Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersSecurity problem with Ravensdown website?


14449 posts

Uber Geek
+1 received by user: 1899


Topic # 198555 13-Jul-2016 18:58
Send private message

I am trying to access the login page of this website https://www.myravensdown.co.nz/ .  But it comes up with  security error in Firefox. But it doesn't in Chrome or Edge. Anyone know if there is anything on this website that could be causing security error in Firefox. I have also tried it on multiple computers. When speaking to the company, they said they had talked to their website people who said it was fine and secure. But they had also had other people who had contacted them .

 

Looking at it in more depth, the certificate looks to have a probelm

 

 

 

https://www.myravensdown.co.nz/ Peer's Certificate issuer is not recognized. HTTP Strict Transport Security: false HTTP Public Key Pinning: false

 

Is this a problem that the website people they use should know about and fix?

 

 

 

TIA

Filter this topic showing only the reply marked as answer Create new topic
121 posts

Master Geek
+1 received by user: 46


  Reply # 1592207 13-Jul-2016 19:04
Send private message

A few years ago e-asTTle did the same thing. I just used to add it as a security exception and the problem went away.

14285 posts

Uber Geek
+1 received by user: 2590

Trusted
Subscriber

  Reply # 1592209 13-Jul-2016 19:06
Send private message

The error is "Peer's Certificate issuer is not recognized". It's probably that Firefox doesn't trust the certificate authority the issued the certificate but Chrome and Edge do.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer

 
 
 
 




14449 posts

Uber Geek
+1 received by user: 1899


  Reply # 1592212 13-Jul-2016 19:08
Send private message

timmmay:

 

The error is "Peer's Certificate issuer is not recognized". It's probably that Firefox doesn't trust the certificate authority the issued the certificate but Chrome and Edge do.

 

 

 

 

Thanks, that is what I suspected from the error. Odd they wouldn't use a mainstream certificate company, as they are a pretty large well known NZ company and brand.

kol

5 posts

Wannabe Geek
+1 received by user: 2


  Reply # 1592213 13-Jul-2016 19:09
Send private message

Looks like they are missing the intermediate certificate/chain.

https://www.sslshopper.com/ssl-checker.html#hostname=myravensdown.co.nz
https://sslanalyzer.comodoca.com/?url=myravensdown.co.nz

 

 

14285 posts

Uber Geek
+1 received by user: 2590

Trusted
Subscriber

  Reply # 1592214 13-Jul-2016 19:09
One person supports this post
Send private message

Ok, the problem is the intermediate certificate authority between the root and this website isn't properly chained to the website's SSL certificate. It's not valid set up like this, but it's an indication of misconfiguration not of any particular security issue. When I set up the certificate on my server I had to chain the CA cert to my https cert to prevent this type of thing. Mozilla is more strict about this kind of thing than some other browsers.

 

Information here and here.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer

1508 posts

Uber Geek
+1 received by user: 213


  Reply # 1592226 13-Jul-2016 20:04
Send private message

Oddly, Chrome and Edge are happy with it, just Firefox is being picky about it. Looks like it is just the intermediates not being installed properly as someone pointed out above.




Try Vultr using this link and get us both some credit:

 

http://www.vultr.com/?ref=7033587-3B



14449 posts

Uber Geek
+1 received by user: 1899


  Reply # 1597424 23-Jul-2016 19:39
Send private message

So I contacted them again about the problem, and told them the fault was with the secure certificates configuration. However their website person say it is a problem with firefox, and that if I update firefox and totally reset it, it will then not display the error. I presume this means that they have fixed it and my browser is caching the old version. I have tried reseting firefox, but it still displays the error for me in my browser. So I am wondering if Spark is caching it. Is anyone able to please check whether the problem still occurs for them?

774 posts

Ultimate Geek
+1 received by user: 245

Trusted
Subscriber

  Reply # 1597447 23-Jul-2016 20:17
Send private message

mattwnz: Is anyone able to please check whether the problem still occurs for them?

 

It is a problem for me (Orcon UFB, FF47):

 

Your connection is not secure

The owner of www.myravensdown.co.nz has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.

21613 posts

Uber Geek
+1 received by user: 4430

Trusted
Subscriber

  Reply # 1597449 23-Jul-2016 20:19
Send private message

Unfortunately most web developers are just that, and do not really know much about the SSL or security side of things at all.

 

I recall I had to get some stuff from the cert issuer and upload it thru the cpanel SSL cert configuring thing to get it not erroring in firefox and passing ssl labs when I last bothered with a SSL cert. Was documented well and not difficult.




Richard rich.ms

1632 posts

Uber Geek
+1 received by user: 277

Subscriber

  Reply # 1597492 23-Jul-2016 21:59
Send private message

mattwnz:

 

So I contacted them again about the problem, and told them the fault was with the secure certificates configuration. However their website person say it is a problem with firefox, and that if I update firefox and totally reset it, it will then not display the error. I presume this means that they have fixed it and my browser is caching the old version. I have tried reseting firefox, but it still displays the error for me in my browser. So I am wondering if Spark is caching it. Is anyone able to please check whether the problem still occurs for them?

 

 

 

 

Use an SSL checker like this to rule out your browser.  Issue still exists.  I run SSL certs on several machines and did this by installing the cert in the wrong line under Apache, completely my mistake, and easily fixed.



14449 posts

Uber Geek
+1 received by user: 1899


  Reply # 1597525 23-Jul-2016 23:50
Send private message

richms:

 

Unfortunately most web developers are just that, and do not really know much about the SSL or security side of things at all.

 

I recall I had to get some stuff from the cert issuer and upload it thru the cpanel SSL cert configuring thing to get it not erroring in firefox and passing ssl labs when I last bothered with a SSL cert. Was documented well and not difficult.

 

 

 

 

Just looking at the position of the person who replied, it was their IT Web Systems Analyst . So for that sort of position, you would hope they would know all about SSL. It is just annoying when they try to blame the customer and their computer, and they claim that the problem isn't at their end.



14449 posts

Uber Geek
+1 received by user: 1899


  Reply # 1597530 24-Jul-2016 00:16
Send private message

itxtme:

 

mattwnz:

 

So I contacted them again about the problem, and told them the fault was with the secure certificates configuration. However their website person say it is a problem with firefox, and that if I update firefox and totally reset it, it will then not display the error. I presume this means that they have fixed it and my browser is caching the old version. I have tried reseting firefox, but it still displays the error for me in my browser. So I am wondering if Spark is caching it. Is anyone able to please check whether the problem still occurs for them?

 

 

 

 

Use an SSL checker like this to rule out your browser.  Issue still exists.  I run SSL certs on several machines and did this by installing the cert in the wrong line under Apache, completely my mistake, and easily fixed.

 

 

 

 

Thanks, I will let  them know they still have a problem. I just can't really understand when I pointed out the problem, they are still blaming it on my computer and Firefox as having the problem. They seem to think that because IE and Chrome  don't show any error, that the fault is Firefox.

14285 posts

Uber Geek
+1 received by user: 2590

Trusted
Subscriber

  Reply # 1597548 24-Jul-2016 07:56
One person supports this post
Send private message

I'd not bother with them, if they're too thick to understand it and brush you off. Maybe send them the SSL testing website link, but that's it. Stupid gets what stupid deserves. It's not a security problem, it's an accessibility problem.




AWS Certified Solution Architect Professional, Sysop Administrator Associate, and Developer Associate
TOGAF certified enterprise architect
Professional photographer

Filter this topic showing only the reply marked as answer Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Geekzone Live »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.