If you can read this...

[Leo in N E Illinois]

It is Monday morning, and I am still getting security warming. This blocks the site from my phone, and partially blocks it from my laptop, everything has a 3 extra pages to move from page to page.

 

[Leo in N E Illinois]

My antivirus says the certificate is signed by bonsai nut to bonsai nut and it's corresponding validity dates are 16/05/2019 - 17/05/2019.
It might have something to do with just those dates, but I'm no server-guy.

I don't know if this is a type from Wires Guy or if this is what is actually on the Certificate, but if the Date Range on the certificate is as above, the Certificate is Already Expired. Might be worth taking a look at.

Just trying to be helpful.

 

[Bonsai Nut]

Not to mention the fact that it's kinda insulting that you have to pay to buy a certificate, just to make sure browsers allow people in. It's almost like holding your site hostage. heh.

I can actually get an external certificate for free as part of our current hosting agreement. However it still doesn't address the time issue... here we are 48 hours later and I am still waiting for our new certificate.

 

[Bonsai Nut]

Just trying to be helpful.

Thank you. Don't worry about it, we know what the issue is, and it is getting fixed. We just have to wait... and wait... and wait... because we are dealing with a third party. When I do the work, I tend to be faster

 

[Traken]

Thank you. Don't worry about it, we know what the issue is, and it is getting fixed. We just have to wait... and wait... and wait... because we are dealing with a third party. When I do the work, I tend to be faster

Are they also responsible for the installation of the certificate in addition to the generation of it?

 

[Bonsai Nut]

Are they also responsible for the installation of the certificate in addition to the generation of it?

In this case, yes. But not always.

Once we get set up, it won't be an issue. I use this CA to secure mail traffic on another account. It is automatic once it gets installed the first time. The probable reason for the delay is that I initiated the request on a Saturday.

 

[0soyoung]

It is still a mystery why moving to a new server created this problem? It is to me.
IIRC, the site was previously moved, at least once, without this trouble. Was that last move prior to SSL?

 

[Bonsai Nut]

It is still a mystery why moving to a new server created this problem? It is to me.
IIRC, the site was previously moved, at least once, without this trouble. Was that last move prior to SSL?

The browsers only started flagging sites that weren't using HTTPS last July (2018). At that time they didn't have any problems with using self-signed certificates.

I don't know when browsers instituted the new warnings associated with self-signed certificates. It might actually have been this weekend. All my Google searches are coming up blank... with the exception of case studies of people who are having trouble because they are using external certificate agencies and having security problems There are examples of where a security compromise with one site using a specific CA will trigger false positive security warnings for ALL sites using the same CA - whether warranted or not.

 

[0soyoung]

When I look at the certificate info with Chrome, it ells me that the certificate is not trusted because it is not located in the Trusted Root Certification Authorities store. And, of course, it says to enable trust, install it there.
Pain in the ass, I know. but it is what I do.

 

[Bonsai Nut]

When I look at the certificate info with Chrome, it ells me that the certificate is not trusted because it is not located in the Trusted Root Certification Authorities store. And, of course, it says to enable trust, install it there.
Pain in the ass, I know. but it is what I do.

I am using Firefox, and once I approve a security exception, I can use the site as normal. However on Chrome on my cellphone, I have to approve a security exception for every page - which makes browsing the site almost impossible.

 

[0soyoung]

I am using Firefox, and once I approve a security exception, I can use the site as normal. However on Chrome on my cellphone, I have to approve a security exception for every page - which makes browsing the site almost impossible.

Yes, I know. I'm using MS edge right now.

But I was noting that the self-signed certificate is apparently not installed in the right location on the server.

When I look at the certificate info with Chrome, it ells me that the certificate is not trusted because it is not located in the Trusted Root Certification Authorities store. And, of course, it says to enable trust, install it there.

 

[Carol 83]

I have to approve a security exception for every page - which makes browsing the site almost impossible.

I just gave up last night, too aggravating. My work computer is not doing that though I use Chrome on both.

 

[parhamr]

I recently had to wait quite a bit for two TLS certificates to be issued by my vendor. I’m not sure what’s up with the industry, but this is different from the norms.

 

[Gary McCarthy]

I'm having an issue accessing the site on my Android phone. I keep getting a message that the connection is not private. Is there a way to fix that?

 

[Bonsai Nut]

I'm having an issue accessing the site on my Android phone. I keep getting a message that the connection is not private. Is there a way to fix that?

As soon as the new certificate is installed the "false positive" warnings will go away. Your connection IS private and IS secure... despite what the browsers say. From my FireFox browser when browsing Bonsai Nut:



Of course, just supposing it WASN'T encrypted... what information is going to get "stolen" off Bonsai Nut? How to candle prune your JBP? We don't even keep people's names, let alone personally sensitive information like addresses, phone numbers, credit card information, etc.

Our next SSL check is scheduled for 8:08 PM. Hopefully at that point they will install the new certificate. I have my fingers crossed.

 

[0soyoung]

Of course, just supposing it WASN'T encrypted... what information is going to get "stolen" off Bonsai Nut?

People on an open WiFi can have their username and password stolen by an eavesdropper. This is what the general use of SSL is about, IMHO (but then I don't know enough about html and WiFi to be dangerous)

 

[Bonsai Nut]

People on an open WiFi can have their username and password stolen by an eavesdropper. This is what the general use of SSL is about, IMHO (but then I don't know enough about html and WiFi to be dangerous)

I think you have the gist of it, but there are some subtle details.

SSL isn't about WiFi. It is about creating a secure, encrypted link between a web server and a browser. Let's say you are in a public coffee house using an open WiFi internet connection. Your communication between your web browser (on your device) and Bonsai Nut is encrypted - even if the connection is not secure. So if someone were eavesdropping on the WiFi network, they could see your traffic... but it would be encrypted. Note that includes username and password credentials.

Now if you were in a public coffee house using an open WiFi internet connection and accessing a non-encrypted web site, someone eavesdropping on the WiFi network could see your traffic, and understand it. In that case, it wouldn't just be username and password, it would be all communication over the WiFi channel. If you were doing ecommerce or visiting a bank (and those sites were not using encryption, which is highly unlikely) they could steal all of that information.

Note that all of this is theoretical. Although it is possible, it is not usually practical. In fact, for all of the fear-mongering, I am not sure I have read about a SINGLE account of someone having their personal information hacked from an open public WiFi channel. I have used unswitched hubs with packet sniffers to decypher Internet traffic coming into my house. Don't ask me why, but though it was legal, some companies would not be happy to hear about it. It is difficult, and not particularly efficient. Why would you worry about hacking local WiFi networks in the hopes that one individual might expose some small security detail, when you can hack the Social Security Administration, and get 100 million records of eveyone's personal information?

Trust me when I say that no one is looking at Bonsai Nut as a security target... because we don't have anything of value for them.

 

[Bonsai Nut]

Re-reading what I wrote above... the point I was trying to make is that it isn't about WiFi, per se, it's about ANY Internet channel that you use. Let's say you are staying at a swanky hotel that requires a logon and password to get Internet access. Just because you have that layer of "security" does not mean the data you send through their network is protected. For that matter, let's say you are accessing the Internet from your home cable connection. Someone could, theoretically, splice into the cable line and access your traffic.

SSL means that Bonsai Nut, as the web site, is taking responsibility to encrypt the data flow - between the browser and the server. It doesn't matter if the channel is encrypted or secure or not... our data stream is encrypted. And it is encrypted with a 128 bit key... which is theoretically unhackable (or at least not worth the immense computer power to do so).

 

[Cable]

Trust me when I say that no one is looking at Bonsai Nut as a security target... because we don't have anything of value for them.

Don't worry you guys, I value you...

 

[Carol 83]

The security on my Surface at home must be stricter than my work computer. At home, I get the security warning after every page, and it won't let me "like" or "reply to anything. Here, I only get the security warning the first time I go to the site.