Security certificates - why do I get problems on Logos.com product pages.

Page 1 of 2 (31 items) 1 2 Next >
This post has 30 Replies | 1 Follower

Posts 685
Kevin A Lewis | Forum Activity | Posted: Thu, Feb 12 2015 1:59 AM

I am often recently getting "security certificate" problem notifications on my browser (IE 11) when I enter some (not all) logos product pages.

This sometime occurs when I enter vyrso pages too - but these seem of pervasive.

Can anyone help at all.

Regards KEvin

Posts 685
Kevin A Lewis | Forum Activity | Replied: Fri, Feb 13 2015 1:18 AM

Anyone?

Posts 26261
Forum MVP
MJ. Smith | Forum Activity | Replied: Fri, Feb 13 2015 1:34 AM

Sorry but I lack sufficient knowledge to even begin to debug: what security service do you use, what platform, what browser, what is the exact error message, have you looked the error message up in your browser and security websites ... If I had similar problems or if others had recently report a rash to such errors I'd have an idea where to start.

Orthodox Bishop Hilarion Alfeyev: "To be a theologian means to have experience of a personal encounter with God through prayer and worship."

Posts 685
Kevin A Lewis | Forum Activity | Replied: Fri, Feb 13 2015 2:20 AM

This is what I see as soon as I click on the "certificate error" in the end of the browser address field (Windows 7 32 bit, WI 11 (mentioned that)

About as far as I can go with out assistance!

Thanks Kevin

Posts 685
Kevin A Lewis | Forum Activity | Replied: Fri, Feb 13 2015 2:22 AM

Sorry cut and paste didn't seem to work

Posts 18651
Rosie Perera | Forum Activity | Replied: Fri, Feb 13 2015 2:22 AM

Can you post an example of a URL that you get that error on?

I notice security problems on some forum pages but not all. I get the yellow triangle warning on the lock icon:

Not sure if this is a related problem or not.

Bradley Grainger explained a problem with security certificates that was fixed a while back: https://community.logos.com/forums/t/83687.aspx 

Posts 685
Kevin A Lewis | Forum Activity | Replied: Fri, Feb 13 2015 2:59 AM

I don't get that but

https://www.logos.com/product/49485/first-things

gives me

Posts 685
Kevin A Lewis | Forum Activity | Replied: Fri, Feb 13 2015 3:00 AM

Is it some confusion between Logos.com and Verbum.com

in the URL and the security certificate

Regards Kevin

Posts 685
Kevin A Lewis | Forum Activity | Replied: Fri, Feb 13 2015 6:34 AM

bump

Posts 1216
Matt Hamrick | Forum Activity | Replied: Fri, Feb 13 2015 6:51 AM

Just install the certificate and be done with it.

Posts 272
LogosEmployee
Glenn Airoldi (Faithlife) | Forum Activity | Replied: Fri, Feb 13 2015 7:30 AM

Hi all,

Thank you for the URLs and screenshots.  We're looking into this and will remedy.

Posts 698
LogosEmployee

Kevin A Lewis:
I am often recently getting "security certificate" problem notifications on my browser (IE 11) when I enter some (not all) logos product pages.

We're double-checking all of our certificate configurations, but we cannot currently reproduce this.

A couple of points of clarification: The warning that Rosie describes is generally referred to as a mixed content warning and what it means is that some component of the page is not being loaded over https. On the forums specifically, it looks like the images for emoticons are loaded over http and not https. That's a different problem than the one you're reporting.

There are a handful of possible causes for the issue you're reporting, but some of them are beyond our control. Again, we are double and triple checking the ones that are within our control.

The most common cause I have seen other than configuration issues on our side is if your browser is configured to use a proxy (sometimes used by  businesses, academic institutions, your off-the-shelf web firewall or creative internet service providers) and that proxy is misbehaving OR using old technology. There should be more information about which website's certificate your browser is being served and it's probably hiding behind that "More information" button. Being able to see that, if you have a moment, would be helpful.

Director of Engineering for Enterprise and Operations

Posts 685
Kevin A Lewis | Forum Activity | Replied: Fri, Feb 13 2015 8:54 AM

The Logos product pages seem to be behaving at the moment - although I am still getting problems with Vyrso.com

I have installed the certificate - and yet is still persist in raising this error

Thanks for your attention. Kevin

Posts 698
LogosEmployee
Cameron Watters (Faithlife) | Forum Activity | Replied: Fri, Feb 13 2015 11:07 AM

I'd still be very interested in any proxy configuration on your machine. You report using IE 11, which should handle our configuration just fine, but what you're describing looks and smells like a proxy or intermediate application that isn't coping well with a technology we use called Server Name Indication or SNI.

We know this affects ancient versions of browsers and operating systems, but if you're seeing it with IE 11 on a recent version of Windows, then there's probably something between you and us that isn't SNI-savvy.

Director of Engineering for Enterprise and Operations

Posts 98
Tim Lord | Forum Activity | Replied: Mon, Feb 23 2015 1:15 PM

I have the same problem, especially with the Vyrso web site, and recently has started with the Logos.com web site, but not as yet with the faithlife.com web site (no issues with faithlife.com).
I am on I.E. 10 rather than I.E. 11 because business use limitations prevent me from upgrading to I.E. 11.
Here is what Wikipedia says about SNI, please note what I have set in bold text:
"When making a TLS connection the client requests a digital certificate from the web server; once the server sends the certificate, the client examines it and compares the name it was trying to connect to with the name(s) included in the certificate. If a match occurs the connection proceeds as normal. If a match is not found the user may be warned of the discrepancy and the connection may abort as the mismatch may indicate an attempted man-in-the-middle attack. However, some applications allow the user to bypass the warning to proceed with the connection, with the user taking on the responsibility of trusting the certificate and, by extension, the connection."
By the way, I have no proxy server settings designated in my Internet Explorer configuration (please see next 3 screen shots below).
Please advise if solution is found.  Thank you.

Posts 1887
Donnie Hale | Forum Activity | Replied: Tue, Feb 24 2015 7:50 AM

Tim Lord:
I am on I.E. 10 rather than I.E. 11 because business use limitations prevent me from upgrading to I.E. 11.

Can you paste a screenshot of the certificate information for whatever certificate is being returned? Also, are you up-to-date on all your Windows updates? Some of those update the certificate store (with root certificate information) in Windows. It's possible that those "business limitations" are behind on Windows updates.

Donnie

Posts 98
Tim Lord | Forum Activity | Replied: Tue, Feb 24 2015 8:55 PM

 

 

Posts 98
Tim Lord | Forum Activity | Replied: Tue, Feb 24 2015 8:57 PM

I'm all up-to-date on my Windows updates.  In case this particular certificate is "bad", should I delete the certificate and then re-access the Vyrso web site to automatically receive a new certificate that might work like it should?  Thank you.

Posts 698
LogosEmployee

Based on all of my testing, when I use SNI-capable tools, I cannot reproduce your issue. When I disable SNI support, it reproduces every time.

The screen shot you posted with the annotation:

Tim Lord:
By the way, I have no proxy server settings designated in my Internet Explorer configuration

doesn't actually show that you have no proxy configured. It shows that you have no manually configured proxy. You have the "Automatically detect settings" checked. If you've got an anti-virus that protects you from the web by using a local proxy and/or something configured by your IT staff (if there is one involved), it may be picking up proxy settings anyway (see the note about automatic settings overriding manual ones).

I'm really sorry that this isn't working well for you. I've seen plenty of cases where that "detect settings" checkbox leads to problems just like this one. But, of course, without being able to literally examine your local network configuration, I cannot say conclusively that it is, in fact the issue.

What I can say is: the symptoms you are experience are the expected behavior for tools that do not support SNI.

I'm really sorry and we'll keep looking for a solution.

Director of Engineering for Enterprise and Operations

Posts 1887
Donnie Hale | Forum Activity | Replied: Wed, Feb 25 2015 6:13 AM

Cameron Watters (Faithlife):
What I can say is: the symptoms you are experience are the expected behavior for tools that do not support SNI.

For the individual who was seeing the errror accessing vyrso.com but was being returned a verbum.com certificate, which does sound like an SNI issue, wouldn't affirmation of your hypothesis consist of the user accepting the certificate so that he/she navigates to the site and then see if he/she arrives at the verbum web site (rather than vyrso)? I think that would prove that the request was handled by the verbum "web site" or "virtual host" - on whatever web server you're using.

For folks wondering about SNI, you can think about it this way. The HTTP "Host" header is to http (i.e. without SSL/TLS) as SNI is to https (i.e. SSL/TLS). Believe it or not, there was a time when the HTTP "Host" header was not a standard. If you wanted to host multiple sites at the same IP address, it was a real pain. Yes, I lived through that. The earliest SSL/TLS protocols broke this because HTTP headers are encrypted under SSL/TLS. So SNI was added to the protocol to allow for that capability.

Donnie

Page 1 of 2 (31 items) 1 2 Next > | RSS