is the problem with Outlook not importing the certificates right.
And the times when FireFox gets sideways, insisting that the certificate belongs to someone else, and it's really hard to delete that out of FireFox.
Greg |
|
Be sure to visit my site, lots of technical tips and modifications, and you can search for topics and key words.
Click here for Greg's web site
Note: I'm tired of the acrimony too, so I may not respond or participate in these types of threads. You can email me privately so I can help you without conflict.
PLEASE NOTE: I have disabled Private Messaging, please use regular email: greg@elmassian.com
|
|
|
krs
1st Class Member
Foreman
Send Message
Posts:2063
|
| 10 Dec 2011 10:32 AM |
|
Posted By Greg Elmassian on 09 Dec 2011 05:37 PM
Bad certificates.... if someone has a bad certificate, using https on it is worthless...
From a basic user point of view, I buy into this 100% If I access a site that requires me to send them confidential information, I wouldn't if I get any warning at all.
In my case the warning came up with a link in an email from my ISP that pointed to my quarantined emails so I could either delete them or have them delivered. All of these quarantuned emails were spam from the Far East, all Chinese Characters in the title. Why my ISP decided to use https for the link is beyond me - emails are inherently not secure so why make access to my spam emails secure.... Knut
|
|
|
|
|
Greg Elmassian
1st Class Member
Engineer
Send Message
Posts:14795
|
| 10 Dec 2011 11:09 AM |
|
Knut, it was to keep your password to email secure and encrypted, not open text on the Internet.
Any site that asks you for a password, and is not "at" https:// at the screen where you are being prompted, is a bad site. Best rule is don't use that site. If you must, be sure you are using a password you are not using anywhere else, and that the information accessed on this site is not critical or confidential.
Greg |
|
Be sure to visit my site, lots of technical tips and modifications, and you can search for topics and key words.
Click here for Greg's web site
Note: I'm tired of the acrimony too, so I may not respond or participate in these types of threads. You can email me privately so I can help you without conflict.
PLEASE NOTE: I have disabled Private Messaging, please use regular email: greg@elmassian.com
|
|
|
krs
1st Class Member
Foreman
Send Message
Posts:2063
|
| 10 Dec 2011 11:42 AM |
|
You're right.
The https link takes me directly to the quarantined emails without me putting in a password, but the password shows up encrypted in the browser URL field as:
password=33df471f86188086391e9222857528ad
Knut |
|
|
|
|
Greg Elmassian
1st Class Member
Engineer
Send Message
Posts:14795
|
| 10 Dec 2011 12:03 PM |
|
I went through a bit of this for our company, my boss wanted to generate certificates himself, but there was no "trust authority".... of course, you can generate them and trust them yourself, but for other people, they have no way to know to trust or not, and no way to verify the one they are "getting" is really the one you say "go ahead and trust"....
So your password is encrypted in a cookie, I believe. I have the habit of always looking up at the address field to be sure I'm at an https: "stage" when entering a password. I also wipe all my cookies and certificates every so often.
NOTE: for those of you reading this, do not do this unless you understand what you are doing. Some programs/sites, like banks, have a process to send you a certificate that is a pain in the butt to do over...
Regards, Greg |
|
Be sure to visit my site, lots of technical tips and modifications, and you can search for topics and key words.
Click here for Greg's web site
Note: I'm tired of the acrimony too, so I may not respond or participate in these types of threads. You can email me privately so I can help you without conflict.
PLEASE NOTE: I have disabled Private Messaging, please use regular email: greg@elmassian.com
|
|
|
| You are not authorized to post a reply. |
|
Active Forums 4.2
|
|