Thread: The Jim Butcher Files: Dresden . Codex Alera . Cinder Spires & More
View Single Post
Old 07-26-2021, 07:51 PM   #8623
haertig
Wizard
haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.haertig ought to be getting tired of karma fortunes by now.
 
Posts: 1,909
Karma: 32500000
Join Date: Sep 2017
Device: PW3, Galaxy Tab A9+, Moto G7
Quote:
Originally Posted by alansplace View Post
Has anyone run into this?
Their webmaster made an error in configuring the SSL certificate needed for the site to accept HTTPS (secure) connections.

Their SSL certificate is for CommonName=www.jim-butcher.com

They did not specify an alternate name of jim-butcher.com

Indeed, if you go to jim-butcher.com you are redirected to www.jim-butcher.com. However, during that webpage load before the redirect you encounter the mismatched CommonName issue. Thus you receive the warning.

The warning is telling you, "Hey, you said to go to https://jim-butcher.com but when you hit that website, it claimed it was www.jim-butcher.com, which is not where you said you wanted to go. So I'm going to warn you about this discrepancy."

The webmaster should have entered BOTH www.jim-butcher.com AND jim-butcher.com as valid domain names. This error would have been present sing May 29, 2001, the date the certificate was created.

This is trivial to fix. Takes two minutes. Reenter the corrected data and request a new certificate, and install that. But the webmaster for the site is the one that has to do it.

Note that if you tell your web browser to go to https://www.jim-butcher.com that you DO not get this error message. However, you DO get other, different, warnings that some parts of the website are not secure.

My guess is that the website used to be HTTP (non-secure) and they decided to make it HTTPS (secure) - since that is what most web users expect these days. People are used to seeing that little "locked" icon next to the URL input field of their browser. But the person configuring HTTPS didn't exactly know what they were doing. And the fact that the problem has been in existence for two months (since May 29th) - maybe even longer - further indicates that this person doesn't exactly know what they are doing, given they haven't even noticed that the problem exists.

In this case, unless the website asks for credit card info or other personal stuff (and you type it in!), then it probably doesn't matter if it's HTTP or HTTPS, assuming you are a basically competent web user and don't do things like download software or run scripts from unproven web sites (and an HTTP website is definitely "unproven"!) These days, most websites are not functional without scripts, so many people run "script blocker" browser add-ons (or use the capability to block that is built in to the web browser).
haertig is offline   Reply With Quote