|
FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc. |
|
Thread Tools |
8 Sep 2012, 08:14 PM | #1 |
Cornerstone of the Community
Join Date: Jul 2009
Posts: 879
|
certificate not renewed?
For several days now, when I log on to Fastmail, my browser warns me that the validity of the site cannot be verified by a current certificate. This usually means that someone has forgotten to renew it, but if that is the case here, then it is surprising. After all, this isn't a one-man shop where something can be overlooked during a holiday. It is somewhat disturbing that something so basic could be overlooked by an operation like Fastmail, and for days on end. Is there some other explanation?
|
8 Sep 2012, 10:22 PM | #2 |
The "e" in e-mail
Join Date: Feb 2002
Posts: 2,937
|
Check the blog: http://blog.fastmail.fm/2012/09/06/f...icate-updated/
|
8 Sep 2012, 11:10 PM | #3 |
The "e" in e-mail
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
|
there was a period of about 30 minutes where some users with old browsers might have seen “invalid certificate” errors
A reminder to keep up to date? It seems the Fastmail guys are busy doing . . . whatever, so are not being pro-active, and only reacting after the fact? |
9 Sep 2012, 12:57 AM | #4 |
Cornerstone of the Community
Join Date: Jul 2009
Posts: 879
|
For me it has been more like three days than thirty minutes, though I have noticed that with some services, when certificates change, a warning persists indefinitely even though everything is OK. This may be one of those cases where the warning is not going to stop appearing, perhaps because of my old browser, or perhaps because the issuing authority is different, or simply as the result of an electronic glitch of some sort. As long as I know things are in order I shall just ignore it, though it is yet another small but repetitive step to go through each day when logging on. (Sigh.)
|
9 Sep 2012, 01:08 AM | #5 |
Cornerstone of the Community
Join Date: Sep 2004
Location: Calgary
Posts: 606
|
Have you tried cleaning your cache ?
|
9 Sep 2012, 05:43 AM | #6 |
Cornerstone of the Community
Join Date: Jul 2009
Posts: 879
|
|
9 Sep 2012, 10:28 AM | #7 |
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007
Representative of:
Fastmail.fm |
As noted, I blogged about this:
http://blog.fastmail.fm/2012/09/06/f...icate-updated/ No lack of proactivity here - the existing certificate didn't expire until November, but the new one arrived so we installed it. The minor mistake I made was to not chain the signing certificate properly, which can cause problems on very old browsers (mainly IE6) that aren't carrying that particular CA certificate. So it should all be working properly now. The only place we're aware of that might not be quite right is on browsers that don't handle wildcard certificates properly. As far as we're aware though, that's a very small number of ancient cellphone browsers/WAP clients. To help figure out where the problem is it would be useful to know the browser/platform you're using, the exact hostname you're accessing (eg fastmail.fm vs www.fastmail.fm vs beta.fastmail.fm) and any information about the certificate you can get from your browser (subject, fingerprint, etc). |
10 Sep 2012, 12:50 PM | #8 |
Junior Member
Join Date: Sep 2012
Posts: 5
|
I've also been experiencing certificate problems for the past few days using Chrome browser. This is what comes up when accessing the site:
======================================== The site's security certificate is not trusted! You attempted to reach www.fastmail.fm, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, especially if you have never seen this warning before for this site. Help me understand When you connect to a secure website, the server hosting that site presents your browser with something called a "certificate" to verify its identity. This certificate contains identity information, such as the address of the website, which is verified by a third party that your computer trusts. By checking that the address in the certificate matches the address of the website, it is possible to verify that you are securely communicating with the website you intended, and not a third party (such as an attacker on your network). In this case, the certificate has not been verified by a third party that your computer trusts. Anyone can create a certificate claiming to be whatever website they choose, which is why it must be verified by a trusted third party. Without that verification, the identity information in the certificate is meaningless. It is therefore not possible to verify that you are communicating with www.fastmail.fm instead of an attacker who generated his own certificate claiming to be www.fastmail.fm. You should not proceed past this point. If, however, you work in an organization that generates its own certificates, and you are trying to connect to an internal website of that organization using such a certificate, you may be able to solve this problem securely. You can import your organization's root certificate as a "root certificate", and then certificates issued or verified by your organization will be trusted and you will not see this error next time you try to connect to an internal website. Contact your organization's help staff for assistance in adding a new root certificate to your computer. ==================================== Similar result with IE8: ==================================== There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority. Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server. We recommend that you close this webpage and do not continue to this website. Click here to close this webpage. Continue to this website (not recommended). More information If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting. When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com. If you choose to ignore this error and continue, do not enter private information into the website. For more information, see "Certificate Errors" in Internet Explorer Help. ============================================ Not getting these warnings with any other web sites . John |
10 Sep 2012, 01:49 PM | #9 | |
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007
Representative of:
Fastmail.fm |
Quote:
Fyi, this is what I see: http://i.imgur.com/Vavhr.png and http://i.imgur.com/JlZlO.png. The more information you can give from these screens the better, but the fingerprint is the most important one. |
|
10 Sep 2012, 04:30 PM | #10 | |
The "e" in e-mail
Join Date: Sep 2004
Location: The Netherlands
Posts: 2,908
|
Quote:
@RobN: Please ask Edwin for the representative status. |
|
10 Sep 2012, 11:02 PM | #11 |
The "e" in e-mail
Join Date: Jan 2006
Posts: 2,626
|
I am using linux and latest Firefox and signed in now
to the beta.fastmail.fm webmail interface and it had no trouble with certificate. So does it relate to the old interface maybe? |
10 Sep 2012, 11:13 PM | #12 | |
Cornerstone of the Community
Join Date: Jul 2009
Posts: 879
|
Is this the fingerprint?
Quote:
SHA1 7F 55 9E D0 CE D2 71 A2 A4 86 0A 01 AD 1C A0 08 4A 43 88 52 MDS FA 5A 3B 3B 9A 87 B6 C1 D6 AC 93 9C 89 36 4F 59 Is that any use to you? |
|
11 Sep 2012, 11:07 AM | #13 |
Master of the @
Join Date: May 2012
Location: Melbourne, Australia
Posts: 1,007
Representative of:
Fastmail.fm |
Yes - it tells us that something weird is happening! As far as we're able to tell everything is fine, but clearly its not, so we need more information.
To communicant and jff6791 (and anyone else seeing the problem): Please post the your browser and version and your OS and version. |
11 Sep 2012, 01:11 PM | #14 | |
Junior Member
Join Date: Sep 2012
Posts: 5
|
Quote:
|
|
12 Sep 2012, 02:38 AM | #15 |
Cornerstone of the Community
Join Date: Jul 2009
Posts: 879
|
robn, please register as a FastMail rep.
robn, please ask the admin for representative status. (See the post from Berenburger a little earlier in this thread, which has a clickable link to Edwin for your use.) Reps of email providers who post here (like several of your colleagues at FastMail) are asked to do this when they first post, and they are then identified as such automatically.
|