| |
SIDWAVE
Account closed
Registered: Apr 2002
Posts: 2238 |
CSDB certificate problem
it started doing this today.
? |
|
| |
algorithm
Registered: May 2002
Posts: 702 |
try using http instead of https :-) using https the same issue started quite some time ago |
| |
SIDWAVE
Account closed
Registered: Apr 2002
Posts: 2238 |
well, i clicked a link i got.
when you copy release url, it gives these links! |
| |
Mr.Ammo
Account closed
Registered: Oct 2002
Posts: 228 |
The reason is:
The identity of this website has not been verified.
Server's certificate does not match the URL.
Server's certificate has expired.
Server's certificate is not trusted.
It expired on March 2, 2012 in the evening.
When you're certain no-one has been tampering with the SSL-certificate, then just click 'continue anyway'. But then again, you'll never know if there's a man in the middle hijacking your 'trusted' secure connection! ;-) |
| |
chatGPZ
Registered: Dec 2001
Posts: 11113 |
Quote:it started doing this today.
so you reinstalled the browser? the certificate has been broken since forever =D |
| |
Fred
Registered: Feb 2003
Posts: 284 |
I think that Opera has been changed lately and now it defaults to https. So when you don't provide http then it first tries to connect via https. Since CSDb can be accessed via https, it will then check the certificate and warns about the invalid certificate.
Solution would be:
- to turn off https on the server
- or buy a real certificate for the server each year
- or users should always type in http in front of the URL when using the Opera browser
- or users should ignore the invalid certificate warning
- or users should not use Opera
I think more browsers will default to https, so the best solution is to turn off https on the server |
| |
chatGPZ
Registered: Dec 2001
Posts: 11113 |
Quote:the best solution is to turn off https on the server
lol. whats wrong with accepting it? |
| |
Fred
Registered: Feb 2003
Posts: 284 |
lol. See screenshot in the first post. It shows an annoying warning message from the browser.
If you support https, then just buy a certificate or turn it off if you don't need it. |
| |
chatGPZ
Registered: Dec 2001
Posts: 11113 |
just click "continue anyway", just like you would with any other self-signed certificate. (you dont actually think buying one provides additional security, do you?) |
| |
Hein
Registered: Apr 2004
Posts: 933 |
Nothing wrong with installing a 10 Euro/year certificate to prevent annoying messages, is there?
Not that I use https when logging in to post this. :) |
| |
chatGPZ
Registered: Dec 2001
Posts: 11113 |
feel free to sponsor it :) its a waste of money IMHO |
| |
Fred
Registered: Feb 2003
Posts: 284 |
If it is a waste of money then turn it off instead of wasting time to reply to this thread ;-) |
| |
chatGPZ
Registered: Dec 2001
Posts: 11113 |
buying a certificate is a waste of money - using https however is still a good idea, in any case. if you are annoyed by it, just use http - problem solved. |
| |
Fred
Registered: Feb 2003
Posts: 284 |
I don't think you get the point why SIDwave posted this. Anyway, it's not my problem since I don't use Opera. |
| |
chatGPZ
Registered: Dec 2001
Posts: 11113 |
oh i do get the point. and the solution has been mentioned more than once now =) |
| |
Mr.Ammo
Account closed
Registered: Oct 2002
Posts: 228 |
Quoting Fredlol. See screenshot in the first post. It shows an annoying warning message from the browser.
If you support https, then just buy a certificate or turn it off if you don't need it.
You might find it a nuisance, but you might also be ignorant concerning (computer) security and privacy.
Remember http://en.wikipedia.org/wiki/Firesheep ?
I'm glad CSDB supports SSL, even when the cert is invalid and self-signed. A quick look at the cert info will give me an idea if it's trustworthy or not. |
| |
Fred
Registered: Feb 2003
Posts: 284 |
True, I don't like the warning message. What if e.g. gmail shows this warning message, what is your first reaction?
I also think that every site with a login should use https, although that doesn't mean that your login is secure.
Anyway, the discussion is not about using http or https. It is about how to get rid of the warning message for browsers that defaults to https when the site supports it. |
| |
SIDWAVE
Account closed
Registered: Apr 2002
Posts: 2238 |
Graham posted me some links on irc, and they had https.
ofcourse i want stupid warnings to go away.
there is nothing more obnoxious, than such a message when you visit a page. |
| |
chatGPZ
Registered: Dec 2001
Posts: 11113 |
the right place to complain about it isnt here however - its your browser vendor. |
| |
SIDWAVE
Account closed
Registered: Apr 2002
Posts: 2238 |
no.
certificate has expired, its a website flaw |
| |
chatGPZ
Registered: Dec 2001
Posts: 11113 |
you would get the same complaint from the browser even if its not expired (because it is self signed) |
| |
Graham
Account closed
Registered: Dec 2002
Posts: 990 |
Quote: feel free to sponsor it :) its a waste of money IMHO
https://letsencrypt.org |
| |
MagerValp
Registered: Dec 2001
Posts: 1055 |
No need to wait: https://www.startssl.com/?app=39
Either way an expired self-signed cert is worse than useless, if you enable HTTPS use a proper, valid cert. |
| |
Mr.Ammo
Account closed
Registered: Oct 2002
Posts: 228 |
https://letsencrypt.org/ is already up and running for a while now. Wouldn't it be great if the csdb.dk would get one of these free certificates and install them? One can even auto-renew the certs before the cert expires. |
| |
iAN CooG
Registered: May 2002
Posts: 3132 |
Quote: No need to wait: https://www.startssl.com/?app=39
Either way an expired self-signed cert is worse than useless, if you enable HTTPS use a proper, valid cert.
bad news, startcom/startssl are no longer trusted and from chrome 57 they are actively blocked.
https://security.googleblog.com/2016/10/distrusting-wosign-and-.. |
| |
JackAsser
Registered: Jun 2002
Posts: 1989 |
Perff: offer stands, contact me any day to fix SSL.. |
| |
ruk
Registered: Jan 2012
Posts: 43 |
bump |
