invalid certificate

Post all technical issues and questions here. We'll gladly help you wherever we can.
Post Reply
wiltswilly
Curious Newbie
Curious Newbie
Posts: 4
Joined: Tue Jan 12, 2016 6:31 pm
Gender: Male
Sexual Orientation: Straight
I am a: Switch

invalid certificate

Post by wiltswilly »

Accessing the site from Firefox, I see htis:

milovana.com uses an invalid security certificate. The certificate does not come from a trusted source. Error code: MOZILLA_PKIX_ERROR_ADDITIONAL_POLICY_CONSTRAINT_FAILED

which suggests the security certificate is not from a provider that issues decent ones (or is self-cert). These days most people get their free certs from letsencrypt. Will Milovana change it?
User avatar
Sissy Elise
Explorer At Heart
Explorer At Heart
Posts: 307
Joined: Sat Oct 10, 2015 1:52 pm
Gender: Femboy
Sexual Orientation: Open to new ideas!
I am a: Submissive
Dom/me(s): Miss Tress

Re: invalid certificate

Post by Sissy Elise »

Im not getting that error on firefox.

Although the cause looks to be the certificate being issued before 1st June 2016 (public certificate transparency logs date)

The current certificate has only got 1 month and 18 days left on it. So it will more than like be updated soon anyway.
  
TEASES   VIDEOS   GAMES   ART
💕  Latest Tease:    Rock Paper Scissors - Visual Game
📼  Latest vids:      Sissy Trainer 22     🆕

Image
Ghingis
Explorer At Heart
Explorer At Heart
Posts: 141
Joined: Mon Oct 24, 2011 4:55 pm

Re: invalid certificate

Post by Ghingis »

Sissy Elise wrote: Wed Apr 18, 2018 9:48 pm Im not getting that error on firefox.

Although the cause looks to be the certificate being issued before 1st June 2016 (public certificate transparency logs date)

The current certificate has only got 1 month and 18 days left on it. So it will more than like be updated soon anyway.
I found an article where they states what can be an issue:
https://support.servertastic.com/announ ... rtificates

In case the cert was issued by Symantec (Symantec also issues certificates under the Geotrust, Thawte and RapidSSL brands.), browsers should have a restriction for certificates that were issued (including reissues) before 1 June 2016 with an expiry after 15 March 2018.
So even if the cert is technically valid, it can not be trusted, hence the error.

This update had been implemented on marc 12 and should be in effect from version 60, so if the firefox version is older than that, it won't say a thing.

(Like a blocked debit card that has an expiration date in the future, it technically not expired so you could buy things with it, but when it comes to paying the terminal will decline it.)
Ghingis
Explorer At Heart
Explorer At Heart
Posts: 141
Joined: Mon Oct 24, 2011 4:55 pm

Re: invalid certificate

Post by Ghingis »

I strongly suggest to the devs to use this site for the new cert:
https://letsencrypt.org/

You can make a cert in minutes and with a small cron job it reissues itself.
User avatar
DoxysTurtle
Explorer At Heart
Explorer At Heart
Posts: 309
Joined: Wed Oct 05, 2011 4:07 am
Gender: Male
Sexual Orientation: Straight
I am a: Submissive
Location: USA
Contact:

Re: invalid certificate

Post by DoxysTurtle »

Given there's a valid SHA256 cert from a traditional SSL provider (who's not about to be blacklisted), there's not a lot of reason for it to be switched over to LetsEncrypt.
sawno
Curious Newbie
Curious Newbie
Posts: 1
Joined: Sat Nov 10, 2012 1:32 pm

Re: invalid certificate

Post by sawno »

Lets Encrypt is free and well supported with strong ciphers, its not a must but it would save costs for the site.
Ghingis
Explorer At Heart
Explorer At Heart
Posts: 141
Joined: Mon Oct 24, 2011 4:55 pm

Re: invalid certificate

Post by Ghingis »

DoxysTurtle wrote: Thu Apr 19, 2018 3:49 pm Given there's a valid SHA256 cert from a traditional SSL provider (who's not about to be blacklisted), there's not a lot of reason for it to be switched over to LetsEncrypt.
Valid != trusted and the current cert should be switched by now.
https://security.googleblog.com/2017/09 ... antec.html

So we need a new cert that is for sure. Money can be an issue for a free site and rapid ssl aint free.
It starts at 59$, but if it's a wildcard cert, it's 249$.

While letsencryp is free, reliable (SHA256 RSA 2048, just like this one) and if you would just give a look to the "major sponsors and donors" section on the letsencrypt site, you would see, that it won't be blacklisted in the near future.

And do not get me wrong, I do not care were they get their cert, but they should get one asap. I just tried to offer a free alternative, if money is the reason behind the distrusted cert.
GodDragon
Explorer At Heart
Explorer At Heart
Posts: 790
Joined: Sun Jun 11, 2017 4:30 pm
Gender: Male
Sexual Orientation: Straight
I am a: Switch

Re: invalid certificate

Post by GodDragon »

Use LetsEncrypt in combination with a cron task to automatically renew it each month.

If the devs have any questions regarding it, feel free to message me.
seraph0x
Administrator
Administrator
Posts: 2654
Joined: Sun Jul 23, 2006 8:58 am

Re: invalid certificate

Post by seraph0x »

Moved the site to Cloudflare. By doing that I'm basically making it so I don't have to worry about things like certificates in the future. It might also help with security thanks to some of their filtering. It's possible that the filtering causes some issues, since Milovana uses a lot of custom software. But we'll take it as it comes.
Post Reply

Who is online

Users browsing this forum: No registered users and 29 guests