YJL: SSL

Showing posts with label SSL. Show all posts

Googlebot noticed your site, https://<MYDOMAIN>/, uses an SSL certificate which may be considered invalid by web browsers

Friday, September 16, 2011

certificate Google Webmaster Tools Googlebot HTTPS SSL

Thanks for the notification!

Here is the email I just received:

Dear Webmaster,

Your site, https://<mydomain>/, uses an SSL certificate which is not recognized by web browsers. This will cause many web browsers to block users from accessing your site, or to display a security warning message when your site is accessed.

To correct this problem, please get a new SSL certificate from a Certificate Authority (CA) that is trusted by web browsers.

Thanks,

The Google Web Crawling Team

Where <MYDOMAIN> is yjl.im. At first glance, I thought this was new kind of phishing but it's real, the message was also on Webmaster Tools.

First of all, I believe I have never written down http://yjl.im/ anywhere, needless to mention the one with HTTPS. So, I guess Google is very kind to check that for you. If it isn't not this email, I haven't thought about to check it.

And here is a screenshot of the certificate:

The naked domain has URL forwarding to www.yjl.im. I use my registrar's free service, so I have no control of it. If Google App Engine could operate on naked domain, I wouldn't need that.

I don't understand why their servers listen to HTTPS, that makes no sense. Anyway, I might turn off URL forwarding or see what my registrar would say about it or just forget the whole thing...

Trust CAcert.org root certificate in NSS (for Chromium) on Gentoo

Monday, July 19, 2010

certificate Chromium Gentoo NSS security SSL

Few days ago (2010-07-16), Arch Linux Forums started to redirect unencrypted connection to encrypted connection, in other words, it is now SSL connection only.

My current web browser is Chromium and it told me CAcert.org is not trusted, the certificate issuer that Arch Linux Forums uses. It only takes one click for a browsing session to get rid of that message. Before this, I sometimes stumbled upon Gentoo Bugs redirected via Gentoo Packages.

I am not actually a reader of Arch Linux Forums, but I read it regularly. So its time to get rid of it once for all.

Its fairly simple. Firstly, you need certutil tool from NSS package, if you dont have then add the following line to your /etc/portage/packages.use:

dev-libs/nss utils

Re-emerge NSS. Next step is to add the root certificate:

certutil -d sql:$HOME/.pki/nssdb -A -t "C,," -n cacert -i /etc/ssl/certs/cacert.org.pem

Then check if we add successfully with:

% certutil -d sql:$HOME/.pki/nssdb -L

Certificate Nickname                                         Trust Attributes
                                                             SSL,S/MIME,JAR/XPI

cacert                                                       C,,

Restart browser and say hello to that little green lock.

The steps are actually from this Chromium wiki page

Note that the root certificate /etc/ssl/certs/cacert.org.pem is a symbolic link to /usr/share/ca-certificates/cacert.org/cacert.org.crt, which is a file part of ca-certificates package and your Gentoo system should already have it because OpenSSL depends on it and openssl is unlikely not installed.