News:

Eurofurence 28 — "Cyberpunk"
Sep 18 – 21, 2024
CCH — Congress Center Hamburg


Forum security certificate concerns

Started by VulpesRex, 24.05.2015, 22:47:57

Previous topic - Next topic

VulpesRex

   For just a bit over week now, whenever I've visited the EF Forum page (NOT the EF21 home page) I have received a pop-up warning about the Security Certificate for the forum website.  The forum also initially appears as a "bare-bones" page with normal- and hypertext, no other graphics or embellishments.  

  If I choose to display the supposedly "non-secure" or "untrusted" content, I can do so - but the address in the URL window is highlighted in pink as well as a "Certificate Error" warning message with the following details:

      "CA Root certificate is not trusted - Issued to dapper.tigress.com, valid from 26/6/2006 to 26/7/2006".

  I am using an outdated browser; but still - this pop-up message hadn't started until just within the last two weeks.  Has some change been made in that time?
Vulpine fortunes are precarious; people wish either to build monuments to us - or to hang us.

Fineas

#1
Odd. I don't know if something has changed in the mean time, but with my browser it says it is valid from 13 apr 2015 (3 weeks ago from this moment) till the same day in 2016.

Apart from that it seams to check out.

Browser: FF 35.0

pierrot90

Maybe check if the time & date on your PC is correct.
Follow my blog during my hike to EF for Wildtierhilfe Fiel!
https://fielberlin.wordpress.com/

VulpesRex

Quote from: pierrot90 on 26.05.2015, 21:58:32
Maybe check if the time & date on your PC is correct.

   They are; I am wondering if - after purging my browsing history, cookies, etc, why when I navigate back to the page (and log in), why I don't get (or "see" - I am kind of fuzzy on just how the CA certificate is aactually supposed to work) the updated info which Fineas (and presumably everyone else) sees.

   It is a minor inconvenience at this point, something easily worked around; but still, shows I probably need a new PC.  Everything which I use is cast-off equipment with older operating systems, which I don't have Admin rights to.

   I do have a nifty IBM T60 laptop with build-in modem, which I loaded KNOPPIX onto - but somehow KNOPPIX fails to see the modem, or sees it as something else, and my LINUX-Fu is at this point too weak to figure it all out (Linux in its various incarnations may be the code geeks' delight, but to us who don't possess intimate knowledge of all those two-letter commands and aren't comfortable with terminal-mode, it "Takes No Prisoners", and doesn't suffer fools like me gladly).
Vulpine fortunes are precarious; people wish either to build monuments to us - or to hang us.

Cheetah

That's weird. I have no idea where that "dapper.tigress.com" root certificate is coming from - the forum certificate is definitely NOT self-signed, and it should look like this:

yours,

Cheetah

o'wolf

Quote from: VulpesRex on 24.05.2015, 22:47:57
  I am using an outdated browser; but still - this pop-up message hadn't started until just within the last two weeks.  Has some change been made in that time?

You are apparently using a terribly outdated browser that doesn't implement Server Name Indication:

$ openssl s_client -connect forum.eurofurence.org:443
[..]
Certificate chain
0 s:/C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=dapper.tigress.com/emailAddress=root@dapper.tigress.com
   i:/C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=dapper.tigress.com/emailAddress=root@dapper.tigress.com
[..]
    Verify return code: 10 (certificate has expired)
$ openssl s_client -connect forum.eurofurence.org:443 -servername forum.eurofurence.org
[..]
Certificate chain
0 s:/C=DE/CN=forum.eurofurence.org/emailAddress=dohmaihns@yatho.de
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
[..]
    Start Time: 1432735217
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
$


Do yourself and the Internet a favor and update to a current browser version, yours likely has gaping security holes.
Is it that things really change? Or does the outside rearrange?
Is perception genuine? Or does truth lie deep beneath the skin?
— Alexander James Adams, Blood and Passion