Re: New SSL Cert Problem Report

Author	All Replies
steve1515 Premium join:2000-08-07 Peabody, MA	reply to nwrickert Re: New SSL Cert Problem Report Ah...that works, but it seems like it's a complicated way of doing things.
	to forum · permalink · 2007-07-04 16:46:40 ·
NoVA_CoxUser Stand back from the cage -- The RF bites Premium join:2004-07-06 Alexandria, VA 1 edit	said by steve1515: Ah...that works, but it seems like it's a complicated way of doing things. I don't understand how to "ignore" the 403 Forbidden page ... ... anyway ... I always use this URL »/login/?secure=1 for my DSLR logins. Even though the page itself isn't SSL-secured, the username/password are transmitted using SSL.
	to forum · permalink · 2007-07-04 20:29:29 ·
steve1515 Premium join:2000-08-07 Peabody, MA	said by NoVA_CoxUser: I don't understand how to "ignore" the 403 Forbidden page ... Here's how I had to do it... On the main page, clear out my username from the user name box, then click the login button, it will take me to another login page that contains a link to login securely. From there I can log in with SSL. Now, I find this to be a lot of steps just to use SSL. Also, like you say...the log in page isn't SSL-secured, but it should be.
	to forum · permalink · 2007-07-04 20:37:56 ·

NoVA_CoxUser Stand back from the cage -- The RF bites Premium join:2004-07-06 Alexandria, VA	said by steve1515: ... like you say...the log in page isn't SSL-secured, but it should be ... Agree. That's the only way for a user to ensure that the site is "legit" prior to sending the form data (i.e. username / password).
	to forum · permalink · 2007-07-04 20:42:44 ·
justin Australian join:1999-05-28 New York, NY kudos:7	Having a silently accepted SSL certificate is no guarantee of anything. Any phish site can be https.
	to forum · permalink · 2007-07-04 21:06:18 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL kudos:7 Reviews: ·AT&T U-Verse	reply to NoVA_CoxUser I don't understand how to "ignore" the 403 Forbidden page ... The certificate checks are done before you get that message. Thus if I was only testing whether there were certificate problems, I could use that url and pay no attention to the 403 error. That doesn't log me in, but it does test for certificate problems. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 2.0.0.4
	to forum · permalink · 2007-07-04 21:55:06 ·
NoVA_CoxUser Stand back from the cage -- The RF bites Premium join:2004-07-06 Alexandria, VA 4 edits	reply to justin said by justin: Having a silently accepted SSL certificate is no guarantee of anything. Any phish site can be https. Not sure what you mean by "silently accepted" ... but I assume that you mean when "joe average internet user" sees "the little lock" and automatically assumes that all's ok. (or worse ... blindly clicks "proceed" when alerted to a certificate/domain mismatch! ) And you're 100% right about phishers using SSL. As you said, SSL certs can be obtained for $17! But by providing a hierarchically-trusted SSL sign-in page, at least the more sophisticated users (e.g. the majority of DSLR users) could be provided an extra level of assurance that the signin page itself was legit and that it hadn't been somehow spoofed or redirected (e.g. by DNS poisoning, unauthorized host file modification, etc.). Or am I missing something here ???
	to forum · permalink · 2007-07-04 21:58:29 ·

The Site > DSLReports.com > Site Bugs > New SSL Cert Problem Report