[LINK] https://www.google.com.au certificate is not validating - anyone know why?
Kim Holburn
kim at holburn.net
Wed Nov 19 21:02:14 AEDT 2008
When you go to a non-secure website your browser takes the hostname
from the URL and sends the request to a host at a specific IP
address. A host at an IP address may host many sites on different
domains. The server can assume to be any of those sites or redirect
you to another of its sites without breaking the connection.
When you go to a secure website the encrypted stream is negotiated
between the host and your browser and set up before any commands are
sent in the clear. To be secure it has to be done this way if you
think about it, otherwise an eavesdropper or proxy or web filter;-
( may get information about which website you are going to. The
certificate that the encryption is based on and that certifies, if you
like, that the host is who you think it is, is based on the domain
name in the URL. Since this happens before any redirection of URL
requests with domain names in it, the server doesn't know at that
point which site/domain you have requested so it may answer for the
wrong domain and assume or redirect you afterwards.
This happens for me with https://gmail.com for instance. You have to
accept the first browser complaint or use the correct domain name.
The problem is that the domain name itself can communicate important
information like a country code and therefore a language, so there are
good reasons to use the correct domain and so then you have to deal
with the error.
There is a new protocol which allows encryption of the stream after
some initial discussion with the server but it is not deployed yet I
think and it gives some information in the clear.
On 2008/Nov/19, at 9:26 AM, Lea de Groot wrote:
>
> On 19/11/2008, at 12:16 PM, Jon Seymour wrote:
>
>> I tried to go to https://www.google.com.au/ with Firefox 3.0.4 and
>> IE6
>> from two different ISPs and received a certificate validation error.
>
> Well, given that, once you ok through the dialog, they redirect you to
> the non-secure version, I'd say its because they aren't using the
> secure site, so haven't bought a cert for it.
>
> Lea
> --
> Lea de Groot
> Brisbane, .au
> _______________________________________________
> Link mailing list
> Link at mailman.anu.edu.au
> http://mailman.anu.edu.au/mailman/listinfo/link
--
Kim Holburn
IT Network & Security Consultant
Ph: +39 06 855 4294 M: +39 3494957443
mailto:kim at holburn.net aim://kimholburn
skype://kholburn - PGP Public Key on request
More information about the Link
mailing list