MSIE reports invalid security certificate for this site
trooks
Posts: 228
Dear Parallax,
When I type Parallax.com in MS IE using private mode I continue to get a warning not to go to this site.
IE reports that the security certificate given was issued for another site address.
Would you please get your security certificate updated. It makes me very nervous having to get this message. It also means you could be loosing potential customers if they are very sensitive to internet security.
If the problem is not with your site then I suggest you get in touch with Microsoft to see why they have red flagged your site.
An uneasy customer,
Tim
When I type Parallax.com in MS IE using private mode I continue to get a warning not to go to this site.
IE reports that the security certificate given was issued for another site address.
Would you please get your security certificate updated. It makes me very nervous having to get this message. It also means you could be loosing potential customers if they are very sensitive to internet security.
If the problem is not with your site then I suggest you get in touch with Microsoft to see why they have red flagged your site.
An uneasy customer,
Tim
Comments
It sounds like you're entering https: instead of http:
https://parallax.com/
will give an error because parallax.com's main site has no need to be a secure site and probably doesn't even HAVE a security certificate - they aren't cheap. Their ordering site DOES have a valid certificate, however, and that works fine - for me anyway.
http://parallax.com/
will work perfectly. Try it and let me know.
Dave
When I go to parallax.com I do not get the warning but it does not take my username and password when I try to log in from there.
I can then go to the forums screen and log in with my username and password fine from there. -???
The problem I reported is the reason I always type in a site name from another window instead of using links. Once I get to a site I then burrow down to whatever I was looking for. It is what I get for ignoring my own rule I suppose.
Winders are a pane but it is the devil I know.
(Note to self - ask doctor about changing pain meds on next visit)
Tim
Edit. This morning I realized my initial response was unnecessarily over over the top so I removed most of it. My apologies to trooks if you read that.
Sorry, my reply above was bad form and uncalled for.
Thinking about this again this morning I decided to ask Chrome what it thought about Parallax security.
On visiting https://parallax.com we get this warning:
This is probably not the site that you are looking for!
You attempted to reach parallax.com, but instead you actually reached a server identifying itself as www.parallax.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of parallax.com.
Sure enough if you download the certificate from Parallax and read it you find the Common Name is "www.parallax.com"
But the cert itself seems OK: "Verify return code: 0 (ok)"
So the first problem is that the certificate is not issued for "forums.parallax.com" or "parallax.com"
The question might be why isn't the forum using https?
At least passwords are not sent as plain text but they do seem to be the same string every time you log in !
Root Certificates is an optional update so check it to install it.
As far as I can see there is no way to get to the forum over https.
Parallax's site could also do a rewrite to force the preferred canonical version to www.parallax.com, but they have to be careful to indicate what they're doing in the response code so that search engines like Google don't think the site is playing hanky panky.
But this is a good catch. People may enter parallax.com/login... and get the warning. The IT staff might want to think about replacing the cert with one that allows wildcards, do a redirect (which may or may not work), or get a second certificate for the non-www URL.
Google... worried about hanky panky???
<ROFLMAO>
I had little use for my computer except for email and doing an occasional search for friends or relatives. Once you get a rep as being able to find about anything or find out why something is no longer available the people just keep pouring in.
I did something against my better judgment and tried Google for a while. The first time I noticed HD activity on my PC while I was just sitting there eating a sandwich I purged it as best I could from my system.
I now use MS IE Private Mode and wonder why I ever wasted time with Google. No matter how I tried to focus my search in Google I could still get over 100,000 hits.
Using MS IE I went from 60,000+ on my initial query down to 60 hits on my third set of filters. I was trying to track the source of some components and not a single one of the hits I got were in English. It seems that making components and modules has become a global cottage industry. It is strictly caveat emptor out there(here?) in the ether though.
Aaaahh... the NET!
- - - Entertainment... and... Diversions...!
- - For all Persuasions.... and... Perversions...!!
Tim
"Beer is proof that God wants us to be happy" - Thomas Jefferson
It is doubtful that "HD activity on my PC while I was just sitting there" is caused by any malicious activity by Google, despite their evil nature. Probably this is caused by the operating system.
Microsoft Windows is well known for this. It simply will not leave the disk alone. Until you start using a file system analysis tool, and spend many, many hours watching exactly what is happening while starting and stopping the dozens of "services" running on a PC, it is difficult to know exactly what is actually using the disk, and even then it's hard to be certain.
If by "tried Google" you mean Chrome, that browser does a ton of background tasks, including keeping itself updated on a fairly regular basis. To my knowledge, MSIE does not do background updates, but waits for the overall Windows system updates. If you don't have those on, or don't manually apply them, IE gets very outdated very fast.
The reason I ask is I have seen Chrome take up a lot of space on systems with unmanaged cache, but don't see it accessing the drive often, so I have always wondered. I should probably Google it lol.
Have you tried private mode aka incognito browsing on Chrome? If it's your cache, that will shut it up, and I guarantee you'll have better results than IE, especially when it comes to HTML5.
I open one window at a time. Cookies are forbidden. My friends do not bother to send me email with attachments. If strangers send email with attachments my systems routes it to the Spam folder.
There is nothing on my computer that requires updating except at my instigation.
When I run an application that has timed backups they all go to the CDRW.
Sometimes I will sit for a while with a web page open in the browser - like when I have to take a while to compose and type a forum entry.
In the months since I dropped Chrome not once has there been any unexpected HD activity.
Where do I look to find if a keystroke tracker is running on my computer?
If you really wanted to try Chrome again can you try using Incognito Mode?
It sounds like you want security at the browser. Here is some information on computer forensics when it comes to the two browsers in question. You're going to want to do a lot of reading about this to start to get an idea of how deep it can get - http://www.magnetforensics.com/how-does-chromes-incognito-mode-affect-digital-forensics/
That article is very good because it compares what you're saying works better than what actually does work better. That leads me to believe there is more to your problem than we'll be able to discover. Here is a snippet- " The result with using Chrome’s incognito is far fewer artifacts ever hitting the disk and ultimately going into unallocated space."
So that means that your best bet for least disk usage is usually Chrome.
I do gateway security so I'm not up to date on keylogger detection. I get annoyed that stuff like that can get through the gateway and start going down the list of all the gateway security solutions and how nobody uses them, etc etc..
http://www.ironkey.com/
https://www.torproject.org/
RDL2004, Thank You for the two pointers to additional information.
For now I am satisfied with the fact that as far as I can tell the mysterious HD activity has ended.
As I said earlier the stuff that I most want to keep to myself goes directly from whichever app I am using to removable media. Even screen prints of stuff I want to come back to later are written to removable media. That is something I learned back when the company I was working for was among the first to be authorized to install and maintain IBM PCs.
I am far too busy at this time to switch over to UNIX. I have a couple of friends that swear by Firefox.
I once worked with Unix on equipment handling T-1 and Frac-T1 communications links. The processors on those systems were the ones the government would not let us sell to the Russians. Big Blue could still sell whatever they wanted to sell to anybody they wanted to sell it to. We also had the world champion chess playing computer at that time.