From owner-freebsd-questions@FreeBSD.ORG Sat Mar 2 11:30:44 2013 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 16E78E3A for ; Sat, 2 Mar 2013 11:30:44 +0000 (UTC) (envelope-from jerry@seibercom.net) Received: from mail-gg0-x232.google.com (mail-gg0-x232.google.com [IPv6:2607:f8b0:4002:c02::232]) by mx1.freebsd.org (Postfix) with ESMTP id 8B61A74E for ; Sat, 2 Mar 2013 11:30:43 +0000 (UTC) Received: by mail-gg0-f178.google.com with SMTP id 21so592593ggh.23 for ; Sat, 02 Mar 2013 03:30:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seibercom.net; s=google; h=x-received:date:from:to:subject:message-id:in-reply-to:references :reply-to:organization:x-mailer:face:mime-version:content-type :content-transfer-encoding; bh=/R4Rskk7ZoenvB0aOWlwvxdjsfWKCs12627MchsLW6Q=; b=YpaHk+osiyQShNimgDL35HEEs4KfERGxOMNAfOovo6U3/Kl+ybpm1OziFQckkADQiM UJ1CrBGbRVo1L/lGhswCjFCn6gt+MNIU2nKBr+z+XXH1ZWSdJtLONt0i66Q+FJYoEx/G DYeOlOE4Hmy4NNbrGSX9FUfludD4UYm9cEyos= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:date:from:to:subject:message-id:in-reply-to:references :reply-to:organization:x-mailer:face:mime-version:content-type :content-transfer-encoding:x-gm-message-state; bh=/R4Rskk7ZoenvB0aOWlwvxdjsfWKCs12627MchsLW6Q=; b=P2zdFny6cnXAciBeOHTfJ99HTY7REjzTJRWUIYG0fvouNm9GXN8rwNnyHLazZYPPa8 73ZfAcIbZDcW4Q93/0tvCQ+m3QM1rHg4QZcbGaGq/6egX4WiojHiBjidXfvz7YOGbBMj V8TmKgSEjt6Y5ygnDc90ilVnWSG/efsKW1r8adWGkIB6DBrDBzaVFkVHwp8BOrg0+4kH +zHkAZcwYwnzKWHvNjA1Dyb7kB2ETwMBns1DzG6HvzrKmWBtRI4H4PKrO9TKzxzMzgkv Sw0yUGntZFsXF2tI+ynl+Bs+K27Y4sxrRFGd+yFDX4zzukSA1VA8Z+p/MoFXvo2uVzkw ZTjg== X-Received: by 10.236.171.70 with SMTP id q46mr9828355yhl.122.1362223842048; Sat, 02 Mar 2013 03:30:42 -0800 (PST) Received: from scorpio.seibercom.net (cpe-076-182-104-150.nc.res.rr.com. [76.182.104.150]) by mx.google.com with ESMTPS id d80sm23968096yhg.4.2013.03.02.03.30.41 (version=TLSv1.2 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 02 Mar 2013 03:30:41 -0800 (PST) Received: from scorpio (localhost [127.0.0.1]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) (Authenticated sender: jerry@scorpio.seibercom.net) by scorpio.seibercom.net (Postfix) with ESMTPSA id 3ZJ50J3Y7kz2CG47 for ; Sat, 2 Mar 2013 06:30:40 -0500 (EST) Date: Sat, 2 Mar 2013 06:30:40 -0500 From: Jerry To: FreeBSD Subject: Re: https://wiki.freebsd.org/ certificate error Message-ID: <20130302063040.5710c374@scorpio> In-Reply-To: <20130302061222.75ebe236.freebsd@edvax.de> References: <5130B651.9030607@a1poweruser.com> <1362147256.788.3.camel@archlinux> <5130BC16.8020903@aboutsupport.com> <5130CC82.4000607@a1poweruser.com> <20130302061222.75ebe236.freebsd@edvax.de> Organization: seibercom.net X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.6; amd64-portbld-freebsd8.3) Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAHlBMVEUAAABYRlwJCw4FAgAIBwKprDkBAQFQLR0BAgCir7VRttp8AAACAUlEQVQ4jZWUTYvbMBCGTVl8V2hX6Gg5G5FbWQdBj0lEfE7BhN4cyzi5Wt1E5L70roWy6N92xok/skkP+5IYrMcz78xIduDWpNM3vFzuA/jX5EY1AI6KHFwW/CzFuQAwqUBbV12p+CzIh6Awq7sg33pn5D64SQXAexffeuQlA/L35RrkaB551OjGfP/cAO8mCNaDcgvfky5ijoD0pAXlCQCnljiAjsJD9Ax05Ko5sZxbnLQcmM+dZg5IjREfZrWIHK0JuwU68pAGwHvfRxBundRzTxxz3r9dNUikPsEihjz2Dc4kjp1hKsJGuot4EDxaxzMoC7XqhxhOSfZrTS6gSX1JVdjp+o1PvWfekXgw3WL0g70nDEwA0H0HQsEZc8sTmFMTkWUfYWC/vdR1zQy3xLQgLwzu90QnlnFLjeiGWBjwhb4Sa42IqOg2qqS4O1/zhKokFUb1Q8Rj4Eb69WVflXEehJ35DgChVTE5n50eaGyMLOfH8AOodoSM4PVYAQgQdBulOa+knklYks3vAuQ+uX492lTl+A+e8qBV2AKoXalVKFfyuUp0pUp1ARaUHh82lv9MN+Ig7CZtgE6FNYvjlywT2VP2dMgOG46gTIWcqdfvuwyXNz0oMJNd/N5lh1YNiJt19ADTUo3VuFSNeQwVqRSrGjSCp53fk2g+Mvfk/gfoPxHeUS8MH9vRAAAAAElFTkSuQmCC Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Gm-Message-State: ALoCoQlgGDY33mhfQ0CsqYJ6+pPPnGPWKe2WWnw+dwPXcmovsJUNqUJSH0HynjJc9SWLHCHHtYtW X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list Reply-To: FreeBSD List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 Mar 2013 11:30:44 -0000 On Sat, 2 Mar 2013 06:12:22 +0100 Polytropon articulated: > On Fri, 01 Mar 2013 10:42:58 -0500, Fbsd8 wrote: > > Javad Kouhi wrote: > > > Also no problem with FreeBSD 9.1 and chromium. But sometimes ago > > > I have this problem with all https sites. because the government > > > forged the wrong SSL certificate and my browser and my browser > > > warned me about it. Do you have this problem with other websites? > > > > > > On Fri, Mar 1, 2013 at 6:02 PM, Zyumbilev, Peter > > > wrote: > > >> > > >> On 01/03/2013 16:14, Ralf Mardorf wrote: > > >> > > >>> [1] $ firefox -version > > >>> Mozilla Firefox 19.0 > > >>> > > >> No problem with SeaMonkey 2.16. > > >> > > I use xp browser and it's certificate checking is enabled. > > You are sure using a more than 10 year old system should > be considered safe enough to provide a reference? > > > Maybe the browsers running from xorg desktops are NOT certificate > > aware so them not getting the error warning would be expected. > > They are. Or to be correct: The most prominent ones are, > like Firefox, Chrome, and Opera. More lightweight browsers > like dillo actually might not have this functionality. > > > The fact remains, the ms/browsers do find the wiki.freebsd.org > > wedsite's certificate invalid because the certificate ip address > > does not match the ip address the public dns points to. > > As it has been mentioned, one certificate can be used for > several IP addresses. Both www and wiki are located at > 8.8.178.110 (returned by "host" command), so there might > be a DNS issue or something comparable strange... > > I've checked with Opera 11.50 here, no problems. I think Brad Mettee nailed it with his response. And in this particular case, the certificate is for www.freebsd.org and freebsd.org, and the browser is complaining because it's being used on wiki.freebsd.org. Their certificate should have been issued for *.freebsd.org instead of just the main site name. Unfortunately I think all of the certificate issuers charge big $$$ for that type of cert...... I have seen this sort of thing several times before with different sites. The older versions of Firefox never picked up on it as often as IE would. I just tried this site using IE and immediately received the error message. The message stating: "The security certificate presented by this website was issued for a different website's address. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server." It then went on to give me the normal options of leaving the site or ignoring the error. Interestingly enough, Firefox, on the same machine, does not provide any indication that the certificate is questionable. Given the choice of being warned about a questionable certificate or having the browser silently ignore it, I would choose to be warned about it. -- Jerry ♔ Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. __________________________________________________________________