Results 1 to 12 of 12
  1. #1
    Join Date
    Jul 2001
    Location
    Orlando (via Jamaica)
    Posts
    76

    IE7 warning for shared cert offered by host

    As many Reseller Hosts offer shared certificates as a feature, and many resellers have small-business clients who make good use of this, is anyone else finding it a major problem where visitors using IE7 get an error message for pages using the shared certifcates?
    There is a problem with this website's security certificate.
    The security certificate presented by this website was not issued by a trusted certificate authority.
    Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
    We recommend that you close this webpage and do not continue to this website....
    As a layperson visitor seeing that, I would not even think of using the link they offer to "continue" anyway. It scares customers off. I asked my Host about it and he said that it is beause all the shared SSL's are self-signed certifcates, so they do incur that error.

    How are others dealing with it? No other option but to advise the client to get their own certificate?

    Are there resellers that do NOT have this problem with their shared certs?
    http://www.95degrees.com - Web Design
    Domains For Sale
    PixelGurus.com | PHPSecrets.com | ShakeHand.com | HireDeveloper.com | Recruitable.com...

  2. #2
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,981
    If you want to make your site professional, then get your own certificate. You can get it from namecheap also.

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx

  3. #3
    Join Date
    Dec 2004
    Location
    New York, NY
    Posts
    10,710
    I don't believe this has anything at all to do with the cert being "shared", but rather the cert itself.

  4. #4
    Join Date
    Apr 2001
    Location
    Paradise
    Posts
    12,052
    you can use https://server.name.com/cpanel and after login to the control panel, install the certificate permanently, that should take a ride of the error message.
    Shared Web Hosting - Reseller Hosting - Semi-Dedicated Servers - SolusVM/XEN VPS
    LiteSpeed Powered - R1Soft Continuous Data Protection - 24/7 Chat/Email/Helpdesk Support
    Cpanel/WHM - Softaculous - R1soft Backup - Litespeed - Cloudlinux -Site Builder- SSH support - Account Migration
    DowntownHost LLC - In Business since 2001- West/Center/East USA - Netherlands - Singapore

  5. #5
    Join Date
    Mar 2003
    Location
    /root
    Posts
    23,981
    Moved to Technical & Security Issues.

    Specially 4 U
    Reseller Hosting: Boost Your Websites | Fully Managed KVM VPS: 3.20 - 5.00 Ghz, Pure Dedicated Power
    JoneSolutions.Com is on the net 24/7 providing stable and reliable web hosting solutions, server management and services since 2001
    Debian|Ubuntu|cPanel|DirectAdmin|Enhance|Webuzo|Acronis|Estela|BitNinja|Nginx

  6. #6
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    95 Degrees,

    Shared SSL will show warning like you have mentioned. Its because the SSL is not installed for the domain you are accessing with https. For SSL to work fine, the domain should have a dedicated IP and install SSL over it.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  7. #7
    Join Date
    Feb 2005
    Location
    Australia
    Posts
    5,849
    Provided the shared cert has been installed correctly you should be able to avoid these warnings by using the userdir url format https://shared-server-name/~username - but seeing that in the url bar will also put off some users.

    With the cheapest SSL certs only around $15 per year now there's no real reason for any e-commerce site not to have one.
    Chris

    "Some problems are so complex that you have to be highly intelligent and well informed just to be undecided about them." - Laurence J. Peter

  8. #8
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,771
    Foobic,

    I dont think a e-commerce site owner would wish that right?
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  9. #9
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,146
    Quote Originally Posted by 95 Degrees View Post
    As many Reseller Hosts offer shared certificates as a feature, and many resellers have small-business clients who make good use of this, is anyone else finding it a major problem where visitors using IE7 get an error message for pages using the shared certifcates?

    As a layperson visitor seeing that, I would not even think of using the link they offer to "continue" anyway. It scares customers off. I asked my Host about it and he said that it is beause all the shared SSL's are self-signed certifcates, so they do incur that error.

    How are others dealing with it? No other option but to advise the client to get their own certificate?

    Are there resellers that do NOT have this problem with their shared certs?
    This will happen whenever the 'cabundle' is not installed or not installed properly. Can happen with both, a Dedicated or Shared Cert. The 'cabundle' is usually supplied from the same place the Cert was purchased from (along with the Cert itself) or the Hoster can use a generic one -- which usually works just as well.

    With that said and as already mentioned, it is always more professional to have your own Cert instead of using a Shared one. And with the cost so low these days, don't see why anyone would not be using their own Cert.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  10. #10
    Join Date
    Jul 2001
    Location
    Orlando (via Jamaica)
    Posts
    76
    Thanks for the responses.

    Provided the shared cert has been installed correctly you should be able to avoid these warnings by using the userdir url format https://shared-server-name/~username - but seeing that in the url bar will also put off some users.
    That is the format that most reseller host providers offer, including mine. He says that it has nothing to do with it being installed correctly or not though. With IE7 it seems as someone said above, to be the cert itself.

    As far as being best to have a cert fo yourself, that is a precognition. Just as having your own merchant accoount versus using a 3rd party etc is. If it was my decision then this post wouldn't exist. But because it's referring to some of my customers' accounts who for their own reasons had chosen a shared cert way back and never had a problem with it before, I can only suggest and they make the decision now to get their own (I am the primary account). So before suggesting it, I just wanted to find out if there was some way they could keep their status quo since I moved to a new host recently..."seamlessly".

    That is, I am trying to avoid the end user accounts from having to wonder why the move wasn't 100% seamless, i.e. now suddenly their https pages are giving their customers this message, and now they have to buy a dedicated IP and their own cert.

    But I didn't realize the cost had come down so much. The flip side is that since they are very affordable it seems now, and since it is the best way to go anyway hopefully it won't be a problem when I suggest it.
    Last edited by 95 Degrees; 09-03-2007 at 09:36 AM.
    http://www.95degrees.com - Web Design
    Domains For Sale
    PixelGurus.com | PHPSecrets.com | ShakeHand.com | HireDeveloper.com | Recruitable.com...

  11. #11
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    layer0 was correct.

    "the shared SSL's are self-signed certifcates"
    Though I don't recommend shared SSL for a number of reasons, this error is not a problem with shared SSL. Absolutely any 'self signed' certificate will result in such an error since the certificate signer (the host) is not a browser recognized Certificate Authority.

    If the shared SSL used a REAL (CA signed) certificate, this problem would not occur. Of course, you would still have the problem of multiple sites sharing a single certificate, which defeats the entire purpose of certification.

    In the end, the solution is the same. When low cost certificates became available, there was no longer any reason to use shared SSL for anything but testing.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  12. #12
    Join Date
    Jul 2001
    Location
    Orlando (via Jamaica)
    Posts
    76
    Thanks. That is definitely the conclusion, and will pass it on to him i.e. Use for testing purposes only. Plus after looking at pricing now, quite affordable for all budgets.
    http://www.95degrees.com - Web Design
    Domains For Sale
    PixelGurus.com | PHPSecrets.com | ShakeHand.com | HireDeveloper.com | Recruitable.com...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •