Security certificates - Mozilla

This is a discussion on Security certificates - Mozilla ; Cari tutti, This morning I started a new website: www.concordian-economics.org . If I access it through IE I have no problem, but with Mozilla Firefox I receive this message: "Security Error - Domain Name Mismatch ....cannot read your security certificate... ...

+ Reply to Thread
Results 1 to 11 of 11

Thread: Security certificates

  1. Security certificates

    Cari tutti,

    This morning I started a new website: www.concordian-economics.org. If
    I access it through IE I have no problem, but with Mozilla Firefox I
    receive this message:

    "Security Error - Domain Name Mismatch
    ....cannot read your security certificate...
    .... the security certificate belongs to
    "secureecn110.websitecomplete.com"...

    Any help?

    Thanks,

    Carmine


  2. Re: Security certificates

    cgorga@gmail.com wrote:

    >Cari tutti,
    >
    >This morning I started a new website: www.concordian-economics.org. If
    >I access it through IE I have no problem, but with Mozilla Firefox I
    >receive this message:
    >
    >"Security Error - Domain Name Mismatch
    >...cannot read your security certificate...
    >... the security certificate belongs to
    >"secureecn110.websitecomplete.com"...
    >
    >Any help?
    >
    >Thanks,
    >
    >Carmine


    I looked with FF 1.5.0.4 on XP Home and don't have any problem with this
    site.

    Ekko
    --


  3. Re: Security certificates

    Ekko Dieleman wrote:
    > cgorga@gmail.com wrote:
    >
    >> Cari tutti,
    >>
    >> This morning I started a new website: www.concordian-economics.org. If
    >> I access it through IE I have no problem, but with Mozilla Firefox I
    >> receive this message:
    >>
    >> "Security Error - Domain Name Mismatch
    >> ...cannot read your security certificate...
    >> ... the security certificate belongs to
    >> "secureecn110.websitecomplete.com"...
    >>
    >> Any help?
    >>
    >> Thanks,
    >>
    >> Carmine

    >
    > I looked with FF 1.5.0.4 on XP Home and don't have any problem with this
    > site.
    >
    > Ekko


    Same here ... no problems.

    --
    Irwin Greenwald - Mozilla Champion
    *Technical messages sent to my email address will be ignored*

    Managing TB Profiles: http://www.mozilla.org/support/thunderbird/profile
    Managing FF Profiles: http://www.mozilla.org/support/firefox/profile

  4. Re: Security certificates

    cgorga@gmail.com wrote:
    > Cari tutti,
    >
    > This morning I started a new website: www.concordian-economics.org. If
    > I access it through IE I have no problem, but with Mozilla Firefox I
    > receive this message:
    >
    > "Security Error - Domain Name Mismatch
    > ...cannot read your security certificate...
    > ... the security certificate belongs to
    > "secureecn110.websitecomplete.com"...
    >
    > Any help?
    >
    > Thanks,
    >
    > Carmine
    >


    No problems here. Do you have a security certificate installed on your
    computer that could be interfering with your loading of the site?

    --
    Brian | REMOVE NOSPAM To E-Mail me

    .. http://www.mozilla.org | http://ilias.ca/mozilla/ | http://ilias.ca/

    .. No keyboard found. Press F1 to continue.

    .. Internet "Help" Desk: http://www.deadtroll.com/video/helldeskcable.html

  5. Re: Security certificates

    cgorga@gmail.com wrote:
    > Cari tutti,
    >
    > This morning I started a new website: www.concordian-economics.org. If
    > I access it through IE I have no problem, but with Mozilla Firefox I
    > receive this message:
    >
    > "Security Error - Domain Name Mismatch
    > ...cannot read your security certificate...
    > ... the security certificate belongs to
    > "secureecn110.websitecomplete.com"...
    >
    > Any help?
    >
    > Thanks,
    >
    > Carmine
    >


    Presumably people haven't been getting the message you got because
    they've been going to http://www.concordian-economics.org rather than
    https://www.concordian-economics.org. The security certificate issue
    will only arise for the secure link.

    As far as I can tell the problem is exactly as described in the message
    given by FF - the address on the certificate doesn't match that of the
    site. I get a similar error message in IE.

    Either you have some setting in IE to allow certificates to be used on
    the wrong domain, or maybe you were visiting the insecure address in IE
    and the secure version in FF...?

  6. Re: Security certificates

    Ed Hazell wrote:
    > cgorga@gmail.com wrote:
    >> Cari tutti,
    >>
    >> This morning I started a new website: www.concordian-economics.org. If
    >> I access it through IE I have no problem, but with Mozilla Firefox I
    >> receive this message:
    >>
    >> "Security Error - Domain Name Mismatch
    >> ...cannot read your security certificate...
    >> ... the security certificate belongs to
    >> "secureecn110.websitecomplete.com"...
    >>
    >> Any help?
    >> Thanks,
    >>
    >> Carmine
    >>

    >
    > Presumably people haven't been getting the message you got because
    > they've been going to http://www.concordian-economics.org rather than
    > https://www.concordian-economics.org. The security certificate issue
    > will only arise for the secure link.
    >
    > As far as I can tell the problem is exactly as described in the message
    > given by FF - the address on the certificate doesn't match that of the
    > site. I get a similar error message in IE.
    >
    > Either you have some setting in IE to allow certificates to be used on
    > the wrong domain, or maybe you were visiting the insecure address in IE
    > and the secure version in FF...?


    Excellent catch Ed!! I,too, get that mismatch message when visiting the
    https link & I get in in IE 6 as well.

    --
    Brian | REMOVE NOSPAM To E-Mail me

    .. http://www.mozilla.org | http://ilias.ca/mozilla/ | http://ilias.ca/

    .. No keyboard found. Press F1 to continue.

    .. Internet "Help" Desk: http://www.deadtroll.com/video/helldeskcable.html

  7. Re: Security certificates

    Brian J. Graham wrote:
    > Ed Hazell wrote:
    >> cgorga@gmail.com wrote:
    >>> Cari tutti,
    >>>
    >>> This morning I started a new website: www.concordian-economics.org.
    >>> If I access it through IE I have no problem, but with Mozilla
    >>> Firefox I receive this message:
    >>>
    >>> "Security Error - Domain Name Mismatch
    >>> ...cannot read your security certificate...
    >>> ... the security certificate belongs to
    >>> "secureecn110.websitecomplete.com"...
    >>>
    >>> Any help?
    >>> Thanks,
    >>>
    >>> Carmine
    >>>

    >>
    >> Presumably people haven't been getting the message you got because
    >> they've been going to http://www.concordian-economics.org rather than
    >> https://www.concordian-economics.org. The security certificate issue
    >> will only arise for the secure link.
    >>
    >> As far as I can tell the problem is exactly as described in the
    >> message given by FF - the address on the certificate doesn't match
    >> that of the site. I get a similar error message in IE.
    >>
    >> Either you have some setting in IE to allow certificates to be used
    >> on the wrong domain, or maybe you were visiting the insecure address
    >> in IE and the secure version in FF...?

    >
    > Excellent catch Ed!! I,too, get that mismatch message when visiting
    > the https link & I get in in IE 6 as well.


    It does seem to be a browser problem: (if you accept the certificate) and
    you continue in FF then you get page not found, however in IE you can
    continue to the default page. Whether this is correct behavour is a matter
    of point of view I suppose (after warning the user). There seems to be
    little point in warning if you are not going to at least give the user the
    opportunity to continue?



  8. Re: Security certificates

    jasee wrote:
    > Brian J. Graham wrote:
    >> Ed Hazell wrote:
    >>> cgorga@gmail.com wrote:
    >>>> Cari tutti,
    >>>>
    >>>> This morning I started a new website: www.concordian-economics.org.
    >>>> If I access it through IE I have no problem, but with Mozilla
    >>>> Firefox I receive this message:
    >>>>
    >>>> "Security Error - Domain Name Mismatch
    >>>> ...cannot read your security certificate...
    >>>> ... the security certificate belongs to
    >>>> "secureecn110.websitecomplete.com"...
    >>>>
    >>>> Any help?
    >>>> Thanks,
    >>>>
    >>>> Carmine
    >>>>
    >>> Presumably people haven't been getting the message you got because
    >>> they've been going to http://www.concordian-economics.org rather than
    >>> https://www.concordian-economics.org. The security certificate issue
    >>> will only arise for the secure link.
    >>>
    >>> As far as I can tell the problem is exactly as described in the
    >>> message given by FF - the address on the certificate doesn't match
    >>> that of the site. I get a similar error message in IE.
    >>>
    >>> Either you have some setting in IE to allow certificates to be used
    >>> on the wrong domain, or maybe you were visiting the insecure address
    >>> in IE and the secure version in FF...?

    >> Excellent catch Ed!! I,too, get that mismatch message when visiting
    >> the https link & I get in in IE 6 as well.

    >
    > It does seem to be a browser problem: (if you accept the certificate) and
    > you continue in FF then you get page not found, however in IE you can
    > continue to the default page. Whether this is correct behavour is a matter
    > of point of view I suppose (after warning the user). There seems to be
    > little point in warning if you are not going to at least give the user the
    > opportunity to continue?
    >
    >


    Not sure what you are referring to when you say "in IE you can continue
    to the default page".

    I just tried with both FF & IE6. Attempting
    https://www.concordian-economics.org in both browsers, the results are
    the same.

    I accept the certificate, then get a page not found page *from godaddy*,
    the site host, not the built in error page from the browsers.

    Using http://www.concordian-economics.org, it works as expected.

    I believe that it has to do with how the server is setup.

    On my host, attempting https to my site, with FF results in a message
    stating that the connection was interrupted. No certificate warning, no
    redirection.

    Attempting the same thing with IE6 results in a message stating that the
    page cannot be displayed. Again, no certificate warning, no redirection.

    These were the built-in error pages from the browsers, not from the server.

    However, on my host, I can access my site through https, *if* I change
    the url to https://servername.site5.com/~myaccountname. Where
    servername is the name of the specific server (the actual machine) at
    my host that my account resides on & myaccountname is, well, my account
    name.

    Using that URL, both FF & IE6 take me directly to my page, without any
    certificate warnings & I see the little padlock, indicating a secure page.

    The difference is that when I use
    https://servername.site5.com/~myaccountname, I am connecting not to
    mydomain, but to site5, my hosting provider. The certificate on that
    server is a wildcard certificate, valid for *.site5.com, which would be
    valid for any value of servername.

    Attempting https://www.mydomain.net fails because I do not have a
    certificate installed for mydomain. The only way to avoid that would be
    to purchase a certificate for www.mydomain.net & have my host install it
    on the server.

    The difference appears to be how the different hosts have configured
    their servers to respond in such situations. On my host, they
    apparently terminate the connection. On godaddy, they serve up a
    generic page not found. Different hosts, different configurations.

    I apologize for being a little long winded, but wanted to try to explain
    it as clearly as possible.

    --
    Alex

  9. Re: Security certificates

    Alex wrote:
    > jasee wrote:
    >> Brian J. Graham wrote:
    >>> Ed Hazell wrote:
    >>>> cgorga@gmail.com wrote:
    >>>>> Cari tutti,
    >>>>>
    >>>>> This morning I started a new website:
    >>>>> www.concordian-economics.org. If I access it through IE I have no
    >>>>> problem, but with Mozilla Firefox I receive this message:
    >>>>>
    >>>>> "Security Error - Domain Name Mismatch
    >>>>> ...cannot read your security certificate...
    >>>>> ... the security certificate belongs to
    >>>>> "secureecn110.websitecomplete.com"...
    >>>>>
    >>>>> Any help?
    >>>>> Thanks,
    >>>>>
    >>>>> Carmine
    >>>>>
    >>>> Presumably people haven't been getting the message you got because
    >>>> they've been going to http://www.concordian-economics.org rather
    >>>> than https://www.concordian-economics.org. The security
    >>>> certificate issue will only arise for the secure link.
    >>>>
    >>>> As far as I can tell the problem is exactly as described in the
    >>>> message given by FF - the address on the certificate doesn't match
    >>>> that of the site. I get a similar error message in IE.
    >>>>
    >>>> Either you have some setting in IE to allow certificates to be used
    >>>> on the wrong domain, or maybe you were visiting the insecure
    >>>> address in IE and the secure version in FF...?
    >>> Excellent catch Ed!! I,too, get that mismatch message when visiting
    >>> the https link & I get in in IE 6 as well.

    >>
    >> It does seem to be a browser problem: (if you accept the
    >> certificate) and you continue in FF then you get page not found,
    >> however in IE you can continue to the default page. Whether this is
    >> correct behavour is a matter of point of view I suppose (after
    >> warning the user). There seems to be little point in warning if you
    >> are not going to at least give the user the opportunity to continue?
    >>
    >>

    >
    > Not sure what you are referring to when you say "in IE you can
    > continue
    > to the default page".
    >
    > I just tried with both FF & IE6. Attempting
    > https://www.concordian-economics.org in both browsers, the results are
    > the same.
    >
    > I accept the certificate, then get a page not found page *from
    > godaddy*, the site host, not the built in error page from the
    > browsers.
    >
    > Using http://www.concordian-economics.org, it works as expected.
    >
    > I believe that it has to do with how the server is setup.
    >
    > On my host, attempting https to my site, with FF results in a message
    > stating that the connection was interrupted. No certificate warning,
    > no redirection.
    >
    > Attempting the same thing with IE6 results in a message stating that
    > the page cannot be displayed. Again, no certificate warning, no
    > redirection.
    >
    > These were the built-in error pages from the browsers, not from the
    > server.
    >
    > However, on my host, I can access my site through https, *if* I change
    > the url to https://servername.site5.com/~myaccountname. Where
    > servername is the name of the specific server (the actual machine) at
    > my host that my account resides on & myaccountname is, well, my
    > account name.
    >
    > Using that URL, both FF & IE6 take me directly to my page, without any
    > certificate warnings & I see the little padlock, indicating a secure
    > page.
    >
    > The difference is that when I use
    > https://servername.site5.com/~myaccountname, I am connecting not to
    > mydomain, but to site5, my hosting provider. The certificate on that
    > server is a wildcard certificate, valid for *.site5.com, which would
    > be valid for any value of servername.
    >
    > Attempting https://www.mydomain.net fails because I do not have a
    > certificate installed for mydomain. The only way to avoid that would
    > be to purchase a certificate for www.mydomain.net & have my host
    > install it on the server.
    >
    > The difference appears to be how the different hosts have configured
    > their servers to respond in such situations. On my host, they
    > apparently terminate the connection. On godaddy, they serve up a
    > generic page not found. Different hosts, different configurations.
    >
    > I apologize for being a little long winded, but wanted to try to
    > explain it as clearly as possible.



    Hmm, well they are both giving the page not found response now!.
    Don't understand your use of host. The certificate should be installed on
    the web server.
    However it's client response which was/is different.
    It's always been browser dependent (not server dependent). You should (and
    still do, I find) to get a warning from your client browser and then
    depending on whether *you* considered the warning was serious enough you can
    proceed to the site. That's what happened here. It doesn't matter in effect
    that the certificates for the wrong site, that data's still going to be
    encripted. Also with expired certificates or those with other 'faults'.As
    you can see as the fault page you generally get to is secured. Although it's
    obviously some godaddy hosting generated page (the real server is running
    IIS).

    However FF is slightly 'strange' in other ways: for instance personal
    certificates ie thawte certificates, don't indicate that they have installed
    themselves (apparently this is a Monzilla feature)



  10. Re: Security certificates

    jasee wrote:
    > Alex wrote:
    >> jasee wrote:
    >>> Brian J. Graham wrote:
    >>>> Ed Hazell wrote:
    >>>>> cgorga@gmail.com wrote:
    >>>>>> Cari tutti,
    >>>>>>
    >>>>>> This morning I started a new website:
    >>>>>> www.concordian-economics.org. If I access it through IE I have no
    >>>>>> problem, but with Mozilla Firefox I receive this message:
    >>>>>>
    >>>>>> "Security Error - Domain Name Mismatch
    >>>>>> ...cannot read your security certificate...
    >>>>>> ... the security certificate belongs to
    >>>>>> "secureecn110.websitecomplete.com"...
    >>>>>>
    >>>>>> Any help?
    >>>>>> Thanks,
    >>>>>>
    >>>>>> Carmine
    >>>>>>
    >>>>> Presumably people haven't been getting the message you got because
    >>>>> they've been going to http://www.concordian-economics.org rather
    >>>>> than https://www.concordian-economics.org. The security
    >>>>> certificate issue will only arise for the secure link.
    >>>>>
    >>>>> As far as I can tell the problem is exactly as described in the
    >>>>> message given by FF - the address on the certificate doesn't match
    >>>>> that of the site. I get a similar error message in IE.
    >>>>>
    >>>>> Either you have some setting in IE to allow certificates to be used
    >>>>> on the wrong domain, or maybe you were visiting the insecure
    >>>>> address in IE and the secure version in FF...?
    >>>> Excellent catch Ed!! I,too, get that mismatch message when visiting
    >>>> the https link & I get in in IE 6 as well.
    >>> It does seem to be a browser problem: (if you accept the
    >>> certificate) and you continue in FF then you get page not found,
    >>> however in IE you can continue to the default page. Whether this is
    >>> correct behavour is a matter of point of view I suppose (after
    >>> warning the user). There seems to be little point in warning if you
    >>> are not going to at least give the user the opportunity to continue?
    >>>
    >>>

    >> Not sure what you are referring to when you say "in IE you can
    >> continue
    >> to the default page".
    >>
    >> I just tried with both FF & IE6. Attempting
    >> https://www.concordian-economics.org in both browsers, the results are
    >> the same.
    >>
    >> I accept the certificate, then get a page not found page *from
    >> godaddy*, the site host, not the built in error page from the
    >> browsers.
    >>
    >> Using http://www.concordian-economics.org, it works as expected.
    >>
    >> I believe that it has to do with how the server is setup.
    >>
    >> On my host, attempting https to my site, with FF results in a message
    >> stating that the connection was interrupted. No certificate warning,
    >> no redirection.
    >>
    >> Attempting the same thing with IE6 results in a message stating that
    >> the page cannot be displayed. Again, no certificate warning, no
    >> redirection.
    >>
    >> These were the built-in error pages from the browsers, not from the
    >> server.
    >>
    >> However, on my host, I can access my site through https, *if* I change
    >> the url to https://servername.site5.com/~myaccountname. Where
    >> servername is the name of the specific server (the actual machine) at
    >> my host that my account resides on & myaccountname is, well, my
    >> account name.
    >>
    >> Using that URL, both FF & IE6 take me directly to my page, without any
    >> certificate warnings & I see the little padlock, indicating a secure
    >> page.
    >>
    >> The difference is that when I use
    >> https://servername.site5.com/~myaccountname, I am connecting not to
    >> mydomain, but to site5, my hosting provider. The certificate on that
    >> server is a wildcard certificate, valid for *.site5.com, which would
    >> be valid for any value of servername.
    >>
    >> Attempting https://www.mydomain.net fails because I do not have a
    >> certificate installed for mydomain. The only way to avoid that would
    >> be to purchase a certificate for www.mydomain.net & have my host
    >> install it on the server.
    >>
    >> The difference appears to be how the different hosts have configured
    >> their servers to respond in such situations. On my host, they
    >> apparently terminate the connection. On godaddy, they serve up a
    >> generic page not found. Different hosts, different configurations.
    >>
    >> I apologize for being a little long winded, but wanted to try to
    >> explain it as clearly as possible.

    >
    >
    > Hmm, well they are both giving the page not found response now!.
    > Don't understand your use of host. The certificate should be installed on
    > the web server.


    Host = Web Hosting Provider = web server

    > However it's client response which was/is different.
    > It's always been browser dependent (not server dependent). You should (and
    > still do, I find) to get a warning from your client browser and then
    > depending on whether *you* considered the warning was serious enough you can
    > proceed to the site. That's what happened here. It doesn't matter in effect
    > that the certificates for the wrong site, that data's still going to be
    > encripted. Also with expired certificates or those with other 'faults'.As
    > you can see as the fault page you generally get to is secured. Although it's
    > obviously some godaddy hosting generated page (the real server is running
    > IIS).
    >


    But that was my point. *If* the hosting provider has configured the web
    server to allow sites to use the hosting provider's certificate, then
    yes, it will behave as you describe.

    On the other hand, if the server is configured to *not* allow it, then
    you will see the current behavior of the concordian-economics site.

    What is occurring is that the godaddy server is looking at the request
    for https://www.concordian-economics.org and, seeing that there is no
    certificate installed *for that site*, it is serving up page not found.
    That is completely up to the server.

    As I explained above, my hosting provider (web server) will simply
    terminate the connection if it finds that there is no certificate
    installed for the requested site. Again, that happens on the server end.

    Note that this is different from a situation where there *is* a
    certificate installed for the requested site, but that there is an
    error, such as expired certificate. I have encountered those
    occasionally & make a decision to accept it or not. If I do, then FF
    happily proceeds to the requested site.

    The situation with concordian-economics is that, apparently, there is no
    certificate installed for www.concordian-economics.org (perhaps the OP
    can confirm this) and godaddy has chosen to configure the web server to
    not allow an https connection when a site does not have a certificate
    installed, but to redirect to page not found. Even though I accepted
    the server certificate from *godaddy*.

    That is why you see that it is a secured page, it (FF or IE) accepted
    the certificate, encrypted the connection, but then the *server*
    redirected to page not found, not FF or IE, they simply displayed the
    page that they were served.

    --
    Alex


  11. Re: Security certificates


    "Alex" wrote in message
    news:2p6dnZbR9pNqZBbZnZ2dnUVZ_vednZ2d@mozilla.org. ..
    > jasee wrote:
    > That is why you see that it is a secured page, it (FF or IE) accepted
    > the certificate, encrypted the connection, but then the *server*
    > redirected to page not found, not FF or IE, they simply displayed the
    > page that they were served.


    Yes, however originally the behavour with FF was different.

    Again, the choice is first froim the client side, then depending on the
    client decision, whether he decides in the client browser whether the
    certificate is valid, then the client browser should then accept (and try to
    use the certificate)

    A few days ago, FF took you to a different page than IE (from here)

    THEN the server may direct the client to a particular page or anywhere else
    if the page doesn't exist etc.

    You can still go to the real IIS error page itself if you add default.htm or
    default.html (both of which are legitimate IIS pages)



+ Reply to Thread