Jump to content

Created Subdomain For Webmail

!!blue

By !!blue
in CPanel and Site Maintenance

 Share

Recommended Posts

!!blue Rising Star

!!blue

Posted
Posted

 

I created a subdomain like in this posting by Lianna Create Subdoman to SSL Horde Webmail and when I go there I get a dialog box that tells me the browser is "Unable to verify the identity of plain.rackshack.net as a trusted site.

 

Possibly b/c:

- browser doesn't recognize Certificate of Authority that issued the site's certicate

- Sites certificate is incomplete due to a server misconfig

- you're connecting to a site pretending to be plain.rackshack.net, so it can possibly get your info

 

[ Click to examine certificate ]

 

Accept the Certificate:

( a ) forever

( b ) temporarily for this sesson or

( c ) never. "

 

I said temporarily, but what does this mean? Is it not secure? does the browser not recognize the certificate? What's up and what should I do? :o

 

thanks,

!!blue

MikeJ Veteran

MikeJ

Posted
Posted

You are likely using the shared SSL certificate of that server.

 

The way SSL certificates work, is that it gets delivered to your browser, your browser then checks the certificate and the sitename used to access that server (in your example, "plain.rackshack.net", and checks them against the certificate authority that issued the certificate. If they don't match, you will get an error like that. In the case of your setup, though, the certificate is a probably a dummy one that wasn't issued by a Certificate Authority so that the server can provide SSL to any number of domains, just without the verification.

 

In plain English... the SSL certificate that is running on that server is not for plain.rackshack.net, so it cannot verify that the site you requested is what you actually got. If you say yes to allowing it, the connection is still secure (and encrypted) though.

 

The reason for verification is to protect against someone stealing information by redirecting people to another site that claims to be the original, but without the proper ID (which would prompt that error). As long as you are sure you are connected to the correct server, you can select "forever". You should get another prompt in the event that certificate ever reports differently.

 

The reason there isn't a certificate for your domain is they cost money and they require additional resource, since every SSL certificate has to run on it's own IP address.

 

To put an analogy to it, imagine a person has the name of John Doe, and they have a drivers license with the name John Doe on it. Your server is John Doe. You can think of the websites on a server as "nicknames" for John Doe. Say he goes by "Bud" or "JD". Although you can reference John Doe by his nicknames, you can only verify who he really is if you know is real name, and check it against his ID. He would have to have additional ID's for his nicknames (assuming that was legal) if he wanted to be identified officially by them. Then depending what you called him, he would give you the appropriate ID.

 

Hopefully somewhere up there I made sense. :)

!!blue Rising Star

!!blue

Posted
  • Author
Posted
If you say yes to allowing it, the connection is still secure (and encrypted) though.

great! that's what I needed to know, & thanks for the extra info too!

 

later,

!!blue

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...