| View previous topic :: View next topic |
| Author |
Message |
KEVM
Joined: 30 Sep 2008
Posts: 13
|
 Posted: Fri Feb 05, 2010 12:02 am Post subject: Issues with 'security certificate' |
 |
|
Hi John (and everybody...)
I have an issue with 'my' MC site that I have struggled with for a while,
and I need help.
If you go to our site,
http://tlc.ctsmemberconnect.net/
and click the 'Listen to our sermons' button
- MS IE will give you the message
'There is a problem with this website's security certificate.'
If you select the option 'Continue to the website...' everything works OK.
This issue is probably related to a http;/ vs https:/ adressing item,
but I have not figured it yet - please help!
This issue might have first occurred back in Oct, when you made
some 'move' of the server site.
Totally unrelated - the 'move' this past weekend seems to have been
successful, and responsetimes seems to have improved!
Karl
_________________
K Molander
Trinity Lutheran Church
Chelmsford, MA |
|
| Back to top |
|
 |
Tech John
Joined: 03 Aug 2007
Posts: 302
Location: St. Louis, MO
|
|
| Back to top |
|
|
KEVM
Joined: 30 Sep 2008
Posts: 13
|
| Posted: Sat Feb 06, 2010 1:02 am Post subject: |
|
|
John,
I appreciate the notes and references about 'mixed contents'.
The educational notes about secure vs non-secure transfers might
be helpful to other users - in my case I've worked with it for
decades (-yes since the internet was borne...) and
that's not what my question was.
My question is related to the 'Security Certificate'
- where is it created?
- where is it stored?
- what is the procedure to get it fixed?
You also (in the reffered notes) indicates that that the MC
references should all be https:
-OK, but a number of your built in templates generates http:
so what am I supposed to do?
Karl
_________________
K Molander
Trinity Lutheran Church
Chelmsford, MA |
|
| Back to top |
|
|
Tech John
Joined: 03 Aug 2007
Posts: 302
Location: St. Louis, MO
|
| Posted: Mon Feb 08, 2010 10:48 am Post subject: |
|
|
OK, a security certificate is used when web browsing as a "key" to read secure information being received as part of a web page'a information. Mostly, they are used with secure pages (https pages) for transmitting and sending information in a secure, encrypted manner. The certificate works as the key to encrypt and decrypt the data being sent and received from your browser.
Usually, the certificates are created and stored locally, as a portion of your web browser's temporary internet files and history. In some cases, such as with the Sun Micosystem Java plug-in, those files are stored in the program locations for that plug in.
If a certificate expires (as most will after certain time periods), they will display a security warning advising the browser user to download an updated certificate.
In the specific case of Java, often the current version must be updated or replaced by going to Control Panel in Windows, Going to the Java Control Panel and either updating Java, or deleting its certificates. This can also be true for security certificates related to other web browser plug-ins (it depends on the plug-in used). |
|
| Back to top |
|
|
KEVM
Joined: 30 Sep 2008
Posts: 13
|
| Posted: Mon Apr 19, 2010 6:52 pm Post subject: Well, at least I found a workaround |
|
|
After a lot of investigation, I think I've nailed down what triggers the 'Security Certificate' warning message in MS IE
As an illustration consider the following links:
http://tlc.ctsmemberconnect.net/home-ctrl.do
https://tlc.ctsmemberconnect.net/home-ctrl.do
http://www.tlc.ctsmemberconnect.net/home-ctrl.do
The previous three combinations work OK.
https://www.tlc.ctsmemberconnect.net/home-ctrl.do
This combination triggers the MS IE 'There is a problem with this website's security certificate.' message.
So, If you have links in your site that uses both secure protocol (https prefix) and the www. URL prefix, you'll trigger this warning in some browsers (Note; I've seen this effect on other member sites).
This issue started to show up on our site around past 'Thanksgiving',
and coincidently, the ctsmemberconnect security certificate was renewed on 10/26/2009. I can't tell if that's the root cause, but it seems to be a 'smoking gun' to me...
Tech John might consider forwarding this info to the development team,
and maybe to ammend the
http://www.cphforums.com/cts/viewtopic.php?t=122
note.
Karl
_________________
K Molander
Trinity Lutheran Church
Chelmsford, MA |
|
| Back to top |
|
|
Tech John
Joined: 03 Aug 2007
Posts: 302
Location: St. Louis, MO
|
| Posted: Tue Apr 20, 2010 7:19 am Post subject: |
|
|
Thanks for the post.
The development team is already aware of this issue with secure and unsecure pages.
One clarification: it is not a difference between the https prefix and a www URL prefix that triggers this; it is the difference between using a secure https prefix and an unsecure http prefix. This is described in greater detail in the following post:
http://www.cphforums.com/cts/viewtopic.php?t=122
(Linking there again since that page has a more detailed explaination of what will make a page contain both secure and unsecure elements). |
|
| Back to top |
|
|
KEVM
Joined: 30 Sep 2008
Posts: 13
|
| Posted: Tue Apr 20, 2010 9:39 pm Post subject: |
|
|
I must be terribly bad at explaining the issue at hand.
It does NOT relate to
"Both secure and non-secure (mixed) page content!"
It relates to the Security Certificate presented by the MemberConnect server.
Trying to access https://www.tlc.ctsmemberconnect.net/home-ctrl.do ,
MS IE presents the following blocking message:
==============
Certificate Error: Navigation Blocked
There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
• Click here to close this webpage.
• Continue to this website (not recommended).
• More information:
If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.
For more information, see "Certificate Errors" in Internet Explorer Help.
==============
The reason I suggested you ammend topic 122, is that your info in that topic suggests that this URL construct would be OK - which it obviously is not!
_________________
K Molander
Trinity Lutheran Church
Chelmsford, MA |
|
| Back to top |
|
|
Tech John
Joined: 03 Aug 2007
Posts: 302
Location: St. Louis, MO
|
| Posted: Wed Apr 21, 2010 7:50 am Post subject: |
|
|
Yeah, we are talking about two different subjects here (sorry if there was a misunderstanding here).
When you try to access a MC page with a
https://www.mychurch.ctsmemberconnect.net address, you will receive a security warning in most browsers (not just IE). The reason for this is because you are technically forwarding to a different secure address (in our example, clicking continue will be forwarded to https://mychurch.ctsmemberconnect.net).
Because you are being rerouted to a different secure page (one with a different prefix since there is no www on the second page), the security certificate warning will be displayed. Your browser basically is warning you that you are jumping from one secure site to another. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
