Powered by Invision Power Board


  Reply to this topicStart new topicStart Poll

> Keep getting security certifiacte messge....why?
Singer
Posted: Aug 19 2003, 07:59 AM
Quote Post





Group: Members
Posts: 100
Member No.: 163
Joined: 19-December 02



HI, whenever I try to go to the https://upipe0.schmolie.com:8443/ site, Ialways get this message:
"Unable to establish na secure connection to https://upipe0.schmolie.com:8443/. There is a problem with the security certificate from that site (The identity certificate name is not correct) The informatoin you view and send will be readable to others while in transit, itmay not got to the intended party."

Wat is that?!?!?!?!?! Yikes! I have never been able to securely sign on to the site, but finally thought I'd ask as I'm not workng at the libraroies ccomputer, but rather from my own laptop and a 56k dialup! So I would think it SHOULD be secure, eh? info would be very helpful

thanks
regareds
Barb
ohmy.gif
PM
Top
andy
Posted: Aug 19 2003, 08:23 AM
Quote Post





Group: Advantagecom Staff
Posts: 4,340
Member No.: 9
Joined: 12-July 02



Just out of curiosity, what piece of garbage web browser are you using?!

That message is completely wrong and is only accurate in the least significant respect. I'll explain ...

QUOTE
The informatoin you view and send will be readable to others while in transit, itmay not got to the intended party."


This is the most important part of the message and is patently *false*. Are you sure you read it correctly? A good browser (like IE6) will explain that the information sent to the site "cannot be viewed or changed by others." Your information is fully encrypted.

QUOTE
Unable to establish na secure connection to https://upipe0.schmolie.com:8443/.


Only a piece of junk web browser or one with the security settings set way too high would refuse to establish a secure connection. Sorry to sound so harsh, but that's the reality of it.

QUOTE
There is a problem with the security certificate from that site (The identity certificate name is not correct)


Here's the part that was correct. Yes, the name on the certificate does not match the name of the server. Thus, you have no guarantee from a certificate authority that the server is who it says it is.

That is on purpose. The certificate in use is the default certificate shipped with Plesk Server Administrator.

We used to use a valid certificate with the name of the server on it, but we had several resellers complain that all of their users knew who the hosting company was when they used https://www.resellersdomain.com:8443/ to access the web interface. So, the solution was to use a generic server certificate that would not give away the name of the hosting company quite so readily.

QUOTE
Wat is that?!?!?!?!?! Yikes!


No need to panic. Change browsers or security settings so you don't scare yourself unnecessarily with typically useless warnings. They are useful in rare cases, but most of the time they just serve to scare users for no good reason.

QUOTE
I have never been able to securely sign on to the site,


Correction. You have no choice, but to sign on securely. If you've ever signed on (and you must have to use your account at all), you have done so over an encrypted connection.

QUOTE
So I would think it SHOULD be secure, eh?


Certainly. We agree. It has always been encrypted.


--------------------
Sincerely,
Andrew Kinney
CTO, Advantagecom Networks

Please do not private message me. My regular management duties preclude responding to every customer that sends me a support issue. Instead, post on the forum or contact tech support.
PMUsers Website
Top
IOnut
Posted: Aug 19 2003, 10:50 AM
Quote Post





Group: Members
Posts: 51
Member No.: 91
Joined: 22-October 02



QUOTE (andy @ Aug 19 2003, 07:23 PM)
Just out of curiosity, what piece of garbage web browser are you using?!

That message is completely wrong and is only accurate in the least significant respect.  I'll explain ...

QUOTE
There is a problem with the security certificate from that site (The identity certificate name is
not correct)


Here's the part that was correct. Yes, the name on the certificate does not match the name of the server. Thus, you have no guarantee from a certificate authority that the server is who it says it is.


No offence, but if this is correct the hole rest will be also --> man-in-the middle.

QUOTE (andy @ Aug 19 2003, 07:23 PM)

QUOTE
The informatoin you view and send will be readable to others while in transit, itmay not got to the intended party."


This is the most important part of the message and is patently *false*. Are you sure you read it correctly? A good browser (like IE6) will explain that the information sent to the site "cannot be viewed or changed by others." Your information is fully encrypted.


man-in-the-middle => itmay not got to the intended party.

Your explanation is right, of course, but I would be so hard on that browser.

PMYahoo
Top
andy
Posted: Aug 19 2003, 11:16 AM
Quote Post





Group: Advantagecom Staff
Posts: 4,340
Member No.: 9
Joined: 12-July 02



QUOTE
No offence, but if this is correct the hole rest will be also --> man-in-the middle.


Time to split hairs. wink2.gif Yes, the potential for a "man in the middle" attack exists, but that potential does not negate the ability to create a secure connection, nor does it negate the encryption.

The only thing it means is that the server identity has not been verified by a third party. Last I checked, Verisign (or any other certificate authority) isn't trustworthy anyway, so the only value in having a real certificate with the right name is avoiding those frightening messages being presented to end-users and scaring them away from a transaction.

In this case, no financial data is being transmitted, so there are no end-users to scare away with those messages. Hence, a generic certificate makes sense for this application, especially since our resellers demanded it.

QUOTE
man-in-the-middle => itmay not got to the intended party.


This was never disputed as a possibility. I even identified that possibility in "layman" terms that average people understand. Just because I don't blow technical jargon every time I breath doesn't mean I don't know the jargon and the meaning behind it. wink2.gif

QUOTE
Your explanation is right, of course, but I would be so hard on that browser.


Maybe I should have been clearer. I mean the browser *software*, not the browser as in the person sitting at the computer. Last I checked, no software had ever taken offense to being called garbage or junk. mrgreen.gif Considering virtually every browser software out there is free, there's not even any hint of insulting someone's decision regarding a purchase they're proud of. Anybody can switch browsers at any time with no costs incurred and sometimes a switch is necessary to experience the web as it was intended to be experienced.

Barb, just in case you were offended, I offer my apologies. My intent was not to offend, but to inform. Sometimes I do so with a little too much vigor, though. Blandness is not in my nature. cool.gif


--------------------
Sincerely,
Andrew Kinney
CTO, Advantagecom Networks

Please do not private message me. My regular management duties preclude responding to every customer that sends me a support issue. Instead, post on the forum or contact tech support.
PMUsers Website
Top
brucew
Posted: Aug 21 2003, 06:54 AM
Quote Post





Group: Members
Posts: 53
Member No.: 129
Joined: 21-November 02



May I offer an expanation (or possibly a demonstration of my ignorance)?

The reason you get that message is because the security certificate offered by PSA is for Plesk's domain, not schmolie.com or your domain. Hence, "the identity certificate is not correct." True. It isn't.

In this case, it's fine to ignore the warning and accept the certificate since we know and love all the parties involved. In other cases, say e-commerce or e-banking, it may be important to know that something's not right in the state of Denmark. In those cases you may want to heed the warning.

You can make this message go away with the application of money. (It's never a problem if money makes it go away.)

You need your own IP address ($25 one-time from Advantagecom) and a security certificate for your domain (starting from around $49 per year from third parties). After installing the certificate, you'll need to access the control panel using your domain name instead of upipe0.schmolie.com, as in https://www.yourdomain.ext:8443/ Voila! The certificate matches and there's no warning box.

Most of us decide it's not worth the money and trouble since we trust both Plesk and Schmolie/Advantagecom, so we live with the message and click "accept" to contine past the warning. I advise my customers of this in their hosting documentation in order to avoid worries like this.

Hope this helps (and is accurate.)


--------------------
I am not a complete idiot. Some parts are missing.
PMUsers Website
Top
andy
Posted: Aug 21 2003, 08:25 AM
Quote Post





Group: Advantagecom Staff
Posts: 4,340
Member No.: 9
Joined: 12-July 02



QUOTE
After installing the certificate, you'll need to access the control panel using your domain name instead of upipe0.schmolie.com, as in https://www.yourdomain.ext:8443/ Voila! The certificate matches and there's no warning box.


That sounded plausible, so we tested it. We found that it doesn't actually work that way. The plesk.com certificate is used for the PSA interface regardless of the certificate installed on the domain.

This was one of those decisions that we made shortly after setting up the Upipe server after weighing the needs of resellers versus the needs of non-resellers on the Upipe server. The resellers' needs won out in this instance and we changed the certificate to the default plesk.com certificate so schmolie.com was not readily visible to resellers' customers.


--------------------
Sincerely,
Andrew Kinney
CTO, Advantagecom Networks

Please do not private message me. My regular management duties preclude responding to every customer that sends me a support issue. Instead, post on the forum or contact tech support.
PMUsers Website
Top
IOnut
Posted: Aug 21 2003, 08:39 AM
Quote Post





Group: Members
Posts: 51
Member No.: 91
Joined: 22-October 02



QUOTE (andy @ Aug 19 2003, 10:16 PM)
QUOTE
No offense, but if this is correct the hole rest will be also --> man-in-the middle.


Time to split hairs. wink2.gif Yes, the potential for a "man in the middle" attack exists, but that potential does not negate the ability to create a secure connection, nor does it negate the encryption.


Yes smile.gif


QUOTE (andy @ Aug 19 2003, 10:16 PM)
The only thing it means is that the server identity has not been verified by a third party.  Last I checked, Verisign (or any other certificate authority) isn't trustworthy anyway, so the only value in having a real certificate with the right name is avoiding those frightening messages being presented to end-users and scaring them away from a transaction.


ohmy.gif Why do you say that (Really interested)?

QUOTE (andy @ Aug 19 2003, 10:16 PM)
In this case, no financial data is being transmitted, so there are no end-users to scare away with those messages.  Hence, a generic certificate makes sense for this application, especially since our resellers demanded it.


Just an idea: put somewhere on the site the fingerprint of the certificate, so someone who doubts could check it against hate fingerprint.

QUOTE (andy @ Aug 19 2003, 10:16 PM)
QUOTE
man-in-the-middle => it may not got to the intended party.


This was never disputed as a possibility. I even identified that possibility in "layman" terms that average people understand. Just because I don't blow technical jargon every time I breath doesn't mean I don't know the jargon and the meaning behind it. wink2.gif


I know wink2.gif

QUOTE (andy @ Aug 19 2003, 10:16 PM)
QUOTE
Your explanation is right, of course, but I would be so hard on that browser.


Maybe I should have been clearer. I mean the browser *software*, not the browser as in the person sitting at the computer. Last I checked, no software had ever taken offense to being called garbage or junk. mrgreen.gif


Yup, and you can also yell at it smile.gif
(But I was talking also about software-browser - logically, wat it said was true, but it could be a little more precise).

QUOTE (andy @ Aug 19 2003, 10:16 PM)
Considering virtually every browser software out there is free, there's not even any hint of insulting someone's decision regarding a purchase they're proud of.Anybody can switch browsers at any time with no costs incurred and sometimes a switch is necessary to experience the web as it was intended to be experienced.

Barb, just in case you were offended, I offer my apologies.  My intent was not to offend, but to inform.  Sometimes I do so with a little too much vigor, though.  Blandness is not in my nature.  cool.gif


1. dry.gif Get real.
2. I'll tell it to the browser wink2.gif
PMYahoo
Top
brucew
Posted: Aug 21 2003, 08:39 AM
Quote Post





Group: Members
Posts: 53
Member No.: 129
Joined: 21-November 02



QUOTE
The plesk.com certificate is used for the PSA interface regardless of the certificate installed on the domain

Oh, I see. PSA uses the certificate from the Admin level, not the Client or Domain level. That would make a difference.

Thanks for the clarification!


--------------------
I am not a complete idiot. Some parts are missing.
PMUsers Website
Top
andy
Posted: Aug 21 2003, 03:00 PM
Quote Post





Group: Advantagecom Staff
Posts: 4,340
Member No.: 9
Joined: 12-July 02



QUOTE (IOnut @ Aug 21 2003, 09:39 AM)
QUOTE (andy @ Aug 19 2003, 10:16 PM)
The only thing it means is that the server identity has not been verified by a third party.  Last I checked, Verisign (or any other certificate authority) isn't trustworthy anyway, so the only value in having a real certificate with the right name is avoiding those frightening messages being presented to end-users and scaring them away from a transaction.


ohmy.gif Why do you say that (Really interested)?

I personally don't trust an outside company to verify someone's identity for me. When was the last time you were able to count on an employee from a big company that isn't your own? But, that's just my opinion. wink2.gif

Also, on the administrative side of things, we've had trouble with Thawte, Equifax Secure, and Geotrust changing their issuance policies in such a manner that our secure server certificate costs increased by 24,000% (no kidding). Geotrust even went so far as to say that it had always been that way and that we were just stupid.

As far as Verisign, I don't trust any company that charges several hundred dollars for a piece of text that took 2 minutes to generate. The verification that you're supposedly paying for takes another 2 minutes. But, again, that's just my opinion. wink2.gif

We use Comodo/InstantSSL for our certificates these days, but their verification process is very easy to fake out if you're so inclined. Any hacker with a stolen credit card can get a legitimate certificate in about 30 seconds from them. We like Comodo since they are very easy to work with, but I wouldn't trust a web site simply because they used a valid certificate from Comodo.


--------------------
Sincerely,
Andrew Kinney
CTO, Advantagecom Networks

Please do not private message me. My regular management duties preclude responding to every customer that sends me a support issue. Instead, post on the forum or contact tech support.
PMUsers Website
Top
Singer
Posted: Sep 5 2003, 07:05 PM
Quote Post





Group: Members
Posts: 100
Member No.: 163
Joined: 19-December 02



HI, Thanks all for the incredible insights and responses. wow!

Ok I"m a bit less paranoid now about my userid and password being stolen when I hit enter. phew!

I don't think I'll buy the cert stuff. too much money and right now, at least, for the 2 clients I have they wouldn't know what to do in the site anyways so I just do it for them so they'll never see that message mrgreen.gif
It was just me getting freaked out blush.gif


regards
Barb
PM
Top
Singer
Posted: Mar 1 2004, 05:37 PM
Quote Post





Group: Members
Posts: 100
Member No.: 163
Joined: 19-December 02



HI, I'm back again on this topic....been a while but now I need to address it again.
I set up paypal/payloadz on my site so that I can sell some mp3 files of mine. When I run the test in Opera, Netscape and IE the paypal page generated seem to check out fine. BUt I a have two problems.....

1)in Opera/Netscape and Explorer I get the messages similar to "unable to establish a secure connection to www.barbsorensen.com. There is aproblem with the security cert. blah blah blah,......"
but the rest of the page looks fine. On the other hand, in Safari, I don't get the cert error and the page doesn't show my little graphic in the header either - which is in the httpsdocs directory where it is supposed to be....

2) The graphic is supposed to be in httpsdocs because then you avoid getting the message from the paypal generated page saying something on the page is not secure.
I am told the littel graphic won't appear because it's an invalid SSL cert issue. ugh!~ I am told to consider hosting the image at a third party:
http://www.paypal.com/cgi-bin/webscr?cmd=p...ns-logo-outside

BUt it appears in the other browsers!?!?!?!?!

ummmmm........For some reason I am having a huge issue with this. I already have a great server! I don't want to pay someone else and spread my stuff all over the net between many different servers! ugH! Too confusing! and besides they charge you to host your pictures! it's just my company logo! How can I do it on my upipe account at advantagecom? I like this plac -the support is awesome and the people are nice - not grubby! Do I have to switch to something like vps or whatever else you have? I really seem to like this upipe thing...hmm...

I understand that browser each have their little quirks..if there is a way to write sommethign in the page code wise ot bypass the cert issue message would be great..but that might then set me up for lawsuits? if a real message got hiden? ugh! so....help please? ideas? thanks

regards
Barb
PM
Top
andy
Posted: Mar 2 2004, 02:57 AM
Quote Post





Group: Advantagecom Staff
Posts: 4,340
Member No.: 9
Joined: 12-July 02



QUOTE
How can I do it on my upipe account at advantagecom?


No matter which angle you use to work on this issue, if you're wanting to host pictures in your httpsdocs directory so you can use them on an SSL page, the only sure way to avoid all browser error messages is to get a real certificate. Right now it appears that you have enabled SSL on your site, but you don't have a certificate installed other than the default Plesk fake certificate.

QUOTE
if there is a way to write sommethign in the page code wise ot bypass the cert issue message would be great


There might be, but it is outside the realm of everything I know. If it were possible, it would probably involve some convoluted java application that you'd probably have to create for yourself. That's well beyond the scope of what we offer for web hosting support.

QUOTE
ideas?


http://www.instantssl.com/, but it will cost $50 per year. If it is involved with selling something, chalk it up as a reasonable and customary expense associated with doing business online.

I'm sorry I can't be more help, but your options are truly limited for solving this problem.


--------------------
Sincerely,
Andrew Kinney
CTO, Advantagecom Networks

Please do not private message me. My regular management duties preclude responding to every customer that sends me a support issue. Instead, post on the forum or contact tech support.
PMUsers Website
Top
Singer
Posted: Mar 2 2004, 06:10 AM
Quote Post





Group: Members
Posts: 100
Member No.: 163
Joined: 19-December 02



Thanks for the info. smile.gif Will check it out.
Barb
PM
Top
Matt
Posted: Jun 18 2008, 01:16 PM
Quote Post





Group: Members
Posts: 1,103
Member No.: 342
Joined: 25-November 03



We now have available a Basic one year SSL certificate (99.8% browser compatibility) for $50.00 per year. Purchase of the SSL certificate includes free installation. You can purchase the Basic one-year SSL certificate in our store at:

https://manage.speedingbits.com/store/index.cgi/sid,14399

We also have advanced SSL certificates available, with insurance policies, identity validation web site graphics, Extra Validation (EV) SSL certificates, and more. Contact our sales department at sales@advantagecom.net for pricing.


--------------------
Matt B.
Advantagecom Technical Support

Private messages are ignored unless solicited. If you have a support question, please email support@advantagecom.net, post in the appropriate section of the forum, or call if your service plan allows support by phone.
PMUsers Website
Top
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll