PDA

View Full Version : Security certificate, using https: - seems to be invalid and old.



Audio Advent
10-04-2016, 20:53
For some reason I encountered this problem today - I normally let autocomplete choose the url for art of sound so perhaps has never before tried to used https:

When doing so I get this info:


Your connection is not secure

The owner of www.theartofsound.net has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

And from the Advanced tab:


www.theartofsound.net uses an invalid security certificate.

The certificate is not trusted because it is self-signed. The certificate is only valid for Parallels Panel The certificate expired on 25 July 2015 12:21. The current time is 10 April 2016 21:51.

Error code: SEC_ERROR_UNKNOWN_ISSUER

Do you have a security certificate for Art of Sound?

struth
10-04-2016, 20:57
I am using Firefox at moment through linux, and have not encountered that.

Barry
10-04-2016, 21:01
Nor I, using bog-standard Internet Explorer. Perhaps Nick (Beechwoods) will be able to advise.

NRG
10-04-2016, 21:14
Why are you using HTTPS?

If I try that using Safari on an Ipad I get a similar message using Details from the pop up that appears.

Audio Advent
10-04-2016, 21:27
Why are you using HTTPS?

If I try that using Safari on an Ipad I get a similar message using Details from the pop up that appears.

I'm not in general - see my original post for the explaination. But now that I've discovered that problem with the security certificate, I'm pointing it out so people know and can correct it.

But using https and making https the default for ANY site (as many websites do) helps protect users from such things as identity theft on the site. I don't necessarily consider that to be a big problem for AoS :) but it is a reason for it. To deliberately NOT choose https for AoS if I were practicing good cyber security could leave me vulnerable by me forgetting to change settings back to https after using AoS. Many people use https add-ons to ensure they're using https where they can - I guess you'd then have to add an exception for AoS.

Here's an article as to why one should use https: all the time: http://mashable.com/2011/05/31/https-web-security/#qkSV10czgsqa

Marco
10-04-2016, 22:28
For some reason I encountered this problem today - I normally let autocomplete choose the url for art of sound so perhaps has never before tried to used https:

When doing so I get this info:



And from the Advanced tab:



Do you have a security certificate for Art of Sound?

Hi Sam,

I haven't got the slightest clue what's happening there, or what a "security certificate" is or what it relates to. I don't really deal with the technical side of things here, so will alert my fellow member of admin Nick (Beechwoods), who does, and ask him to comment and hopefully clarify the matter for you :)

Marco.

struth
10-04-2016, 22:37
The cert apparently ran out in Sept. or that was the message I got via an https request just a short while ago. not really a major problem but if thats the case then sure Nick will know why. I never have bothered with the https stuff especia;ly.

NRG
10-04-2016, 22:59
I'm not in general - see my original post for the explaination. But now that I've discovered that problem with the security certificate, I'm pointing it out so people know and can correct it.

But using https and making https the default for ANY site (as many websites do) helps protect users from such things as identity theft on the site. I don't necessarily consider that to be a big problem for AoS :) but it is a reason for it. To deliberately NOT choose https for AoS if I were practicing good cyber security could leave me vulnerable by me forgetting to change settings back to https after using AoS. Many people use https add-ons to ensure they're using https where they can - I guess you'd then have to add an exception for AoS.

Here's an article as to why one should use https: all the time: http://mashable.com/2011/05/31/https-web-security/#qkSV10czgsqa

I understand but am intrigued as to what sensitive personal data you are sharing with theartofsound.net.... a HiFi discussion forum. You can browse Amazon and not need the connection to be encrypted but as soon as you log in then the connection is encrypted, naturally as your CC details, full name and address are available, but a HiFi forum? There are articles saying the opposite as well, encrypting every connection is not realistic and essentially unnecessary.

Marco
10-04-2016, 23:07
The cert apparently ran out in Sept. or that was the message I got via an https request just a short while ago. not really a major problem but if thats the case then sure Nick will know why. I never have bothered with the https stuff especia;ly.

No worries, but I've no idea what the certificate is for or why it (apparently) has run out. I didn't even know we had one in the first place! Anyway, rest assured that if something needs attending to, it will be ASAP.

As for the techy/computer geekery Sam was referring to, it's all Double-Dutch to me, so I've no idea what he is getting at.

Marco.

Audio Advent
10-04-2016, 23:12
I understand but am intrigued as to what sensitive personal data you are sharing with theartofsound.net.... a HiFi discussion forum. You can browse Amazon and not need the connection to be encrypted but as soon as you log in then the connection is encrypted, naturally as your CC details, full name and address are available, but a HiFi forum? There are articles saying the opposite as well, encrypting every connection is not realistic and essentially unnecessary.

Who says I am? I'm not saying I am. My original post says that I found out by accident - normally I type two letters of the url and autocomplete in my browser brings up artofsound.net in plain old http.

This one time I used https accidentally - it was suggested for me but not as per the usual autocomplete - and it comes up with this. So I came here to let people know, community and all that.

But all the same in general, even if it is unnecessary in some cases, it is generally better practice to get into the habbit of using https so that when it IS worthwhile you do it out of habbit and take not when a site is not secure - e.g. you might pass financial details over PM on here whilst in some dodgy internet cafe.

struth
10-04-2016, 23:13
I understand but am intrigued as to what sensitive personal data you are sharing with theartofsound.net.... a HiFi discussion forum. You can browse Amazon and not need the connection to be encrypted but as soon as you log in then the connection is encrypted, naturally as your CC details, full name and address are available, but a HiFi forum? There are articles saying the opposite as well, encrypting every connection is not realistic and essentially unnecessary.

that was my thoughts as well, but thought I would leave it to experts, of which I aint one

Audio Advent
10-04-2016, 23:18
As for the techy/computer geekery Sam was referring to, it's all Double-Dutch to me, so I've no idea what he is getting at.

Marco.

Me neither. I copy and pasted it...

But reading the english, it looks as though the certificate is one used by Parallels Panel - if you google it, its a webhosting company, probably what this is hosted by. Self-signed implies that you can validate it yourself without it being on some kind of registered and approved database. The english of the code in the error looks as though it goes off to check the certificate against a database and it's throwing up an error because it can't find it on there.

Sounds like just the small details of web hosting to me, just a little tidying to do if Nick feels it's necessary.

Audio Advent
10-04-2016, 23:20
[/B]

that was my thoughts as well, but thought I would leave it to experts, of which I aint one

Haha - The internet is so full of contradictory advice from equally qualified experts that we can now pick and choose the advice according to what we already do and what we already think. :)

NRG
10-04-2016, 23:23
Who says I am? I'm not saying I am. My original post says that I found out by accident - normally I type two letters of the url and autocomplete in my browser brings up artofsound.net in plain old http.

This one time I used https accidentally - it was suggested for me but not as per the usual autocomplete - and it comes up with this. So I came here to let people know, community and all that.

But all the same in general, even if it is unnecessary in some cases, it is generally better practice to get into the habbit of using https so that when it IS worthwhile you do it out of habbit and take not when a site is not secure - e.g. you might pass financial details over PM on here whilst in some dodgy internet cafe.

I wasn't saying you where! It was rhetorical. Your community spirt is admirable though, keep it up.

Marco
10-04-2016, 23:30
But reading the english, it looks as though the certificate is one used by Parallels Panel - if you google it, its a webhosting company, probably what this is hosted by.


Except that I've never heard of Parallels Panel, and they are certainly not the site's hosts, unless they're part of a sister company or something.


Sounds like just the small details of web hosting to me, just a little tidying to do if Nick feels it's necessary.

Well, if that's the case it will most certainly be sorted out. Anyway, thanks for alerting us to this :)

Marco.

Beechwoods
11-04-2016, 17:12
Thanks for raising this - to be honest the forum was never configured for HTTPS access, and we've never tested it. Parallels Plesk is a system that runs on the server and allows people like me to configure various backend bits without having to worry about getting too handy with code etc. It handles certificate storage for secure sites running Plesk.

The certificate (self signed) needs to be regenerated at some point for my own benefit but it shouldn't affect the site itself - I need to make sure that the server isn't configured to announce itself as an allowing HTTPS so that 'HTTPS Anywhere' and the like doesn't try and establish a secure connection.

Not sure how long that'll take so bear with me...

Marco
12-04-2016, 08:21
Nice one, Nick. Thanks for looking into this. I look forward to seeing what the outcome is :)

Marco.

Beechwoods
19-04-2016, 06:31
I have disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net - it would be useful if the original poster could confirm that their connections no longer default to trying for a secure connection. Attempting to connect directly to https://theartofsound.net will no longer be accepted. I'll have a look this evening and see if I can set up a redirect to send https:// connections back to our usual http:// site, for neatness's sake.

Marco
19-04-2016, 14:15
That would be interesting if I knew what it meant, or how it impacts upon/changes what Sam was getting at in his opening post... ;)

Marco.

struth
19-04-2016, 14:24
Comes up refused to connect Nick as it should.

struth
19-04-2016, 15:11
That would be interesting if I knew what it meant, or how it impacts upon/changes what Sam was getting at in his opening post... ;)

Marco.

It means anyone trying to connect to the site via https wont now get an invalid security certificate notice but will currenty just get a refused message. If Nick puts a re route in then they will get directed to the site via an http url.

Marco
19-04-2016, 16:52
Ah, I see :)

Marco.

Audio Advent
19-04-2016, 19:22
I have disabled SSL / HTTPS. Connections to The Art of Sound should always be via http://theartofsound.net - it would be useful if the original poster could confirm that their connections no longer default to trying for a secure connection. Attempting to connect directly to https://theartofsound.net will no longer be accepted. I'll have a look this evening and see if I can set up a redirect to send https:// connections back to our usual http:// site, for neatness's sake.

I'm not sure why it gave me https ... Was a one off and can't get it to replicate it.