Certificate problem

GHDpro

Administrator
Staff member
Well "there's your problem" then. The weird thing is that Firefox 3.6 should support SNI, however I can't find information if it should also do so on Windows 2000.

I suspect either two things are happening: Firefox on Windows 2000 relies (too much) on Windows 2000 networking (SNI wasn't supported until Vista, this is also why IE on 2K/XP won't work either) or there some kind of outdated proxy running (firewall maybe?) that is blocking SNI.

But from what I gather on XP the latest versions of Firefox and Chrome are apparently able to bypass Windows networking and support SNI anyway, so it's a bit odd it's not working on W2K.

There is also the thing that everything (Firefox 3.6 and Windows 2000) is horribly outdated and no longer supported by Mozilla and Microsoft (see here). If upgrading to at least Windows 7 isn't an option, maybe dual boot or replace with Linux? That way you can at least run the latest browser and not be viable to viruses or malware.
 

Robert

Member
This w2k machine was made in 1999, and simply doesn't have the capacity to run win 7. I've never used Linux and from what I've heard it's very fiddly to set up. So, no thanks.

Now, to correct one thing you said, I just tried IE8 on the XP machine, with the https://forums.emulator-zone.com address, and everything works perfectly, no errors or anything. So IE8 must also support SNI.

Both machines use the exact same firewall software, so therefore it can't be blocking SNI. They both connect to the same router, so it won't be a proxy issue either.

So, I can still access your site from the XP machine if needed. It's just that I use the w2k for most internet-related things, although I realise that one day it will have to be retired. There's already lots of sites that don't work at all, such as sendspace, mega, facebook, adobe, and about half of Microsoft.



Now, with IE8 I tested the 3 sites above that we tried with yesterday.
First site: straight in, but it still says that the TLS isn't sent and I'd get problems (which I'm not).
Second site: straight in.
Third site: Says my browser isn't supported, go away. I'd say it would work if they didn't actively block it.
 
Last edited:

Lefteris_D

Administrator
Staff member
if you have any spare USB sticks around try using http://www.linuxmint.com for a bootable usb stick and give it a try. You do not need to install anything, it will just run from the stick and it will let you use a browser. If you see no hardware incompatibilities using that "live" usb stick then making a real installation will cause no incompatibilities.
 

GHDpro

Administrator
Staff member
So, I can still access your site from the XP machine if needed. It's just that I use the w2k for most internet-related things, although I realise that one day it will have to be retired. There's already lots of sites that don't work at all, such as sendspace, mega, facebook, adobe, and about half of Microsoft.

... and that hasn't been an incentive to retire this PC? :)

Now, with IE8 I tested the 3 sites above that we tried with yesterday.
First site: straight in, but it still says that the TLS isn't sent and I'd get problems (which I'm not).
Second site: straight in.
Third site: Says my browser isn't supported, go away. I'd say it would work if they didn't actively block it.

So it is not working but it is working. The only thing I can think of is that your IE8 security settings are set to ignore certificate errors.

--- Googling ---

In Internet Options > Advanced the "Warn about certificate address mismatch" setting (near the bottom of the list) is probably unchecked.

While it no doubt gets annoying that setting is there for a reason - I hope you don't do internet banking on these PCs.
 
Top