homepage Welcome to WebmasterWorld Guest from 54.227.89.236
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
IE7 warning against my domain
rhonda427




msg:3919733
 1:05 pm on May 25, 2009 (gmt 0)

This weekend I visited some friends, and used their IE7 for accessing my website with SSL. To my big surprise I had a security warning against my site, and had to accept to go their on my own risk. Certainly hope that doesn't apply to my customers as well :(

At home I have no problems/warning using IE7, FF3, Opera, and I even checked the anti-phishing status via IE7, and it reported no problems. My domain expires in 4 years and the SSL certificate in 25 days.

Are there anywhere a service that can check you website to show any possible problems as seen by different browsers / security settings?

I am considering to go for an EV SSL certificate, but do not like the price. Is this really needed, or will it be needed as browsers become more and more "agressive".

Thanks!

 

jecasc




msg:3919747
 1:52 pm on May 25, 2009 (gmt 0)

The reason you do not get the security warning at home is that you have probably deactivated the display of the warnings in your browser settings.

All your customers with default security settings in their browsers will most likely get this error message.

By the way: If you had posted the exact error message in your post your problem would probably be solved already by someone in this forum...

So all I can do now is guess...:(

Was it ""This page contains both secure and nonsecure items. Do you want to display the nonsecure items."

In this case you have embedded elements, for example pictures on your website with "http:" instead of "https:". You would need to change the URLs then.

Or was it something like: "You are leaving a secure site." Which is not an error message but only a browser warning that the customer is leaving the SSL area and vistiting an area on your website that is not SSL protected. The display of this information is a default security setting for most browsers.

rhonda427




msg:3919750
 2:03 pm on May 25, 2009 (gmt 0)

Sorry for not posting the correct message (was outside of my own office / note tools), but it was this one:

There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).

And this is don't understand as I have a valid certificate running for 25 days. But it is not an EV certificate.

MLHmptn




msg:3919966
 11:45 pm on May 25, 2009 (gmt 0)


There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

It sounds like your certificate was self-generated by the server.

The second problem is that your certificate is not matching your domain. Are you on shared hosting?


In this case you have embedded elements, for example pictures on your website with "http:" instead of "https:". You would need to change the URLs then.

Or better yet drop both and simply use "/".

[edited by: MLHmptn at 11:52 pm (utc) on May 25, 2009]

rhonda427




msg:3920061
 4:30 am on May 26, 2009 (gmt 0)

I believe the explanation is that I typed "https://www.mydomain.com" rather than "https://mydomain.com"

Fortunately my customers wouldn't notice, as they will entirely use the non-www address.

Thanks for your help!

rhonda427




msg:3920075
 5:46 am on May 26, 2009 (gmt 0)

As I am going to renew my SSL-certificate shortly, I would like to hear your opinion on whether it is - or will become - neccesary to go for an EV-certificate? I was contacted from Comodo who told me that based on new security settings in the major browser from 1/1-2010, the need for an EV-certificate would increase. I suspect that perhaps people would get some kind of warning if the certificate is not sufficiently certified/validated?

rachel123




msg:3920605
 10:12 pm on May 26, 2009 (gmt 0)

personally I think it's a racket. But it wouldn't be the first time nor the last that a business was forced to drop a bunch of $$ on some silly thing that corporations thought up to increase their bottom line.

As for the canonical issue with the www. You can solve that by redirecting any traffic to the www.domain.com url to the non-www version fairly easily.

jwolthuis




msg:3921206
 9:55 pm on May 27, 2009 (gmt 0)

Forget the EV-cert. It's a racket to make more $$. Their "security setting in major browser" argument is a joke, as it would break 99% of all certs in existance.

Count how many websites (that you visit) have EV certs in the past 18 months since they became available. Couple dozen at most? Is Amazon on that short-list?

bwnbwn




msg:3921637
 12:57 pm on May 28, 2009 (gmt 0)

rhonda427 one thing I would suggest is put the new certificate under a subdomain to stop any SE's problems.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved