Firefox is warning me that this site has been hijacked and has a certificate for another site.
Printable View
Firefox is warning me that this site has been hijacked and has a certificate for another site.
The forum was changed to use HTTPS around 48 hours ago, does the message appear everywhere or at any specific topic/page?
I only come to this page.
forums.emulator-zone.com
The certificate is only valid for:
The first URL redirects to the http version of this site, the other doesn't exist.Code:DNS Name: galactica.visei.net
DNS Name: www.galactica.visei.net
Strangely, the firefox on my other machine has no complaints.
EDIT: tried it on the home page (emulators downloads etc).
http works fine apart from an annoying popup about cookies.
https produces this:
Code:This Connection is Untrusted
You have asked Firefox to connect
securely to www.emulator-zone.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.
What Should I Do?
If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.
Technical Details
www.emulator-zone.com uses an invalid security certificate.
The certificate is only valid for the following names:
galactica.visei.net , www.galactica.visei.net
(Error code: ssl_error_bad_cert_domain)
galactica.visei.net is the hostname for the server; both that domain and the forum now use SSL.
I had a little problem with the configuration of the webserver configuration causing all traffic to be redirected to galactica.visei.net (oops). As I was working on other things I only found out about an hour later and quickly fixed it.
That might explain the problem, because it has otherwise been working fine for me.
Try the following:
- Clear your browser cache
or if that doesn't work:
- Go to "History" and right-click one of the entries for the forum and select "Forget this Site"
In both cases please close & relaunch the browser before trying again.
If that doesn't work I'll have to dig deeper. One of the other possible causes is that the server uses "SNI" (Server Name Indication) to allow multiple SSL certificates on a single server IP address, if you use an older version of Firefox or it is configured to use a proxy that doesn't support SNI you might also get this problem.
To check if Firefox uses a proxy, go to: Options > Advanced > Network > Settings button (in the "Connection" section)
I think the problem is that this is an old version of Firefox. Since you've confirmed that the server name is correct I will simply accept and store the certificate offered, same as I did for the forum.
Out of interest I tried using IE6, and found that the site is not accessible at all. However it works fine with IE8.
IE6 can rot in hell, it is no longer targeted by any site because it does not support any of the modern standards without some really nasty code hacks to get compatibility.
If you need to target an old IE version make sure to have a bare minimum of IE7 (update for XP or default for Vista) or IE8 (default for win7).
One thing: I reread your post more carefully and should note: the main site (www) does not support SSL at this time.
However the webserver software gets a little confused if you try to access the site through HTTPS anyway. The webserver is listening on 443 (HTTPS) for the sites (forum & server hostname) that need it. I guess if you then request any other site (that technically is only configured for non-HTTPS port 80) it will serve that site but will just pick the first SSL certificate in its config to serve with it. Hence why you get the certificate error.
I do not want to make the site (www) HTTPS at this time as it technically means breaking all old links that still link to the HTTP (non-SSL) site. As users will be redirected they might not notice it really, but search engines will. However I may have to get an SSL certificate for the site anyway if only just to redirect any traffic that might stumble on it to the "proper" site (HTTP). A bit weird, but oh well.
Also for Firefox not to support SNI it would have to be ancient. SNI is supported since Firefox 2.0 (released in 2007).
And yeah, fuck IE, or at least on XP: no version of Internet Explorer on Windows XP supports SNI. You need at least Vista for SNI support in Internet Explorer. Other browsers (Firefox, Chrome) on XP are not affected by this (assuming they're somewhat recent versions). I have no problem with the forum not even loading in IE6 (or any IE on XP) anymore: people should stop using it anyway.
As Let's Encrypt will be nearly ready (free SSL certificates for everyone) and Firefox will probably mark login forms as insecure if not served via HTTPS from early 2016, you are probably going to see a lot more people use SSL and good chunk will also use SNI.
So to recap:
https://galactica.visei.net/ should work without errors or warnings (but will redirect you to http://www.emulator-zone.com)
https://forums.emulator-zone.com/ should work without errors or warnings
https://www.emulator-zone.com/ will not work and give errors -- use http://www.emulator-zone.com instead
I have 2 computers on the net here.
The older one (this one) is running windows 2000, and IE6 is the maximum IE version that can run on it. I have Firefox 3.6.24, which is the browser I normally use.
The other machine is XP Sp 3 with all the latest patches. It has Firefox, latest version, and IE8 latest patches. As I pointed out above, IE8 can display the site without issue.
I'm unemployed, so there's no chance of "upgrading" to a newer OS any time soon.
As long as you use the latest alternative browsers available you should have no problem (on XP). Not sure what problems you might experience with Windows 2000, but I would have figured Firefox 3.6 would be new enough to display the forums without any issue. Not sure why it didn't (if that's the reason you created this thread).
https://www.ssllabs.com/ssltest/anal...lator-zone.com
Another possibility. . . is he's using a host file that automatically directs to the IP
I noticed the server change because my old host setting failed. but didn't notice or care why, till i saw this thread. . . I did not encounter the certificat error tho that Robert mentioned using the standard web address. . . Till I tried connecting directly to the new IP under https instead(I only just tried that tho because i saw this thread).
I don't mention which versions of stuff i use, but its not as old as Robert buts not the latest FF version either. . I suspect Robert should not have any issue except if he did what i just mentioned. . . otherwise I'd suspect as U guys mentioned earlyer about him just not clearing out his old settings. may as well flush your DNS Cache while ur at it too.
side note, I believe i understand the reasoning behind SSL, however I personally don't care for the hole SSL Banwaggon, I would hope email and bank servers, etc are all SSL. . but everything else, especially non personal sites, I don't see the point. I think it just adds Overhead. unless the only reason u guys did it was for that reason u mentioned above about how future versions of FF and whatnot may give warning messeges on ANY non SSL site in the future ?
[EDIT]: another note for Robert, If its happens and is bothering you to know why. . . firefox(not sure exactly 4the version u use) but it supports multiple Profiles, If your affraid of screwing with the settings cause you have them settup exactly how you like. . . just create another profile, it will be isolated from all you other profiles Caches/Settings, so U'd beable to tell for sure if its your FF settings or not.
In a nutshel. . . In
Code:%APPDATA%\Mozilla\firefox\profiles.ini
[Profile1]
Name=Watever
IsRelative=0
Path=D:\Path\To\Whereever
right click firefox shortcut
in the Target box add to the end of the path
-P "Watever"
