https://wiki.freebsd.org/ certificate error
jerry at seibercom.net
Sat Mar 2 11:30:44 UTC 2013
On Sat, 2 Mar 2013 06:12:22 +0100
> On Fri, 01 Mar 2013 10:42:58 -0500, Fbsd8 wrote:
> > Javad Kouhi wrote:
> > > Also no problem with FreeBSD 9.1 and chromium. But sometimes ago
> > > I have this problem with all https sites. because the government
> > > forged the wrong SSL certificate and my browser and my browser
> > > warned me about it. Do you have this problem with other websites?
> > >
> > > On Fri, Mar 1, 2013 at 6:02 PM, Zyumbilev, Peter
> > > <peter at aboutsupport.com>wrote:
> > >>
> > >> On 01/03/2013 16:14, Ralf Mardorf wrote:
> > >>
> > >>>  $ firefox -version
> > >>> Mozilla Firefox 19.0
> > >>>
> > >> No problem with SeaMonkey 2.16.
> > >>
> > I use xp browser and it's certificate checking is enabled.
> You are sure using a more than 10 year old system should
> be considered safe enough to provide a reference?
> > Maybe the browsers running from xorg desktops are NOT certificate
> > aware so them not getting the error warning would be expected.
> They are. Or to be correct: The most prominent ones are,
> like Firefox, Chrome, and Opera. More lightweight browsers
> like dillo actually might not have this functionality.
> > The fact remains, the ms/browsers do find the wiki.freebsd.org
> > wedsite's certificate invalid because the certificate ip address
> > does not match the ip address the public dns points to.
> As it has been mentioned, one certificate can be used for
> several IP addresses. Both www and wiki are located at
> 18.104.22.168 (returned by "host" command), so there might
> be a DNS issue or something comparable strange...
> I've checked with Opera 11.50 here, no problems.
I think Brad Mettee nailed it with his response.
And in this particular case, the certificate is for www.freebsd.org and
freebsd.org, and the browser is complaining because it's being used on
Their certificate should have been issued for *.freebsd.org instead of
just the main site name. Unfortunately I think all of the certificate
issuers charge big $$$ for that type of cert......
I have seen this sort of thing several times before with different
sites. The older versions of Firefox never picked up on it as often as
IE would. I just tried this site using IE and immediately received the
error message. The message stating: "The security certificate presented
by this website was issued for a different website's address. Security
certificate problems may indicate an attempt to fool you or intercept
any data you send to the server." It then went on to give me the normal
options of leaving the site or ignoring the error. Interestingly
enough, Firefox, on the same machine, does not provide any indication
that the certificate is questionable.
Given the choice of being warned about a questionable certificate or
having the browser silently ignore it, I would choose to be warned
Disclaimer: off-list followups get on-list replies or get ignored.
Please do not ignore the Reply-To header.
More information about the freebsd-questions