Technical Discussion
  >> Security Related Issues


Register (or login) on our website and you will not see this ad.


  Print Thread
Standard User bobble_bob
(knowledge is power) Mon 04-Apr-16 10:05:17
Print Post

SSL certificate untrusted


[link to this post]
 
Was looking to book a holiday on a website ive used for years to book stuff on, and went to login to my account. On Firefox and IE it went to the secure site no problems and the connection/certificate was verified. However on my phone the same website throws a warning both on the stock Android browser and on Chrome saying the servers certificate cannot be trusted.

I put the website into an SSL checker and it comes back

The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate



Anyone know what that means? Ive emailed the webmaster of the site, but i assume its just a misconfigured certificate rather than anything dodgy going on

The website is http://www.exodus.co.uk/ and you can get to the secure bit by clicking "Sign in/register" at the top. Strange how Firefox on my PC doesnt throw this error up
Standard User caffn8me
(knowledge is power) Mon 04-Apr-16 13:31:29
Print Post

Re: SSL certificate untrusted


[re: bobble_bob] [link to this post]
 
They've misconfiigured their server. It should send your browser three security certificates but it only sends two. Firefox indicates that the site is not secure by not having a padlock symbol.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
Standard User bobble_bob
(knowledge is power) Mon 04-Apr-16 14:05:19
Print Post

Re: SSL certificate untrusted


[re: caffn8me] [link to this post]
 
Padlock symbol is there in Firefox and the address bar is green which is what is confusing me


Register (or login) on our website and you will not see this ad.

Standard User uno
(knowledge is power) Mon 04-Apr-16 14:17:20
Print Post

Re: SSL certificate untrusted


[re: bobble_bob] [link to this post]
 
Firefox will already have those intermediate certificates so does not need them from the server.

https://www.sslshopper.com/ssl-checker.html#hostname... is a good site to visually show the broken chain.

Matt

uno Communications
t: 0800 520 0345
Official Maidenhead, Milton Keynes & Sheffield Speedtest.net Host

Edited by uno (Mon 04-Apr-16 14:18:14)

Standard User bobble_bob
(knowledge is power) Mon 04-Apr-16 14:45:58
Print Post

Re: SSL certificate untrusted


[re: uno] [link to this post]
 
Yea cheers used a few sites to check and all said an untrusted chain certificate. So is the site secure to use even with these warnings? Or in the case of Firefox no warning?
Standard User uno
(knowledge is power) Mon 04-Apr-16 14:48:00
Print Post

Re: SSL certificate untrusted


[re: bobble_bob] [link to this post]
 
Yes. Even though the chain is broken for some browsers, others that already know the chain can confirm it is safe.

The data to/from the end host will still be encrypted.

Matt

uno Communications
t: 0800 520 0345
Official Maidenhead, Milton Keynes & Sheffield Speedtest.net Host
Standard User bobble_bob
(knowledge is power) Mon 04-Apr-16 14:59:06
Print Post

Re: SSL certificate untrusted


[re: uno] [link to this post]
 
Cheers thanks for the reassurance
Standard User Lethe
(fountain of knowledge) Mon 04-Apr-16 18:06:13
Print Post

Re: SSL certificate untrusted


[re: bobble_bob] [link to this post]
 
Wack the url into here, the de facto ssl test site on the Internet:

https://www.ssllabs.com/ssltest/

It will give you a very detailed report of the site.

Nick
Standard User bobble_bob
(knowledge is power) Mon 04-Apr-16 18:44:36
Print Post

Re: SSL certificate untrusted


[re: Lethe] [link to this post]
 
Gets a B rating but due to

This server's certificate chain is incomplete. Grade capped to B.
Standard User caffn8me
(knowledge is power) Tue 05-Apr-16 07:26:03
Print Post

Re: SSL certificate untrusted


[re: bobble_bob] [link to this post]
 
In reply to a post by bobble_bob:
Padlock symbol is there in Firefox and the address bar is green which is what is confusing me
It's there for a fraction of a second on Firefox 38.7.1 ESR on a Mac and then it disappears and comes up with the warning symbol. I haven't actually tried it on a Windoze box.

Sarah

--
If I can't drink my bowl of coffee three times daily, then in my torment, I will shrivel up like a piece of roast goat

Spiders on coffee - Badass spiders on drugs
  Print Thread

Jump to