UPDATE: September 6, 2015. All servers have been converted to Globalsign certificates today and should no longer prompt the security warnings mentioned in this topic. Details are located in this thread: CLICK HERE (http://www.charlottezweb.com/forums/index.php?topic=2054.0).
-----------------------
If you're running one of the newer browsers available (IE7/8, for example) and you get a security warning when trying to login to your cPanel, it may be because of how newer browsers are treating self-signed certificates.
If you're logged in as an administrator on your computer, you should be able to "add an exception" to view and accept the certificate. Verify the hostname and the "valid dates" are accurate first, of course. If you have any questions, definitely contact support -- it's far better to be safe than sorry.
However, if you are not logged in as an administrator (especially in IE7+) you may not be able to add the exception. Here's a good doc one of our customers shared that may be useful for those of you on Vista: (Thanks ShaneR!)
http://msmvps.com/blogs/cgross/archive/2006/10/23/Vista-RC2_2C00_-IE7-and-SBS-Self_2D00_Signed-Certs.aspx
Otherwise, most browsers will allow you to add an exception. You should only have to do this once (per computer you use) and then once a year when we regenerate the certificates.
If you spot an invalid date where the certificate shows expired, please contact me (email or a ticket) so they can be renewed.
Thanks!
To add to this topic, here are instructions that work in IE8/9 and Firefox. I've noticed IE8/9 makes it more of a pain to accept a cert so you don't have to click through every time with warnings.
http://stackoverflow.com/questions/681695/what-do-i-need-to-do-to-get-internet-explorer-8-to-accept-a-self-signed-certific
How to make IE8 trust a self-signed certificate in 20 irritating steps
1 Browse to the site whose certificate you want to trust.
2 When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
3 Select Tools->Internet Options.
4 Select Security->Trusted sites->Sites.
5 Confirm the URL matches, and click "Add" then "Close".
6 Close the "Internet Options" dialog box with either "OK" or "Cancel".
7 Refresh the current page.
8 When told "There is a problem with this website's security certificate.", choose "Continue to this website (not recommended)."
9 Click on "Certificate Error" at the right of the address bar and select "View certificates".
10 Click on "Install Certificate...", then in the wizard, click "Next".
11 On the next page select "Place all certificates in the following store".
12 Click "Browse", select "Trusted Root Certification Authorities", and click "OK".
13 Back in the wizard, click "Next", then "Finish".
14 If you get a "Security Warning" message box, click "Yes".
15 Dismiss the message box with "OK".
16 Select Tools->Internet Options.
17 Select Security->Trusted sites->Sites.
18 Select the URL you just added, click "Remove", then "Close".
19 Now shut down all running instances of IE, and start up IE again.
20 The site's certificate should now be trusted.
Firefox 8.0.1.
The way it works there is when you go to webmail, (or cpanel), it will say "The Connection is Untrusted." On that page near the bottom is an expandable link that says "I Understand the Risks." If you click that, there is a button there that says "Add Exception." Click on that. On the next page, there is a checkbox at the bottom that says "permanently store this exception." Make sure that's checked and then click the "Confirm Security Exception" button. That should do it.
Last week I received a great suggestion to post the fingerprints of the certificates we use on our servers on a page that's SSL-secured by a verifiable (third-party) provider.
Below are the fingerprints as of today for all servers. You can refresh this page by clicking below to view it via https instead of http. That way you know the page is SSL secured.
https://www.charlottezweb.com/forums/index.php?topic=1218.0
Please post here if these get outdated. The certs only last a year and they aren't all in sync so they may get outdated quickly if we don't monitor it closely.
(http://www.charlottezweb.com/images/server_SSLs.gif)
Regards,
Jason
Its a right pain Jason...once a day or thereabouts I don't mind a bit.
;)
Quote from: dania on December 26, 2012, 10:33:13 AM
Its a right pain Jason...once a day or thereabouts I don't mind a bit.
;)
Technically you should only get it about once a year unless you use multiple machines. :)
Jason,
Everything was golden until I got to step 9 in the 20 irritating steps instructions above. ;)
I'm not seeing "Certificate Error" on the right hand side of the address bar as I have in past years?
I'm running IE9.
Any suggestions?
Thanks! :)
Disregard my last post Jason . . . I figured it out :-[
Okay . . . I'm back again ::)
I've gone through the 20 step process twice now and I'm still receiving the certificate error?
What now?
Thanks . . . again. :)
Which url are you access so I can try to recreate?
http://thefunnyfactor.net/cpanel
I just completed the "20 Steps" in IE 11 and after shutting down IE and relaunching it, it's working perfectly without errors.
Are you doing the install as a local admin on that machine?
I'll try again as admin and be back . . .
I ran as admin and got the same results?
Hmm. It's working for me. It let you do every step as listed 1-20? At step 14, did you get the popup to install the cert for Blackice.charlottezweb.com?
To be clear, you are currently logged in as a user with full administrator rights on your machine? Not a regular user?
Yes, I'm logged in with full admin rights.
I'll recheck step 14 to answer your other question and be back . .
I do not get the popup for Blackice.charlottezweb.com in step 14.
But that is the URL in step 5?
Quote from: Pam on March 08, 2014, 09:50:18 PM
I do not get the popup for Blackice.charlottezweb.com in step 14.
But that is the URL in step 5?
Correct. You add it to your trusted sites in step 5. Then you go back and install the cert making sure to install it to the specific location they tell you. Then you go back to the trusted sites where you were in step 5 and remove it.
You add it to the trusted sites so that your browser will let you install the cert, then you go back and remove it from the trusted sites as that's no longer needed with the cert installed.
Quote from: Jason on March 08, 2014, 09:52:49 PM
Correct. You add it to your trusted sites in step 5. Then you go back and install the cert making sure to install it to the specific location they tell you. Then you go back to the trusted sites where you were in step 5 and remove it.
You add it to the trusted sites so that your browser will let you install the cert, then you go back and remove it from the trusted sites as that's no longer needed with the cert installed.
Yes I add in step 5. I install the cert as specified in the instructions and then I remove it from trusted sites.
I don't think rebooting will solve the problem but I'm going to reboot and try once again.
J ~
I finally got the cert installed.
At step12, I selected "Show Physical Stores" under ""Trusted Root Certification Authorities", I selected "computer" and then finished the remainder of the steps and it worked . . . at last. :-\
BTW . . . cert expires in 1 week :D
I do appreciate your help. 8)
Quote from: Pam on March 08, 2014, 10:13:04 PM
J ~
I finally got the cert installed.
At step12, I selected "Show Physical Stores" under ""Trusted Root Certification Authorities", I selected "computer" and then finished the remainder of the steps and it worked . . . at last. :-\
BTW . . . cert expires in 1 week :D
Glad to hear it's sorted!
Don't kill me but I didn't realize the cert was that close to expiring. I'll need to reset it in the next day or two so you'll have to go through that again if you want to save it locally. :(
No problem J on the reset. :)
Quote from: Pam on March 09, 2014, 10:33:01 AM
No problem J on the reset. :)
I appreciate your understanding. That would've been helpful if I noticed the dates when I was testing last night. :)
I've reset all the certs for another year on Blackice as of a few minutes ago.
Regards,
Jason