|
-
March 9th, 2005, 06:13 AM
#1
Junior Member
Newbie Question about Site Certificates
Howdy!
I checked the FAQ's and searched for this information on the forums without luck so if I missed a posting I apologize.
I've been into web developing a very short time and know just enough to probably hurt myself but have managed put together a website that is starting to grow. I chose a hosting provider and have uploaded the site but when I go to the secure CPanelX admin part of the site, I get a site certificate warning saying something about that the site name and the name on the certificate is not the same. I emailed and asked the provider about this and was told not to worry about it and he gave me another address to log on to the admin part of the site without the certificate warning showing up.
My site doesn't ask for any personal information so I really didn't worry about it at the time.
Today I read an MSNBC article that talks about "pharming" - the first time I've heard the term. In the article it says that if you go to a site where the certificate warning says that a name doesn't match, that hopefully you will leave because there's a chance the site was hijacked.
Now I'm nervous! Is this something I need to be concerned about? In the future if my site continues to grow I'm thinking of offering some merchandise with shopping cart, checkout, etc., but I don't want to put anyone in danger who comes to the site.
I could really use some guidance here and all help is greatly appreciated!
JDStringer
-
March 9th, 2005, 06:22 AM
#2
Good question! The certificate is important, but your hosting provider could be correct...depending on how they set up the panel and their SSL cert's.
We could use a little more info, but I also want to warn you not to share any info you aren't ready to have used...if you want to give us the URL, you'll probably get a spike in traffic while folks go see whats-what at your site.  Caveat Hax0r
You aren't using this certificate to encrypt your own content, correct? It's just for the hosting providers panel for you to do admin tasks, like email aliases and such, correct?
What exactly is the error? It says specifically that the domain doesn't match the one in the cert?
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
March 10th, 2005, 03:55 AM
#3
Junior Member
I really appreciate the quick response. I was afraid this might be a dumb question so thanks for your help!
I looked at the warning message and copied down what it said. Here it is:
The message is returned in Internet Explorer and says the following:
“There is a problem with the site’s security certificate:
Yes - The security certificate is from a trusted certifying authority
Yes - The security certificate date is valid
No - The name on the security certificate is invalid or does not match the name on the site”
At the bottom I can click on a tab to “View Cert” . When I do I get the following:
“Issued to: local host.localdomain
Issued by: localhost.local.domain”
Then there is a list of information as follows:
“Directory Address
E = ssl@cpanel.net
CN = localhost.localdomain
OU = unknown
O = unknown
L = unknown
S = unknown”
Finally it says:
“Certification Path – localhost.localdomain – Status: This certificate is OK”
If you want to view it, email me and I'll send you the URL.
And I am not using this certificate to encrypt my own content. It is just for the hosting providers panel for you to do admin tasks, like email aliases and such, correct? Correct
Thanks again!
JDStringer
-
March 10th, 2005, 05:07 AM
#4
I'd say your probably ok then. It looks like they are using a basic cert without having it signed by a CA, which is no big deal. It's just for encrypting your password and commands to the panel. If the panel ever looks funny, or the URL changes unexpectedly, I'd be downright paranoid...but this sounds like none-too-big of a deal.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
March 10th, 2005, 09:56 AM
#5
Hi JDStringer,
I've had something similar with a hosting provider for a while. The hostname for the machine that I was using was different from the name on the certificate. However, looking at the certificate, I could see it was issued to my hosting provider, so everything was fine.
But yes, I would agree with the general comments already made. Keep an eye on any changes to the look and feel when you log in. You never know what can happen.
It's the risk of certificate alerts, if you get used to them for one site, you start ignoring them.
Cheers,
BrainStop
"To estimate the time it takes to do a task, estimate the time you think it should take, multiply by two, and change the unit of measure to the next highest unit. Thus we allocate two days for a one-hour task." -- Westheimer's Rule
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
