TLS X509 certificate SSL certificate Warnings Spoofing e Question (and answer) about why my SSL certificate is given 'warnings' by Firefox and Chrome. For future reference. Suppose you have a site like this, that has an ASP.NET .aspx start page, typically they are named “Default.aspx” unless you change the name. http://www.MYCOMPANY.com/MYDIRECTORY/Default.aspx suppose you want to redirect to a https secure page, call it “SecurePage.aspx”. Let’s assume you have bought a certificate from DiscountASP. This is manditory. In your default.aspx page, you would have a command somewhere in it like this: Response.Redirect("SecurePage.aspx"); In the SecurePage.aspx, you would have some code in the ‘PreRender’ event such as this: protected void Page_PreRender(object sender, EventArgs e) { if ((Request.IsSecureConnection == false) && !(Request.Url.Host.Contains("localhost"))) { //BTW, the second ‘localhost’ condition prevents crashes during debugging, since the Visual Studio built in server does not support https, unless you do some tricks beyond the scope of this reply Response.Redirect(Request.Url.AbsoluteUri.Replace("http://", "https://")); } What’s wrong with this code? Nothing. But watch this: if you type this URL into your browser: http://www.MYCOMPANY.com/MYDIRECTORY/Default.aspx and run the program, you will get all kinds of warning messages such as found below. Now change the URL you type into your browser to this: http://MYCOMPANY.com/MYDIRECTORY/Default.aspx Note the change: you have dropped the ‘www’. Now the program runs fine, and on redirect to the secure page, SecurePage.aspx, you get no warning and everything runs smoothly. Just a heads up. I saw this message here: http://community.discountasp.net/showthread.php?t=7277&highlight=https+SSL+browser and that’s how I figured this out. PJ This Connection is Untrusted You have asked Firefox to connect securely to www.MYCOMPANY.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do? If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue. Technical Details www.MYCOMPANY.com uses an invalid security certificate. The certificate is only valid for MYCOMPANY.com (Error code: ssl_error_bad_cert_domain)
Close this thread please This thread should be closed. I post this because others might experience the same problem.
