There Is A Problem With Astahost's Security Certificate.

[iGuest 3]

Hey people I have a problem,
Each and every-time I try to login to my account Internet Explorer 7 Beta 2 shows me a page tell that "There is a problem with this website's security certificate." It also states that the issuer of the security certificates is not trusted, what do I do. Just for now I did not bother about it and I continued to my cPanel as i trust Xisto. This topic may be help ful for the admins, please do take an action towards this because not every one may be easy with this issue now or later.

The exact notice Internet Explorer 7 Beta 2 is giving is -
There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.
Continue to this website (not recommended).
For more information, see "Certificate Errors" in Internet Explorer Help.

[miCRoSCoPiC^eaRthLinG 0]

That's funny - I use both IE and Firefox with Asta - never got that message, nor have we heard any other use complaining !!!

[iGuest 3]

I seriously dont know whats happening, it just keeps on saying the same thing over and over again, so I just installed that certificate be ....xisto.com (something like that). Now it does'nt seem to bother me much.

Edited May 3, 2006 by ganeshn11 (see edit history)

[miCRoSCoPiC^eaRthLinG 0]

I dont get it - why would Xisto hand you a certificate? It never did to me - and I just checked my Firefox certificate cache and didn't find a single stored certificate other than Gmail. As far as I know the certificates are used for encrypted communication (e.g. https) between the client and the web-server, like it happens when you log into Gmail. You login/password aren't transmitted in plaintext. Same happens when you buy stuff online - to prevent your credit card details from being transmitted as plaintext. These certificates have to be purchased at an annual licensing fee from certain trusted sources like Verisign, Thawte etc. who act as the escrow and vouch for the authenticity of your site to the clients. To the best of my knowledge we never required any kind of secure transactions at Xisto - so I wonder from where this whole certificate issue is coming to be?? It's funny and alarming at the same time - or maybe it just due to bloody dumb old IE - who blindly assumes that every site must have a certificate.

[iGuest 3]

I seriously dont know whats happening, it just keeps on saying the same thing over and over again, so I just installed that certificate be ....xisto.com (something like that). Now it does'nt seem to bother me much.

[iGuest 3]

Hey, the same problem appears on Mozilla Firefox, just check you security settings and then get back as soon as possible.

[evought 0]

Hey, the same problem appears on Mozilla Firefox, just check you security settings and then get back as soon as possible.

Do you mean when logging in to your *Host* account?

If so, I get the same thing when logging in to CPanel. It is because Xisto's certificate is not in the default certificate chain ("Chain of Trust") for all web browsers. You did exactly the right thing: decide whether you trust it, and, if so, add the certificate to your browser's trusted list.

[iGuest 3]

Okay, that is the problem. Thanks for enligtening me on this topic, but I would like to suggest to the admins that they make a post on some suitable forum on this topic just to alert all the hosted members of Xisto and Xisto. I mean, most of them would be really confused on what to do, after hearing all the internet crime scandals, you just cant tell what will happen when you click on submit the next time. I mean, God should what information we will be sending. Just to avoid all such doubts I ask a admin, mod to please take this report seriously.

[pyost 0]

Yes, I started having this problem too when I switched to a top level domain. You access CPanel from your domain, but the certificate is not connected to it Don't worry about that

[iGuest 3]

Its not the question of me not understanding the sercurity certificate, its that a newbie or a person who is obsessed with the safety of his computer wont understand the fact that the site he is visiting is safe. I have Micro$oft Windows Vista with Micro$oft Internet Explorer 7 Beta 2, and they way when both of these softwares combine and show that you are visiting a site which has some kind of not appropriate certificate really frightens you out, a pop-up comes saying that its may be a scam site, Micro$oft Internet Explorer redirects to another page giving all sorts of reasons why you have been redirected.This why I am pressing on this point that some one should take this matrer seriously and just imagine if one of those are a dum headed fool, who manages to mark Xisto as a scam site, then what? In Micro$oft Internet Explorer you have an option to do that. All this will lead only to confusion, reducing number of visitors to Xisto and I dont know what else will happen.

[Hraefn 0]

Just so you know, this is what comes up in Firefox when trying to login to your cPanel (after using Firefox's "Clear Private Data" tool):

 

 

When viewing the certificate, you get this:

 

 

Now, this isn't really an issue for me since I know very well that Xisto is a part of the Xisto Corporation, but I can certainly see where ganeshn11 is coming from. =^^=

[finaldesign1405241487 0]

Yea, I got the same thing when trying to login to my cpanel at final-design.net ... Anyway it didn't bother me much. But, then again, it's an issue

[iGuest 3]

I dont really know why no admin has not really noticed this topic and taken some action. Come on man, why does'nt anyone understand the issue which this negligance can make, it may become into a really big one.

[TavoxPeru 0]

Hi, I got the same problem every time im trying to login to my cpanel with internet explorer or with firefox, i really dont care about this and simply i press the yes button to the alert window and accept. Also, this window appears before the login window of my cpanel account.best regards,

[Omkar™ 0]

Well, I did a little study on your problem, Ganeshn11, and this is what I found -

 

The certificate that you use to authenticate yourself into the Cpanel is issued to "xisto.com". But when you log in to your Cpanel, its something like "http://forums.xisto.com/no_longer_exists/;, right? So, the browser thinks that someone else is using that certificate to intercept your connecctions. i.e. It thinks you should be visiting "xisto.com/*" when using that certificate. Basically, you do get the SSL security, but the certificate you are using is not in your name. Browsers think they're acting smart, but that's actually what you want to do!

 

Even when I use Firefox for logging in to my Cpanel, I have settings to trust that certificate permanently, but still I get the warning about certificate/address mismatch every time, so that I have to click on OK to continue. Don't worry, not a security exploit, just a simple misconfiguration problem.

 

(The above content was NOT put as a quote because I myself typed it in originally.)