SitePoint Sponsor

User Tag List

Results 1 to 15 of 15

Hybrid View

  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    This Connection is Untrusted

    I am at the library, and when I went to use their free wi-fi, FireFox displays this message...

    Attachment 61597


    Questions:

    1.) What exactly does that message mean?

    2.) Should I be overly concerned about it?

    3.) Should I "run for my life" from the library?


    I understand the risks of "free wi-fi", but that is my only option at the moment. So based on that, I'd like to understand what additional risks the screen-shot I posted above may cause.

    Sincerely,


    Debbie

  2. #2
    Barefoot on the Moon! silver trophy
    Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,524
    Mentioned
    51 Post(s)
    Tagged
    1 Thread(s)
    The site is using an SSL certificate that isn't recognized by any of the Internet's root certificate authority servers.

    Since I see the address is an IP address, I'd guess that it's a self-created SSL certificate of the device managing wireless connections.

    It's likely that it's a sign-on page for gaining wifi access to verify that you are a library patron.
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Force Flow View Post
    The site is using an SSL certificate that isn't recognized by any of the Internet's root certificate authority servers.

    Since I see the address is an IP address, I'd guess that it's a self-created SSL certificate of the device managing wireless connections.

    It's likely that it's a sign-on page for gaining wifi access to verify that you are a library patron.
    Not sure I follow your response.

    What about questions #2 and #3?

    Whatever the library I was at is doing, it seems like they aren't being very careful or secure...

    Sincerely,


    Debbie

  4. #4
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,598
    Mentioned
    411 Post(s)
    Tagged
    7 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    it seems like they aren't being very careful or secure...
    Nah, the problem is that they haven't forked out lots of money to get their SSL certificate "verified" by a recognized company. That doesn't mean their connection is any less secure. It's just an annoying message that you can ignore if you trust the organisation offering the connection—which in this case, you can.

    My own web hosting account gives me the same message. the only way around it is to bay big $$$ for a pointless "verified" SSL certificate. But I don't bother, because I trust myself.

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by ralph.m View Post
    Nah, the problem is that they haven't forked out lots of money to get their SSL certificate "verified" by a recognized company. That doesn't mean their connection is any less secure. It's just an annoying message that you can ignore if you trust the organisation offering the connection—which in this case, you can.
    I'm still not understanding what is going on here...

    Why is the library using an SSL certificate for free wi-fi in the first place?

    Here is what happens when I want to access the Internet at this library...

    - I choose the library's hot-spot
    - I open FireFox
    - I get that error page
    - I chose to ignore that message by adding the library as an exception
    - I get some library landing page
    - I check the box next to the "Terms" and click "Accept"
    - I am connected to the Internet


    There is no User Account or User Log-In required, so what purpose would any SSL certificate serve??


    My own web hosting account gives me the same message. the only way around it is to bay big $$$ for a pointless "verified" SSL certificate. But I don't bother, because I trust myself.
    I'm not following you.

    You have a website that others have to deal with the same issue?

    Or you have a similar issue to just connect to the Internet with your ISP?

    Or something else?


    Back to my OP, when should the error page I showed above make me leave immediately? (I've come across that before on the Internet.)

    Sincerely,


    Debbie

  6. #6
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,604
    Mentioned
    24 Post(s)
    Tagged
    1 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    Why is the library using an SSL certificate for free wi-fi in the first place?
    To encrypt the connection between your computer and the wifi so that the person three desks over can't capture everything you type in.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  7. #7
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,598
    Mentioned
    411 Post(s)
    Tagged
    7 Thread(s)
    Quote Originally Posted by DoubleDee View Post
    You have a website that others have to deal with the same issue?
    No, when I go to log in to the backend of my web hosting account, it is an https connection, and thus I get the warning message, so it's not something that affects site users.

    If you want a protected web connection (for the reasons that felgall described)—that is, to go to https and opposed to http—you need to set up an SSL certificate. It's perfectly fine to create one yourself, and is free, but from a browser's point of view, it's not as reliable as one that's verified by a trusted SSL company. So if you have an ecomerce website that grabs credit card details from customers, it's best to get the SSL certificate endorsed by a reputable company. That way, the browser knows to trust the certificate.

    The library is providing you with a more secure connection by sending you to https, so they are trying to do the right thing, but the warning message is a bit of a pain. If you were visiting a site by someone you didn't know, the browser would want you to know that even though it's an https connection, you may not be able to trust the person at the other end who is getting your data.

  8. #8
    Programming Since 1978 silver trophybronze trophy felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, NSW, Australia
    Posts
    16,604
    Mentioned
    24 Post(s)
    Tagged
    1 Thread(s)
    There are two purposes served by an SSL certificate -

    1. securing data between the browser and the server
    2. Confirming the identity of the site you are connecting to.

    A paid certificate is required for the second of these but a self made certificate or one offered by a third party is equally effective for the first.

    So for connecting to your own web site to read your emails online you can use the webhosting provided certificate to get a secure connection and because you know that your site is hosted with them you know that you are accessing the right place even though the certificate doesn't match the domain.

    With access over local WiFi a self made certificate can be used because there will be someone physically present at the location who can confirm the certificate really does belong to them IN PERSON so that you don't have to rely on one of the major SSL authorities having issued the certificate and trusting that authority to have checked who the certificate is issued to. Trusting the person in front of you in this situation is even better than trusting some authority that the people who wrote your browser decided to trust to issue certificates. With a library WiFi any library owned computers wouldn't even be producing that alert as the person who set up the network would have added their certificate as a trusted certificate in the browsers on those computers. If you trust the library connection you can make it a trusted certificate in your browser and never see the warning again. If you don't trust it then don't use their network at all.
    Stephen J Chapman

    javascriptexample.net, Book Reviews, follow me on Twitter
    HTML Help, CSS Help, JavaScript Help, PHP/mySQL Help, blog
    <input name="html5" type="text" required pattern="^$">

  9. #9
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    23,598
    Mentioned
    411 Post(s)
    Tagged
    7 Thread(s)
    Quote Originally Posted by felgall View Post
    the person who set up the network would have added their certificate as a trusted certificate in the browsers on those computers.
    Aw, didn't know you could do that. Firefox always used to accept the site once I reassured it, but on Chrome, it always kicks up a fuss. After some Googling, found this page that showed how to stop that:

    http://www.robpeck.com/blog/2010/10/...-certificates/

    (In fact, the process is easier than described there, so perhaps Chrome has improved the situation. worked nicely.)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •