Checkout & Ssl Pop Up

[thegeekstore]

Hi!

 

I was wondering if I could get rid of this window popping up when a customer proceeds to checkout:

 

You have established a connection with "YOUR IP" However the security certificate presented belongs to "YOUR SERVER" It is possible, though unlikely, that someone may be trying to intercept your communication with this website.

 

If you suspect the certificate shown does not belong to "YOUR IP" please cancel the connectioin and notify the site administrator.

 

It's pretty scary looking and I'm afraid might scare away some customers.

 

Any chance for the fix?

 

Thanks

Aasha

[MikeJ]

Hi Aasha,

 

As you may have figured out in your other thread, you'd have to get an SSL certificate for the domain you are using, or change your checkout to use the shared SSL setup.

 

It's supposed to be scary looking because it means that the SSL certificate does not match what the user requested.

[HCSuperStores]

Tis true, tis true.

 

Personally I hate our current arrangement of SSL setup. This monopoly that has developed where only certificates can be issued through these select root companies is just not cool in my eyes.

 

It reminds me of the way domain name registration was in the beginning. It was expensive and monopolistic. Hopefully things will loosen up some.

 

Today, most people don't care, or even check to care WHO the certificate was made out too. They just want to see that golden lock in the bottom of their browser window.

 

The whole purpose why I use SSL is for security, not company verification. They should allow secure 128-bit encryption encryption WITHOUT the need for verification. Today, just because you do have an SSL certificate, doesn't make you any more legitimate than the next company.

 

Sorry, but our current structure of SSL just burns me up! Mad!!!

 

I deal, but it's only because I am forced to.

[MikeJ]

Today, just because you do have an SSL certificate, doesn't make you any more legitimate than the next company.

I agree with you on the near monopoly on certificates. As for 128 bit encryption, that's available without a certificate... most web browsers anymore allow you to accept a dummy certificate so you don't repeatedly get a warning.

 

However, the purpose of SSL certificates isn't to tell you that a company is good or not, it's to tell you that what you requested in your browser is what you got. Without it, someone could redirect your nice 128-bit encrypted connection to their server without you knowing it, and while you thought your connection was secure to company A (say your bank account), you could be typing your confidential information to someone harvesting it, instead of the intended server.

[HCSuperStores]

Hi MikeJ,

 

I'm enjoying this dialog because I just went through several months of learning everything I could about SSL certificates along with browser and compatibility issues.

 

First, I BELIEVE that the original purpose, besides sending data securely, was to verify a company’s identity. I say this because many of the current root certificate holders will still put you through a lengthily verification process. Lengthily compared to everything else you can do on the web. They are moving away from that, but even my certificate required several pieces of personal information and a voice recording to have on file.

 

Second, not all browsers work with sharing certificates. I found that while WindowsXP could care less who issued the certificate and that it didn't belong to the correct domain name, that Windows 98 and Windows ME, both running current versions of IE 6, wouldn't even return the web page. Instead it produced an error.

 

It is this reason that I knew I had to get a certificate for my domain/company to be sure that I had at least a 95% browser compatibility to do any viable e-commerce.

 

Sure, I could get a free certificate from a company in Australia, but then the browser would scream that they didn't know the issuer of the certificate. Again, it goes back to the monopolist nature of our current issuance process.

 

The process is not impeded by technology. The ability to self-issue a certificate is achieved by OpenSSL. Many of us use OpenSSL in part for secure server communication, where a browser is not involved. The process is impeded by our current limited list of issuers that somehow get themselves on Microsoft’s lists of issuers. And you can't tell me that there isn't some money flowing there.

 

My desire is that this process would be investigated, like they have investigated MS regarding the OS. I bet you there's plenty of dirt to dig up there.

 

Sorry ... now I feel like I just wrote a commentary!