Welcome to WebmasterWorld Guest from 54.161.181.156

Forum Moderators: buckworks

IE7 warning against my domain

   
1:05 pm on May 25, 2009 (gmt 0)

5+ Year Member



This weekend I visited some friends, and used their IE7 for accessing my website with SSL. To my big surprise I had a security warning against my site, and had to accept to go their on my own risk. Certainly hope that doesn't apply to my customers as well :(

At home I have no problems/warning using IE7, FF3, Opera, and I even checked the anti-phishing status via IE7, and it reported no problems. My domain expires in 4 years and the SSL certificate in 25 days.

Are there anywhere a service that can check you website to show any possible problems as seen by different browsers / security settings?

I am considering to go for an EV SSL certificate, but do not like the price. Is this really needed, or will it be needed as browsers become more and more "agressive".

Thanks!

1:52 pm on May 25, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The reason you do not get the security warning at home is that you have probably deactivated the display of the warnings in your browser settings.

All your customers with default security settings in their browsers will most likely get this error message.

By the way: If you had posted the exact error message in your post your problem would probably be solved already by someone in this forum...

So all I can do now is guess...:(

Was it ""This page contains both secure and nonsecure items. Do you want to display the nonsecure items."

In this case you have embedded elements, for example pictures on your website with "http:" instead of "https:". You would need to change the URLs then.

Or was it something like: "You are leaving a secure site." Which is not an error message but only a browser warning that the customer is leaving the SSL area and vistiting an area on your website that is not SSL protected. The display of this information is a default security setting for most browsers.

2:03 pm on May 25, 2009 (gmt 0)

5+ Year Member



Sorry for not posting the correct message (was outside of my own office / note tools), but it was this one:

There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).

And this is don't understand as I have a valid certificate running for 25 days. But it is not an EV certificate.

11:45 pm on May 25, 2009 (gmt 0)

10+ Year Member




There is a problem with this website's security certificate.
The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

It sounds like your certificate was self-generated by the server.

The second problem is that your certificate is not matching your domain. Are you on shared hosting?


In this case you have embedded elements, for example pictures on your website with "http:" instead of "https:". You would need to change the URLs then.

Or better yet drop both and simply use "/".

[edited by: MLHmptn at 11:52 pm (utc) on May 25, 2009]

4:30 am on May 26, 2009 (gmt 0)

5+ Year Member



I believe the explanation is that I typed "https://www.mydomain.com" rather than "https://mydomain.com"

Fortunately my customers wouldn't notice, as they will entirely use the non-www address.

Thanks for your help!

5:46 am on May 26, 2009 (gmt 0)

5+ Year Member



As I am going to renew my SSL-certificate shortly, I would like to hear your opinion on whether it is - or will become - neccesary to go for an EV-certificate? I was contacted from Comodo who told me that based on new security settings in the major browser from 1/1-2010, the need for an EV-certificate would increase. I suspect that perhaps people would get some kind of warning if the certificate is not sufficiently certified/validated?
10:12 pm on May 26, 2009 (gmt 0)

5+ Year Member



personally I think it's a racket. But it wouldn't be the first time nor the last that a business was forced to drop a bunch of $$ on some silly thing that corporations thought up to increase their bottom line.

As for the canonical issue with the www. You can solve that by redirecting any traffic to the www.domain.com url to the non-www version fairly easily.

9:55 pm on May 27, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Forget the EV-cert. It's a racket to make more $$. Their "security setting in major browser" argument is a joke, as it would break 99% of all certs in existance.

Count how many websites (that you visit) have EV certs in the past 18 months since they became available. Couple dozen at most? Is Amazon on that short-list?

12:57 pm on May 28, 2009 (gmt 0)

WebmasterWorld Senior Member bwnbwn is a WebmasterWorld Top Contributor of All Time 5+ Year Member



rhonda427 one thing I would suggest is put the new certificate under a subdomain to stop any SE's problems.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month