Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 2 Mar 2013 06:30:40 -0500
From:      Jerry <jerry@seibercom.net>
To:        FreeBSD <freebsd-questions@freebsd.org>
Subject:   Re: https://wiki.freebsd.org/ certificate error
Message-ID:  <20130302063040.5710c374@scorpio>
In-Reply-To: <20130302061222.75ebe236.freebsd@edvax.de>
References:  <5130B651.9030607@a1poweruser.com> <1362147256.788.3.camel@archlinux> <5130BC16.8020903@aboutsupport.com> <CA%2Bg814cd-vZPEXm8T8ExucnHCCxnxj0jxjeaXd9BGfrOdRrzpQ@mail.gmail.com> <5130CC82.4000607@a1poweruser.com> <20130302061222.75ebe236.freebsd@edvax.de>

next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2 Mar 2013 06:12:22 +0100
Polytropon articulated:

> On Fri, 01 Mar 2013 10:42:58 -0500, Fbsd8 wrote:
> > Javad Kouhi wrote:
> > > Also no problem with FreeBSD 9.1 and chromium. But sometimes ago
> > > I have this problem with all https sites. because the government
> > > forged the wrong SSL certificate and my browser and my browser
> > > warned me about it. Do you have this problem with other websites?
> > > 
> > > On Fri, Mar 1, 2013 at 6:02 PM, Zyumbilev, Peter
> > > <peter@aboutsupport.com>wrote:
> > >>
> > >> On 01/03/2013 16:14, Ralf Mardorf wrote:
> > >>
> > >>> [1] $ firefox -version
> > >>> Mozilla Firefox 19.0
> > >>>
> > >> No problem with SeaMonkey 2.16.
> > >>
> > I use xp browser and it's certificate checking is enabled.
> 
> You are sure using a more than 10 year old system should
> be considered safe enough to provide a reference?
> 
> > Maybe the browsers running from xorg desktops are NOT certificate
> > aware so them not getting the error warning would be expected.
> 
> They are. Or to be correct: The most prominent ones are,
> like Firefox, Chrome, and Opera. More lightweight browsers
> like dillo actually might not have this functionality.
> 
> > The fact remains, the ms/browsers do find the wiki.freebsd.org
> > wedsite's certificate invalid because the certificate ip address
> > does not match the ip address the public dns points to.
> 
> As it has been mentioned, one certificate can be used for
> several IP addresses. Both www and wiki are located at
> 8.8.178.110 (returned by "host" command), so there might
> be a DNS issue or something comparable strange...
> 
> I've checked with Opera 11.50 here, no problems.

I think Brad Mettee nailed it with his response.

<quote>

And in this particular case, the certificate is for www.freebsd.org and 
freebsd.org, and the browser is complaining because it's being used on 
wiki.freebsd.org.

Their certificate should have been issued for *.freebsd.org instead of 
just the main site name. Unfortunately I think all of the certificate 
issuers charge big $$$ for that type of cert......

</quote>

I have seen this sort of thing several times before with different
sites. The older versions of Firefox never picked up on it as often as
IE would. I just tried this site using IE and immediately received the
error message. The message stating: "The security certificate presented
by this website was issued for a different website's address. Security
certificate problems may indicate an attempt to fool you or intercept
any data you send to the server." It then went on to give me the normal
options of leaving the site or ignoring the error. Interestingly
enough, Firefox, on the same machine, does not provide any indication
that the certificate is questionable.

Given the choice of being warned about a questionable certificate or
having the browser silently ignore it, I would choose to be warned
about it.

-- 
Jerry ♔

Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
__________________________________________________________________



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20130302063040.5710c374>