Quotes
“Some are destined to succeed, some are determined to succeed.”
by H.H. Swami Tejomayananda
Artisteer - Wordpress Theme Generator
Most Read Posts
  • No results available
Categories

Invalid Server Certificate Warnings

March 3, 2010 | Author Debbie
Google Buzz

I have had two separate support questions raised because of the Invalid Server Certificate Warning in both Internet Explorer (IE) and Firefox (FF) this week, so I thought I’d post a brief explanation about this issue.

From time-to-time, you may receive one of the following Server Certificate warnings or error message, as some call it.

IE Server Certificate Warning or Error Message

(Click to view larger image)

The above graphic is what you will see if you are using Internet Explorer.

Firefox Server Certificate Warning or Error Message

(Click to view larger image)

The above graphic is what you will see if you are using Firefox.

Google Chrome Server Certificate Warning

(Click to view larger image)

The above graphic is what you will see if you are using Google Chrome.

I have blurred out the clients website I was visiting to get this image.

Apple Safari Server Certificate Error or Warning

(Click to view larger image)

The above graphic is what you will see if you are using Apple Safari.

I have blurred out the clients website I was visiting to get this image.

Why does this happen?

It happens because the security certificate – the code that makes the HTTP an HTTPS (or secure connection) has been self-signed and has not been issued by a certification authority such as Thawte, Verisign, and so forth.

Where does it happen?

It should only happen when you are logging into your own secure e-mail client on your web hosting site, or when you try to access your control panel on your web hosts site.

When should I NOT see this?

You should NEVER see this when you are logging into:

  • Any financial site, as in your bank, trading accounts, insurance, credit card institution or other such sites.
  • Any online shopping site.
  • Any site where you are required to exchange confidential information such as banks, credit bureaus, stock brokerage, and so on.

Why does my web host do this?

Certificates from a certifying authority is costly especially for hosting companies. Many hosts self sign certificates to allow secure access for their customers who want security when accessing their online email or control panel for their hosting accounts.

If I log in to my e-mail or control panel anyway, am I still secure?

You are secure to the level of security that your web host offers. You need to check with them as to the level of encryption they provide.

Keep in mind that the certificate does not guarantee encryption.  If the certificate was provided by a third party provider, it only guarantees that the site and the site owner has been verified that they are, who they say they are!

Why is this such an issue?

It’s an issue because of the scammers and phishers that have become rampant on the Internet. The browser providers like Google Chrome, IE, FF, and Safari – to name a few – have included this warning to help you spot a phishing or scammer site more easily.

Can I ignore this warning?

Yes, if you know with CERTAINTY that this is the site you want to go to.

If you have clicked on a link in an email, a Twitter DM, or any other web page link and you see this message, do not proceed! Chances are good it’s a phishing or scam site.

If you have typed in the URL to your webmail or control panel account on your web host, or clicked the link from within your web hosts setup information, then you can proceed safely. In the images that follow, you will see that there is also a button in the Firefox message that will allow you to see the actual self-signed certificate to make sure you are at your web hosts server.

How can I stop this error message?

If you are getting this error message when you try to login to your web host control panel or web mail on your web host, you can add a permanent exception by accepting the self-signed certificate.

In most browsers, you can click on a button to see the actual self-signed certificate and verify it’s your web host. The following is an example of a self-signed certificate on a LunarPages server.

Lunar Pages Server Certificate Example

(Click to view larger image)

In Firefox, it’s a slightly different behavior.  You have to click the arrow next to the second line item to get to view the certificate or accept it.

Add an Exception in Firefox

(Click to view larger image)

Adding an exception in Firefox

(Click to view larger image)

Remember, this is normal behavior if you are signing in to your web host email or control panel and neither you, nor your web host have purchased a certificate from an issuing authority.

It is NOT normal behavior for any sites that you would do business with like shops, financial and investment institutions, and other such businesses.

I hope this helps clear up the matter of Server Certificate warnings.

bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark bookmark

Posted in Training & Education | Tags: , , , , , , , , , , , , , , , , , | 6 Comments »
Get Our Tech Tips!
Sign up for our Tech Tips!
Email:  

Join today and receive a FREE copy of our "Why is My PC So Slow?" eBook!
BlogTalk Radio
Listen to internet radio with TechnicalTidbits on Blog Talk Radio
Subscribe to Our Feed!

RSS Feed Image
Subscribe to Technical Tidbits

Expert Author
As Featured On EzineArticles

Design Layout by Debbie Mahler
Powered by LunarPages, WordPress and Artisteer - #1 Wordpress Theme Generator.