Comments on: Why ssl_error_bad_cert_domain is bad http://www.sslfail.com/2009/01/why-ssl_error_bad_cert_domain-is-bad/ 1.2.840.113549.1.1 Thu, 01 Jul 2010 03:13:58 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Sérgio Carvalho http://www.sslfail.com/2009/01/why-ssl_error_bad_cert_domain-is-bad/comment-page-1/#comment-4173 Sérgio Carvalho Fri, 25 Sep 2009 09:49:47 +0000 http://www.sslfail.com/?p=174#comment-4173 Hello, I have two sites with certificates in my IIS, but my problem is that the second site when opened in browser give certificate error and show the certificate of the first site. When I view certificate in properties of the site in IIS, show the correct certificate. what is the problem ? you can view the problem accessing https://www.prevoironline.pt Hello,

I have two sites with certificates in my IIS, but my problem is that the
second site when opened in browser give certificate error and show the
certificate of the first site.

When I view certificate in properties of the site in IIS, show the correct
certificate.

what is the problem ?

you can view the problem accessing https://www.prevoironline.pt

]]> By: Michael Dickey http://www.sslfail.com/2009/01/why-ssl_error_bad_cert_domain-is-bad/comment-page-1/#comment-14 Michael Dickey Thu, 15 Jan 2009 20:04:28 +0000 http://www.sslfail.com/?p=174#comment-14 Yeah, I'm disappointed in how IE uses newer certs like EV SSL. Well, ok, I'm disappointed only because it takes more effort to support that pretty green bar in IE than it does in Firefox. I notied that akamai thing too, and I consider that bad, just like you do. Seriously, the name sounds Chinese, and they're causing an error in my browser. Hackers, hackers! You're absolutely right, although I'd word it that there are three parts to SSL: 1. technical (encyption) 2. verification (technical/CA trust?) 3. user trust/perception The first part is easy, really. The second part is more robust these days, but still pretty much on the heads of the CAs to get it right. The third part is touchy. I'm not a huge fan of user education to solve this because I don't know how to teach my parents right now, since this whole issue is a mess. I think sites need to get it right on the technical level, which can be more difficult than it looks at first. :( Yeah, I’m disappointed in how IE uses newer certs like EV SSL. Well, ok, I’m disappointed only because it takes more effort to support that pretty green bar in IE than it does in Firefox.

I notied that akamai thing too, and I consider that bad, just like you do. Seriously, the name sounds Chinese, and they’re causing an error in my browser. Hackers, hackers!

You’re absolutely right, although I’d word it that there are three parts to SSL:
1. technical (encyption)
2. verification (technical/CA trust?)
3. user trust/perception

The first part is easy, really. The second part is more robust these days, but still pretty much on the heads of the CAs to get it right. The third part is touchy. I’m not a huge fan of user education to solve this because I don’t know how to teach my parents right now, since this whole issue is a mess. I think sites need to get it right on the technical level, which can be more difficult than it looks at first. :(

]]> By: jgraver http://www.sslfail.com/2009/01/why-ssl_error_bad_cert_domain-is-bad/comment-page-1/#comment-13 jgraver Wed, 14 Jan 2009 22:37:35 +0000 http://www.sslfail.com/?p=174#comment-13 SSL has helped the Web become what it is today (think eCommerce and online banking). From the user perspective any misconfiguration in SSL that causes a warning / popup will cause them to question the site's security. SSL might be encryption and authentication but from the perspective of a user on the other end of the browser, SSL is trust. Users don't really know / care what these different errors are. They are bad and look suspicious to the untrained eye. We will post more on the issue of trust in SSL. SSL has helped the Web become what it is today (think eCommerce and online banking). From the user perspective any misconfiguration in SSL that causes a warning / popup will cause them to question the site’s security.

SSL might be encryption and authentication but from the perspective of a user on the other end of the browser, SSL is trust. Users don’t really know / care what these different errors are. They are bad and look suspicious to the untrained eye.

We will post more on the issue of trust in SSL.

]]>