Author Topic: Missing certificates?  (Read 2656 times)

wintermute

  • Hipparch
  • ******
  • Posts: 1291
  • What Would Batman Do?
on: September 17, 2014, 11:18:40 AM
It looks like the security certificates for Pseudopod.org and EscapeArtists.net might have expired. Firefox just gave me "untrusted connection" warnings, and I had to add exceptions.

Is anyone else having this issue? Or is something weird happening with my browser?

Thanks.

Science means that not all dreams can come true


kibitzer

  • Purveyor of Unsolicited Opinions
  • Hipparch
  • ******
  • Posts: 2228
  • Kibitzer: A meddler who offers unwanted advice
Reply #1 on: September 17, 2014, 11:26:56 PM
Heya Wintermute. Since the server move, you may occasionally see messages about untrusted sites, like this:

You attempted to reach forum.escapeartists.net, but instead you actually reached a server identifying itself as *.gridserver.com.
This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network
could be trying to get you to visit a fake (and potentially harmful) version of forum.escapeartists.net.

(That's the Chrome message; it'll be different for IE, Firefox, Safari or whatever you're using)

The short story: navigate away from the page (maybe your browser back button) and then back again. It's nothing to worry about in this case. If you see it for other Internet sites, it IS something to worry about.

The long story is, you start off with a URL like http://forum.escapeartists.net/index.php?action=unreadreplies. Then, you click on a link and for some reason you get a URL like https://forum.escapeartists.net/index.php?topic=8114.msg133692;topicseen#msg133692. The key difference is at the very beginning of the URL, the extra "s" (i.e. https:// rather than http://). The browser then adds a bunch of extra checks because it sees you're asking for a secure (i.e. encrypted) line and it starts to get very picky about what it talks to.

When using https, one thing the browser checks on is whether the site is what it claims to be. A key check in this case is, does the computer I'm talking to identify itself as forum.escapeartists.net? Since the move, it does NOT because of the hosting model we use.

It's something we're looking into because it's clearly annoying at best and terrifying at worst.  Don't have an ETA for a fix but hopefully within a week or so.

Sincere apologies for the inconvenience, and thanks for bringing it to our attention.