The Eurofurence Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

Eurofurence 25 "Fractures in Time" - Estrel Hotel Berlin, August 14-18, 2019Follow eurofurence on Twitter

Pages: [1]   Go Down

Author Topic: Forum security certificate concerns  (Read 3362 times)

VulpesRex

  • Regular Member
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 163
Forum security certificate concerns
« on: 24.05.2015, 22:47:57 »

   For just a bit over week now, whenever I've visited the EF Forum page (NOT the EF21 home page) I have received a pop-up warning about the Security Certificate for the forum website.  The forum also initially appears as a "bare-bones" page with normal- and hypertext, no other graphics or embellishments.  

   If I choose to display the supposedly "non-secure" or "untrusted" content, I can do so - but the address in the URL window is highlighted in pink as well as a "Certificate Error" warning message with the following details:

       "CA Root certificate is not trusted - Issued to dapper.tigress.com, valid from 26/6/2006 to 26/7/2006".

   I am using an outdated browser; but still - this pop-up message hadn't started until just within the last two weeks.  Has some change been made in that time?
Logged
Vulpine fortunes are precarious; people wish either to build monuments to us - or to hang us.

Fineas

  • ConOps
  • Country: nl
  • Offline Offline
  • Gender: Male
  • Posts: 790
Re: Forum security certificate concerns
« Reply #1 on: 26.05.2015, 09:34:45 »

Odd. I don't know if something has changed in the mean time, but with my browser it says it is valid from 13 apr 2015 (3 weeks ago from this moment) till the same day in 2016.

Apart from that it seams to check out.

Browser: FF 35.0
« Last Edit: 26.05.2015, 09:42:20 by Fineas »
Logged

pierrot90

  • Regular Member
  • Offline Offline
  • Gender: Male
  • Posts: 36
  • ᵔᴥᵔ
    • Charity hike! Spendenlauf!
Re: Forum security certificate concerns
« Reply #2 on: 26.05.2015, 21:58:32 »

Maybe check if the time & date on your PC is correct.
Logged
Follow my blog during my hike to EF for Wildtierhilfe Fiel!
https://fielberlin.wordpress.com/

VulpesRex

  • Regular Member
  • Country: us
  • Offline Offline
  • Gender: Male
  • Posts: 163
Re: Forum security certificate concerns
« Reply #3 on: 27.05.2015, 10:06:17 »

Maybe check if the time & date on your PC is correct.

   They are; I am wondering if - after purging my browsing history, cookies, etc, why when I navigate back to the page (and log in), why I don't get (or "see" - I am kind of fuzzy on just how the CA certificate is aactually supposed to work) the updated info which Fineas (and presumably everyone else) sees.

   It is a minor inconvenience at this point, something easily worked around; but still, shows I probably need a new PC.  Everything which I use is cast-off equipment with older operating systems, which I don't have Admin rights to.

   I do have a nifty IBM T60 laptop with build-in modem, which I loaded KNOPPIX onto - but somehow KNOPPIX fails to see the modem, or sees it as something else, and my LINUX-Fu is at this point too weak to figure it all out (Linux in its various incarnations may be the code geeks' delight, but to us who don't possess intimate knowledge of all those two-letter commands and aren't comfortable with terminal-mode, it "Takes No Prisoners", and doesn't suffer fools like me gladly).
Logged
Vulpine fortunes are precarious; people wish either to build monuments to us - or to hang us.

Cheetah

  • Chairman
  • Administrator
  • *
  • Offline Offline
  • Posts: 6300
Re: Forum security certificate concerns
« Reply #4 on: 27.05.2015, 15:55:19 »

That's weird. I have no idea where that "dapper.tigress.com" root certificate is coming from - the forum certificate is definitely NOT self-signed, and it should look like this:

Logged
yours,

Cheetah

o'wolf

  • Pawpeteer
  • Press Relations
  • Country: de
  • Offline Offline
  • Gender: Male
  • Posts: 1156
    • Wölfisch
Re: Forum security certificate concerns
« Reply #5 on: 27.05.2015, 16:02:26 »

  I am using an outdated browser; but still - this pop-up message hadn't started until just within the last two weeks.  Has some change been made in that time?

You are apparently using a terribly outdated browser that doesn't implement Server Name Indication:

$ openssl s_client -connect forum.eurofurence.org:443
[..]
Certificate chain
 0 s:/C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=dapper.tigress.com/emailAddress=root@dapper.tigress.com
   i:/C=XX/ST=There is no such thing outside US/L=Everywhere/O=OCOSA/OU=Office for Complication of Otherwise Simple Affairs/CN=dapper.tigress.com/emailAddress=root@dapper.tigress.com
[..]
    Verify return code: 10 (certificate has expired)
$ openssl s_client -connect forum.eurofurence.org:443 -servername forum.eurofurence.org
[..]
Certificate chain
 0 s:/C=DE/CN=forum.eurofurence.org/emailAddress=dohmaihns@yatho.de
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
 1 s:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Class 1 Primary Intermediate Server CA
   i:/C=IL/O=StartCom Ltd./OU=Secure Digital Certificate Signing/CN=StartCom Certification Authority
[..]
    Start Time: 1432735217
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
$


Do yourself and the Internet a favor and update to a current browser version, yours likely has gaping security holes.
Logged
Is it that things really change? Or does the outside rearrange?
Is perception genuine? Or does truth lie deep beneath the skin?
— Heather Alexander, Blood and Passion
Pages: [1]   Go Up