1

I was trying to help someone with an error in this question. and realised I didn't understand something I thought I did!

He operates a site at http://bankrotpluse.ru/.

I changed the URL manually to https://bankrotpluse.ru/ and got the 'your connection is not private message' and I thought this was a misconfigured SSL, he then informed me he does not have SSL.

What I don't understand is when you click on NET::ERR_CERT_COMMON_NAME_INVALID it shows the certificate chain for the 'subject' of citytraffic.ru.

What is going on here? Is it that he is on shared hosting and that is the first entry it could find or is there some sort of regional SSL provider that Chrome falls back to? (firefox shows same certificate information).

screenshot of certificate information shown

GrahamTheDev
  • 22,724
  • 2
  • 32
  • 64
  • If the site is not intended to be used with HTTPS then don't use it with HTTPS. Depending on the configuration of the site it will result in different errors, i.e. in some cases the connection is impossible in the first place and in others it will result in the wrong certificate. – Steffen Ullrich Sep 27 '19 at 05:31
  • ok the duplicate was partially useful, could you point me to what I need to look up to understand this behaviour as those are just fixes to a problem, i.e. do a search for `SSL certificate chain` etc. to learn about this and why this actually occurs? The searches I have performed just show how certificates work, not why this particular scenario results in this behaviour and I am guessing there is a key phrase / term I do not know to search for? **Since SSL doesn't care what is the domain you are visiting, it only cares if the current domain is approved** - how do I learn more about this part? – GrahamTheDev Sep 27 '19 at 06:12
  • In short: This happens if you have multiple domains on the same IP address and some of these have certificates for HTTPS and some not. Since they share the same IP address there is no way for the server to listen for some of these domains for HTTPS and not for others (listening is done by IP not by domain). Depending on the server configuration accessing a domain which is not explicitly configured for HTTPS (i.e. has no certificate) will either result in some strange TLS error or in serving the certificate configured for some other domain. – Steffen Ullrich Sep 27 '19 at 06:19
  • That is probably sufficient for my level of understanding that is needed, at the end of the day I would just have SSL (HSTS actually) so it is more a curiosity than something I need to understand in depth. Have a nice day and thanks for the info. – GrahamTheDev Sep 27 '19 at 06:27

0 Answers0