Jump to content
xisto Community
iGuest

There Is A Problem With Astahost's Security Certificate.

Recommended Posts

Hey people I have a problem,
Each and every-time I try to login to my account Internet Explorer 7 Beta 2 shows me a page tell that "There is a problem with this website's security certificate." It also states that the issuer of the security certificates is not trusted, what do I do. Just for now I did not bother about it and I continued to my cPanel as i trust Xisto. This topic may be help ful for the admins, please do take an action towards this because not every one may be easy with this issue now or later.

The exact notice Internet Explorer 7 Beta 2 is giving is -
There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.
The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.
Continue to this website (not recommended).
For more information, see "Certificate Errors" in Internet Explorer Help.


Share this post


Link to post
Share on other sites

I seriously dont know whats happening, it just keeps on saying the same thing over and over again, so I just installed that certificate be ....xisto.com (something like that). Now it does'nt seem to bother me much.

Edited by ganeshn11 (see edit history)

Share this post


Link to post
Share on other sites

I dont get it - why would Xisto hand you a certificate? It never did to me - and I just checked my Firefox certificate cache and didn't find a single stored certificate other than Gmail. As far as I know the certificates are used for encrypted communication (e.g. https) between the client and the web-server, like it happens when you log into Gmail. You login/password aren't transmitted in plaintext. Same happens when you buy stuff online - to prevent your credit card details from being transmitted as plaintext. These certificates have to be purchased at an annual licensing fee from certain trusted sources like Verisign, Thawte etc. who act as the escrow and vouch for the authenticity of your site to the clients. To the best of my knowledge we never required any kind of secure transactions at Xisto - so I wonder from where this whole certificate issue is coming to be?? It's funny and alarming at the same time - or maybe it just due to bloody dumb old IE - who blindly assumes that every site must have a certificate.

Share this post


Link to post
Share on other sites

I seriously dont know whats happening, it just keeps on saying the same thing over and over again, so I just installed that certificate be ....xisto.com (something like that). Now it does'nt seem to bother me much.

Share this post


Link to post
Share on other sites

Hey, the same problem appears on Mozilla Firefox, just check you security settings and then get back as soon as possible.

Share this post


Link to post
Share on other sites

Hey, the same problem appears on Mozilla Firefox, just check you security settings and then get back as soon as possible.


Do you mean when logging in to your *Host* account?

If so, I get the same thing when logging in to CPanel. It is because Xisto's certificate is not in the default certificate chain ("Chain of Trust") for all web browsers. You did exactly the right thing: decide whether you trust it, and, if so, add the certificate to your browser's trusted list.

Share this post


Link to post
Share on other sites

Okay, that is the problem. Thanks for enligtening me on this topic, but I would like to suggest to the admins that they make a post on some suitable forum on this topic just to alert all the hosted members of Xisto and Xisto. I mean, most of them would be really confused on what to do, after hearing all the internet crime scandals, you just cant tell what will happen when you click on submit the next time. I mean, God should what information we will be sending. Just to avoid all such doubts I ask a admin, mod to please take this report seriously.

Share this post


Link to post
Share on other sites

Yes, I started having this problem too when I switched to a top level domain. You access CPanel from your domain, but the certificate is not connected to it :P Don't worry about that ;)

Share this post


Link to post
Share on other sites

Its not the question of me not understanding the sercurity certificate, its that a newbie or a person who is obsessed with the safety of his computer wont understand the fact that the site he is visiting is safe. I have Micro$oft Windows Vista with Micro$oft Internet Explorer 7 Beta 2, and they way when both of these softwares combine and show that you are visiting a site which has some kind of not appropriate certificate really frightens you out, a pop-up comes saying that its may be a scam site, Micro$oft Internet Explorer redirects to another page giving all sorts of reasons why you have been redirected.This why I am pressing on this point that some one should take this matrer seriously and just imagine if one of those are a dum headed fool, who manages to mark Xisto as a scam site, then what? :P In Micro$oft Internet Explorer you have an option to do that. All this will lead only to confusion, reducing number of visitors to Xisto and I dont know what else will happen. ;)

Share this post


Link to post
Share on other sites

Just so you know, this is what comes up in Firefox when trying to login to your cPanel (after using Firefox's "Clear Private Data" tool):

 

Posted Image

 

When viewing the certificate, you get this:

 

Posted Image

 

Now, this isn't really an issue for me since I know very well that Xisto is a part of the Xisto Corporation, but I can certainly see where ganeshn11 is coming from. =^^=

Share this post


Link to post
Share on other sites

I dont really know why no admin has not really noticed this topic and taken some action. Come on man, why does'nt anyone understand the issue which this negligance can make, it may become into a really big one.

Share this post


Link to post
Share on other sites

Hi, I got the same problem every time im trying to login to my cpanel with internet explorer or with firefox, i really dont care about this and simply i press the yes button to the alert window and accept. Also, this window appears before the login window of my cpanel account.best regards,

Share this post


Link to post
Share on other sites

Well, I did a little study on your problem, Ganeshn11, and this is what I found -

 

The certificate that you use to authenticate yourself into the Cpanel is issued to "xisto.com". But when you log in to your Cpanel, its something like "http://forums.xisto.com/no_longer_exists/;, right? So, the browser thinks that someone else is using that certificate to intercept your connecctions. i.e. It thinks you should be visiting "xisto.com/*" when using that certificate. Basically, you do get the SSL security, but the certificate you are using is not in your name. Browsers think they're acting smart, but that's actually what you want to do!

 

Even when I use Firefox for logging in to my Cpanel, I have settings to trust that certificate permanently, but still I get the warning about certificate/address mismatch every time, so that I have to click on OK to continue. Don't worry, not a security exploit, just a simple misconfiguration problem.

 

(The above content was NOT put as a quote because I myself typed it in originally.)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.