SSL Certificate mismatch

Category group and category are irrelevant.  This is a domain issue.

The SSL certificates are for a.ssl.fastly.net and ssl.fastly.net, neither of which even seem to exist other than being registered to an "Eric Gould", who owns at least 111 domains (that I saw).

This is problematic.  Can it be fixed?  Or is someone trying to MITM?

Thanks,

Sean

sort by: active | newest | oldest
1-10 of 13Next »
Kiteman6 years ago
Er...

Which website are you talking about?

Actually, change that; What are you talking about?
MeanderingCode (author)  Kiteman6 years ago
https://secure.wikimedia.org/wikipedia/en/wiki/Secure_Sockets_Layer

It encrypts the connection between your browser and the server hosting the website.  This protects you from eavesdropping, and is critical with banking and other high-impact, high-risk interactions.  I feel it is important for all locations where I am authenticating with an account I own...less so here than with email, but a security consideration, nonetheless.

If you try to go to https://instructables.com you will run into a big scary warning in your browser, and looking at the details shows that the certificate is for an entirely different domain...one that looks a little sketchy, at that.

I didn't mean to post this here, but there is no clear place to "get help" from the management of Instructables.  I did email a link to this post to the info@instructables.com address, but I couldn't figure out how else to post anything up.  Do you have any directions for me on that?  I may have just been having a blind moment.
Hello. I'm not sure where you got that link from. Please let me know if you found it somewhere or just decided to try it yourself. Because if bad links are floating around the internet, I'd like to ask whoever has them, where they found them.

The secure connection you're trying to use in incorrect. If you'd like to login though a ssl connection please use the following link:
https://ssl.instructables.com/account/login

Please also let me know if you have any other questions.
MeanderingCode (author)  StumpChunkman6 years ago
Thanks for replying. I will use that.

I didn't have a link, i just edited the URL to https:// on the page where I was presented a login form, then tried htps://instructables.com when I got the certificate mismatch error. I'm not sure why I would get an unrelated certificate instead of just a request timeout or connection refused. Perhaps it is a configuration on the web host?

Have you (if you are involved in running the site) considered allowing (at least partial) SSL for your whole domain? I'm happy to have my password transmitted encrypted, but there is also sidejacking style session stealing.
I've wished for that for a long time.
Because of the way we load the site, if we were to do this, it would require us writing out an entire second version of the site, that worked slightly different then the current one. Because of this, there's no much desire to do that. All of the pages that were deemed important and need secure processing have it, but to have two separate sites both working in tandem doesn't make much sense, and would create a lot of difficulties for us. Sorry.
Hi, Matt. I only just found this thread (searching for previous bug reports). I'm confused about what you've written. The invalid certification authority is a server-hostname issue not a page-by-page issue.

Your hosting service should be providing certificates for the *.instructables.com domain, not for individual hosts. If https://ssl.instructables.com/ works, then so should https://www.instructables.com/, and https://cdn.instructables.com/, etc. If your hosting service isn't doing that, then they should fix it.

Or are you worried about having hardwired full path links on pages, so that if a user started on https:, you would have to have all the pages rewritten to also use https:? If you are using relative URLs, that should happen automatically and the page generators shouldn't have to deal with it at all.
Hey Kelseymh,

Honestly, I'm confused about what I wrote too, but I did it right after talking to the dev team and I trust that they know what they're talking about. You should message frenzy as he'll know why more about what things work the way they do.
Done; thanks for the suggestion, Matt. I also suggested to Frenzy that he could e-mail me directly, since the PM interface is pretty limited.
MeanderingCode (author)  MeanderingCode6 years ago
Just found what I missed last time and moved this thread.

Don't know what hiccup happened to my or my browser before. Sorry :/
1-10 of 13Next »