There Is A Problem With Astahost's Security Certificate.

	There Is A Problem With Astahost's Security Certificate.
	Discussion by ganeshn11 with 15 Replies. Last Update: June 6, 2006, 11:57 am

ganeshn11

Hey people I have a problem,
Each and every-time I try to login to my account Internet Explorer 7 Beta 2 shows me a page tell that "There is a problem with this website's security certificate." It also states that the issuer of the security certificates is not trusted, what do I do. Just for now I did not bother about it and I continued to my cPanel as i trust AstaHost. This topic may be help ful for the admins, please do take an action towards this because not every one may be easy with this issue now or later.

QUOTE

The exact notice Internet Explorer 7 Beta 2 is giving is -

There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.
Continue to this website (not recommended).
For more information, see "Certificate Errors" in Internet Explorer Help.

Wed May 3, 2006 Reply New Discussion

miCRoSCoPiC^eaRthLinG

That's funny - I use both IE and Firefox with Asta - never got that message, nor have we heard any other use complaining !!!

Wed May 3, 2006 Reply New Discussion

ganeshn11

I seriously dont know whats happening, it just keeps on saying the same thing over and over again, so I just installed that certificate be ....xisto.com (something like that). Now it does'nt seem to bother me much.

Wed May 3, 2006 Reply New Discussion

miCRoSCoPiC^eaRthLinG

I dont get it - why would Astahost hand you a certificate? It never did to me - and I just checked my Firefox certificate cache and didn't find a single stored certificate other than Gmail.

As far as I know the certificates are used for encrypted communication (e.g. https) between the client and the web-server, like it happens when you log into Gmail. You login/password aren't transmitted in plaintext. Same happens when you buy stuff online - to prevent your credit card details from being transmitted as plaintext. These certificates have to be purchased at an annual licensing fee from certain trusted sources like Verisign, Thawte etc. who act as the escrow and vouch for the authenticity of your site to the clients.

To the best of my knowledge we never required any kind of secure transactions at Astahost - so I wonder from where this whole certificate issue is coming to be?? It's funny and alarming at the same time - or maybe it just due to bloody dumb old IE - who blindly assumes that every site must have a certificate.

Wed May 3, 2006 Reply New Discussion

ganeshn11

Wed May 3, 2006 Reply New Discussion

ganeshn11

Hey, the same problem appears on Mozilla Firefox, just check you security settings and then get back as soon as possible.

Wed May 3, 2006 Reply New Discussion

evought

QUOTE (ganeshn11)

Hey, the same problem appears on Mozilla Firefox, just check you security settings and then get back as soon as possible.

Link: view Post: 77097

Do you mean when logging in to your *Host* account?

If so, I get the same thing when logging in to CPanel. It is because Xisto's certificate is not in the default certificate chain ("Chain of Trust") for all web browsers. You did exactly the right thing: decide whether you trust it, and, if so, add the certificate to your browser's trusted list.

Wed May 3, 2006 Reply New Discussion

ganeshn11

Okay, that is the problem. Thanks for enligtening me on this topic, but I would like to suggest to the admins that they make a post on some suitable forum on this topic just to alert all the hosted members of AstaHost and Trap17. I mean, most of them would be really confused on what to do, after hearing all the internet crime scandals, you just cant tell what will happen when you click on submit the next time. I mean, God should what information we will be sending. Just to avoid all such doubts I ask a admin, mod to please take this report seriously.

Wed May 3, 2006 Reply New Discussion

pyost

Yes, I started having this problem too when I switched to a top level domain. You access CPanel from your domain, but the certificate is not connected to it

Don't worry about that

Wed May 3, 2006 Reply New Discussion

ganeshn11

Its not the question of me not understanding the sercurity certificate, its that a newbie or a person who is obsessed with the safety of his computer wont understand the fact that the site he is visiting is safe. I have Micro$oft Windows Vista with Micro$oft Internet Explorer 7 Beta 2, and they way when both of these softwares combine and show that you are visiting a site which has some kind of not appropriate certificate really frightens you out, a pop-up comes saying that its may be a scam site, Micro$oft Internet Explorer redirects to another page giving all sorts of reasons why you have been redirected.

This why I am pressing on this point that some one should take this matrer seriously and just imagine if one of those are a dum headed fool, who manages to mark AstaHost as a scam site, then what?

In Micro$oft Internet Explorer you have an option to do that.

All this will lead only to confusion, reducing number of visitors to AstaHost and I dont know what else will happen.

Sun May 7, 2006 Reply New Discussion

Hraefn

Just so you know, this is what comes up in Firefox when trying to login to your cPanel (after using Firefox's "Clear Private Data" tool):

When viewing the certificate, you get this:

Now, this isn't really an issue for me since I know very well that Astahost is a part of the Xisto Corporation, but I can certainly see where ganeshn11 is coming from. =^^=

Mon May 8, 2006 Reply New Discussion

finaldesign

Yea, I got the same thing when trying to login to my cpanel at final-design.net ... Anyway it didn't bother me much.

But, then again, it's an issue

Mon May 8, 2006 Reply New Discussion

ganeshn11

I dont really know why no admin has not really noticed this topic and taken some action. Come on man, why does'nt anyone understand the issue which this negligance can make, it may become into a really big one.

Mon May 8, 2006 Reply New Discussion

TavoxPeru

Hi, I got the same problem every time im trying to login to my cpanel with internet explorer or with firefox, i really dont care about this and simply i press the yes button to the alert window and accept. Also, this window appears before the login window of my cpanel account.

best regards,

Tue Jun 6, 2006 Reply New Discussion

Omkar�

Well, I did a little study on your problem, Ganeshn11, and this is what I found -

The certificate that you use to authenticate yourself into the Cpanel is issued to "xisto.com". But when you log in to your Cpanel, its something like "www.yourdomain/subdomain.com/cpanel", right? So, the browser thinks that someone else is using that certificate to intercept your connecctions. i.e. It thinks you should be visiting "xisto.com/*" when using that certificate. Basically, you do get the SSL security, but the certificate you are using is not in your name. Browsers think they're acting smart, but that's actually what you want to do!

Even when I use Firefox for logging in to my Cpanel, I have settings to trust that certificate permanently, but still I get the warning about certificate/address mismatch every time, so that I have to click on OK to continue. Don't worry, not a security exploit, just a simple misconfiguration problem.

(The above content was NOT put as a quote because I myself typed it in originally.)

Tue Jun 6, 2006 Reply New Discussion

pyost

Is there a way to make Firefox accept this certificate automaticly? Because I'm really annoyed by clicking the accept button every time! What's more, there ought to be a way to solve this..

Tue Jun 6, 2006 Reply New Discussion