small website security issue

[Orga1]

I haven't seen this until today. When I go to log-in on the enb-emulator forums using Firefox, I get an (This Connection is Untrusted) page. Now I do have Comodo firewall, but I'm not sure if this warning is a false positive or not. If you did move your data to a different domain then you wouldn't have the same certificate or that certificate expired right? According to this link: [url="http://www.sslshopper.com/ssl-certificate-not-trusted-error.html"]http://www.sslshopper.com/ssl-certificate-not-trusted-error.html[/url]

Just curious because 3 months ago I could visit the same forum site and log-in without seeing a (Certificate is not trusted, because it hasn't been verified by a recognized authority) warning. So just if I do except it and add the certificate so I can sign-in to let you know, then It should be safe right? I doubt this problem has appeared before but thats why I'm questioning it now. To find out if it's on your side or Comodos side.

Below is a link to a picture of the event.
[url="http://imageshack.us/f/402/untrustedconnection1304.png/"]http://imageshack.us/f/402/untrustedconnection1304.png/[/url] Edited May 10, 2011 by Orga2

[tredway]

Its in relation to the SSL Cert pointing to forum.enb-emulator.com and certain links go to www.enb-emulator.com

I may have them backwards but the Cert is missing one of the FQDN (Fully Qualified Domain Names) last time I looked. Or something along those lines. The site is still secured, just the browser needs to be told once to Add an Exception and the annoyance goes away.

Sorry I'm getting pulled away for work stuff otherwise I'd get more technical in it. But ya its safe for the most part.

[tredway]

Gah misuse of terms its not FQDN its just CN (Common Name) ya lol "Someone's got a case of the Monday's" but its Tuesday for me gahhh!

[Kyp [LDEV]]

Cert is for [url="http://www.enb-emulator.com"]www.enb-emulator.com[/url] & [url="http://www.net-7.org"]www.net-7.org[/url] but because of the way the forum is set up its pointing at forum.enb-emulator.com (it isn't a wildcard cert) and yeah I think Rojo more or less hit the nail on the head. We'll fix it eventually, just a low priority junk-up from our server move and we've had more important things to do.

[Orga1]

[quote name='Kyp' timestamp='1305017264' post='40454']
Cert is for [url="http://www.enb-emulator.com"]www.enb-emulator.com[/url] & [url="http://www.net-7.org"]www.net-7.org[/url] but because of the way the forum is set up its pointing at forum.enb-emulator.com (it isn't a wildcard cert) and yeah I think Rojo more or less hit the nail on the head. We'll fix it eventually, just a low priority junk-up from our server move and we've had more important things to do.
[/quote]

OK well like I said it's a small issue, thnx for clearing it up and I do not blame you at all. Just thought it helps to mention things like this.

[C Del[IS]]

The problem is with the intermediate certificates I believe. The free SSL cert I got for us is a pain in that it's got some trust problems. I'll try again to figure out how to correct the problem.

[tredway]

[quote name='C Del' timestamp='1305171905' post='40563']
The problem is with the intermediate certificates I believe. The free SSL cert I got for us is a pain in that it's got some trust problems. I'll try again to figure out how to correct the problem.
[/quote]


Lemme know if ya need a hand CDel. Had plenty of dealing with this for company websites/Exchange Outlook Anywhere setups. Its pretty straight forward, might be able to get away with fixing some things might have to work with Slayerman. Kinda a 2 step approach we can take.

1) Adjust any links/buttons that have forum.enb-emulator.com and change to just enb-emulator.com (on Portal/Forums/basically anywhere that we have linking to forums), and then some hacks in DNS might be needed. Free route.

or

2) Have our CA issue a proper UCC SSL Cert reflecting www.net-7.org , forum.enb-emulator.com and enb-emulator.com for its Common Names. This would cover basis for all SSLs needed for the project instead of worrying about individual/self issued ones (which will flag as untrusted these days even when done right).

I believe last I checked GoDaddy charged like $89 bucks a year for whats called a Multiple Domain UCC SSL Certificate. You can get the price per year down if you purchase more years worth at once but ya from what I found GoDaddy was the simplest and most cost effect UCC provider and never had a single SSL problem afterwards.

[tredway]

Option 2 is the proper and correct method to do it. Just may not be the cost effective route per say. But the job is done once and done right. Again lemme know I'll gladly help out.