tgpaul Posted February 27, 2005 Posted February 27, 2005 Dear all, I am using the shared SSL certificate on server99 to access webmail and cpanel, but everytime I go to these pages for the first time in a browser session, I get the old Security Alert dialog "Security certificate is invalid or does not match domain name". If I remember correctly, with my last host I simply installed the certificate, and I never got the warning again. I tried that here, and it doesn't seem to be working. Any suggestions? TGP Quote
TCH-Bruce Posted March 14, 2005 Posted March 14, 2005 I'm sorry nobody has responded to your query but please don't bump threads. It is against the Forum Guidelines. I have never questioned the security certificate personally, I just click to accept it and move on. Quote
ace Posted March 15, 2005 Posted March 15, 2005 You can workaround this by making the following change in IE: Right click on your internet explorer icon and click properties Select the advance tab Scroll down to security uncheck the "warn about invalid site certificates" This will stop the security pop up box when the cert does not match your domain name. (this is normal as you are using TCH shared cert) Hope this helps Quote
tgpaul Posted March 15, 2005 Author Posted March 15, 2005 You can workaround this by making the following change in IE: Right click on your internet explorer icon and click properties Select the advance tab Scroll down to security uncheck the "warn about invalid site certificates" This will stop the security pop up box when the cert does not match your domain name. (this is normal as you are using TCH shared cert) Hope this helps <{POST_SNAPBACK}> Well, the reason I question is because with my old host, all I had to do was install the certificate and it would "trust" it. This does not seem to be the case with TCH. Could it be that the issued to/from is localhost.localdomain? Something like serverXX.totalchoicehosting.com would seem à propos. Quote
zathros Posted March 16, 2005 Posted March 16, 2005 Well, the reason I question is because with my old host, all I had to do was install the certificate and it would "trust" it. This does not seem to be the case with TCH. Could it be that the issued to/from is localhost.localdomain? Something like serverXX.totalchoicehosting.com would seem à propos. <{POST_SNAPBACK}> If you're viewing details of the certificate and you see that it was issued to the common name (CN) localhost.localdomain, that means someone didn't do a good job making the certificate (or maybe used a default). As you suspected, that should be the hostname of your server (serverXX.totalchoicehosting.com). Note that if your address bar says "******" and the server that the certificate is issued to is "serverXX.totalchoicehosting.com" you will get messages from the browser, and this is normal, correct behavior. If you're sure the certificate was issued to localhost.localdomain, I'd suggest you raise a support ticket. Everyone on your server would have this problem if the common name is incorrect. I run sites registered on servers 78 and 91, and both of those have certificates issued to the correct server names. Also, I would not recommend following the advice given above. By disabling the notification of invalid certificates in your browser, you would be completely losing much of the point of the authentication provided by SSL. Even though you know your site will bring up these messages and you accept that for your site, you don't want to one day go login to your bank's website and miss the message that their certificate is invalid. I know it sucks that messages come up, but that's the price you pay for security. If you disable the checking on the clients, you won't have a clue when something goes wrong with SSL on any site. The same goes for always blindly accepting those dialog boxes that come up telling you about SSL problems. If you're not concerned about a particular site too much, that's fine... but if you do it all the time and never check it out, then you'll click past something important. Quote
tgpaul Posted March 17, 2005 Author Posted March 17, 2005 (edited) So it turns out that some ports on server99 (2083: Secure CPanel and 2096: Secure Webmail) were using a different certificate than the standard one on port 88, and I put in a ticket to fix it. Changing to the main certificate on these other ports, in conjunction with installing the certificate in IE, supresses the warning safely. Thanks zathros! Edited March 17, 2005 by tgpaul Quote
tgpaul Posted March 10, 2006 Author Posted March 10, 2006 So it turns out that some ports on server99 (2083: Secure CPanel and 2096: Secure Webmail) were using a different certificate than the standard one on port 88, and I put in a ticket to fix it. Changing to the main certificate on these other ports, in conjunction with installing the certificate in IE, supresses the warning safely. Thanks zathros! It would only be appropriate that this problem would occur a year later almost to the day. With the new wildcard certificates, any chance of suppressing the IE warning "safely"? (Getting IE to recognize server99 as being inside *.tchmachines or disregarding warnings at this domain) Thanks much for your help. Ted Quote
tgpaul Posted March 10, 2006 Author Posted March 10, 2006 Can you check the URL used to access the secure connections? The server name should be server99.tchmachines.com. If that does not resolve the issue, please open a ticket with the supportdesk, we shall sort it out..... Ah, great job again. I was still pointing to server99.totalchoicehosting.com. Thanks! T Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.