1

i've recently bought a comodo ssl certificate with a 256bit encryption as a advice of my friend who uses that in his server and installed it to my server with following the instructions from google exc.

After that i've changed all the links with http to https, and that fixed the problem which is Continue to This Website (not recommended) within Chrome, IE and Safari.

However while it seems like okay in my firefox, i've noticed that in my friends' firefox browser, the problem still continues and if they dont select okay, all of the css files exc are being gone ( i think its because not loading the css files exc because browser thinks that its dangerous ) anyway, but everything is good with their chrome, safari and ie too..

After that i've checked all of the firefox versions with browsershots.org and it has also not showed me any erros or continue to this website error exc.

After that, i've asked my hosting provider that why that can happen, and they replied that this is a normal process, wait for 10-15 days and that will be good. But i'm not sure whether they said the truth or not.

PS : I dont even think that this can be a problem for any of the browsers, but can firefox think that with seeing the http there, can it be the reason ?

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

If you can help me with this problem, ill be glad

Thanks

Full Message :

" There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept data you send to the server. We recommend that you close this webpage and do not continue to this Web site. "

  • "*Continue to This Website (not recommended)*" What is the full error message? (Btw, there's no such thing as a [256-bit certificate](http://security.stackexchange.com/a/19555/2435), it's more likely to be 2048 bits or more.) – Bruno Sep 14 '12 at 20:13
  • What does the exact error message say? – Boris Zbarsky Sep 14 '12 at 23:31
  • added the full message, thank you for that information btw @Bruno –  Sep 15 '12 at 10:03

2 Answers2

1

There is a problem with this website's security certificate. The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept data you send to the server. We recommend that you close this webpage and do not continue to this Web site.

This has nothing to do with bad links or mixed content, rather, it has to do with certificates themselves.

You could test your site with Qualys SSL Labs' SSL test, which is usually more comprehensive than others.

Assuming that the certificate you've installed is indeed the correct one (you can check this in 'Add Exception...' and 'View...' to view the certificate details at that they are indeed those you see in your certificate), a few possible causes come to mind:

  • The CA you're using isn't recognised by the browser. This is quite unlikely since Comodo is very common.
  • The certificate chain you've installed on your server isn't in the right order and/or doesn't have all the intermediate CA certificates, if any.
  • This particular browser had visited a site with this name with another cert and had put a specific exception. This may conflict with the CA-based verification. Just in case, go into Options -> Advanced -> View Certificates -> Servers, and check that the server isn't on the list. (You can also check that the CA you're using is in the 'Authorities' list, but it's likely it is.)
Bruno
  • 119,590
  • 31
  • 270
  • 376
0

  1. How are the CSS items, etc., coded within the HTML? Is it fully pathed links to CSS or is it domain-less?

    <link rel="stylesheet" type="text/css" href="http://cdn.sstatic.net/stackoverflow/all.css?v=2dd53f4bb112">

    The above is fully domain CSS with protocol i.e. HTTP defined 

    <link rel="stylesheet" type="text/css" href="/all.css?v=2dd53f4bb112">

    Same as the above if the domain remains consistent.

  2. Check the Firefox versions of yours and your friend's. it could be an outdated Firefox which does not support latest SSL on your friend's browser (help about should tell you version information).

    Try updating his to match yours and try again.

Brock Adams
  • 90,639
  • 22
  • 233
  • 295
V H
  • 8,382
  • 2
  • 28
  • 48
  • css files are fully domain css with protocol https, don't think that its because of outdated ones, because i've tried browsershots with firefox's all versions with older ones and showed none problems, but 4 of my friends had that problems unfortunately.. –  Sep 14 '12 at 16:29
  • its worth attempting a test html page that contains current content but remove the fully domained css items and make it dynamic - see if that makes a difference on the browsers of people having issues also have a read of this http://support.mozilla.org/en-US/kb/enable-ssl-fix-cannot-connect-securely-error – V H Sep 14 '12 at 16:43
  • http://stackoverflow.com/questions/547219/firefox-ssl-error-no-cypher-overlap-error read here too the answer will be in about:config but I would agree this is not what you want general public to be doing to access site – V H Sep 14 '12 at 16:48
  • okay ill give it a try, if i can fix that will write here, thank you –  Sep 14 '12 at 16:51