|
Hi you poor webmaster! Rough day I'm betting, but just in case you aren't aware the cert you just installed (or modified in some way today) is no good.
I can't edit the site in Chrome at all, and Safari gives me all sorts of warnings.
"You attempted to reach secure.paizo.com, but the server presented an invalid certificate."
It makes it impossible to post (using my preferred browser) let alone make purchases.
So if you're not aware, please fix. If you are sorry to bother you and good luck!
Thanks either way for fixing this quickly. My play by post games won't wait for me forever! :)
Odd. I'm using Chrome right now and having no issues....
|
|
Odd. I'm using Chrome right now and having no issues....
Lucky. :)
I don't have any super-secure stuff loaded in my browser. It just stopped working sometime in the last couple-three hours or so. I haven't updated Chrome either in that time so there's nothing on my end causing the grief (I think).
Maybe you're seeing a cached cert? I dunno if browsers do that or not.
Senior Software Developer
|
That's weird. I suppose it's possible that one of our webservers has gone all wonky today but I don't think so. Can you email the details of the cert you're seeing to webmaster@paizo.com? Thanks!
|
|
I don't mean to be a nag, er, sigh. Well, it's still broken. I sent email as requested with as much detail as I could. It's driving me nuts!!
It certainly doesn't seem like anything on my end, but just in case I blew away and re-installed my browser. Then I got a different error message which most folks won't see 'cause they ignore such things. :)
>>><<<
The site's security certificate is not trusted!
You attempted to reach secure.paizo.com, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You should not proceed, especially if you have never seen this warning before for this site.
>>><<<
I suspect your certificate expired but I could be wrong. Either way it is still something you should look at, though I can now override it for my play by post. :)
|
Chief Technical Officer
|
We've had four people complain of this; three of them several weeks ago, and you this week.
The other three were all using older versions of Mac OS, and the error message they were getting was essentially the same as yours: it's not that our certificate itself has a problem, but that it's reportedly signed by an untrusted source; I don't what to go into too much detail on how security certificates work, but Thawte, the signatory source we use, is the second largest in the world, and trust for their certificates has been built into most browsers (and eventually operating systems) pretty much from the dawn of secure web browsing; in short, it's an error you really shouldn't get.
Two of the other three solved their problem by restarting their computer. That didn't work for the third, who ended up reinstalling his system's "Thawte Premium Server CA" Root 2 certificate from Thawte's site (https://www.thawte.com/roots/).
You can verify for yourself that it *should* be working for all browsers by visiting this page.
I wish I had a better answer for you, but I'm stumped.
That didn't work for the third, who ended up reinstalling his system's "Thawte Premium Server CA" Root 2 certificate from Thawte's site (https://www.thawte.com/roots/).
I'm this third and this solved my problem two weeks ago. Though I'll admit reinstalling a root certificate makes you feel a bit geeky.
I discovered yesterday that I get the same kind of message on MacUpdate Promo. This one's not even issued by Thawte, so the problem is probably not directly related to Paizo. I don't really care for MacUpdate Promo, so I didn't try yet to reinstall a GeoTrust certificate.
FYI, I just installed NetNewsWire to coral all my Paizo PbP games into a desktop RSS reader and ran into the cert issue. The non-secure paizo site loaded fine, but attempting to add a post brought up the "secure.paizo.com . . " error.
Vic's post above about installing the certificates from the Thawte's site did the trick. The only difference is I had to do all of them and not just the one listed. No big deal. It's dead simple on a Mac to do.
Anyone else with this problem, this thread is the answer.
|
Chief Technical Officer
|
We've had four people complain of this; three of them several weeks ago, and you this week.
The other three were all using older versions of Mac OS, and the error message they were getting was essentially the same as yours: it's not that our certificate itself has a problem, but that it's reportedly signed by an untrusted source; I don't what to go into too much detail on how security certificates work, but Thawte, the signatory source we use, is the second largest in the world, and trust for their certificates has been built into most browsers (and eventually operating systems) pretty much from the dawn of secure web browsing; in short, it's an error you really shouldn't get.
Two of the other three solved their problem by restarting their computer. That didn't work for the third, who ended up reinstalling his system's "Thawte Premium Server CA" Root 2 certificate from Thawte's site (https://www.thawte.com/roots/).
You can verify for yourself that it *should* be working for all browsers by visiting this page.
I wish I had a better answer for you, but I'm stumped.
Last week, Apple released Security Update 2011-006 for OS X 10.6.8 and 10.7.x. Among other things, it includes "updated root certificates." I'm hopeful that this means Apple figured out what the problem was and fixed it...
I started another thread not knowing about this one.
I've gone to get the Thawte root certificate(s) from their site Vic linked to, but you can tell I'm clueless b/c now I have 2 .pem.html files on my desktop, and when I open them, it's just gibberish.
I don't know how to actually "install" these root certificates, or even if I should be installing these .html versions.
I even tried putting them into my hard disk icon (don't laugh). Still the same invalid server certificate message when I post here. They're currently residing back on my desktop.
I posted here so Vic doesn't feel like he's my dedicated IT staffer. Any help would be appreciated. Thanks.
|
Chief Technical Officer
|
I started another thread not knowing about this one.
I've gone to get the Thawte root certificate(s) from their site Vic linked to, but you can tell I'm clueless b/c now I have 2 .pem.html files on my desktop, and when I open them, it's just gibberish.
I don't know how to actually "install" these root certificates, or even if I should be installing these .html versions.
I even tried putting them into my hard disk icon (don't laugh). Still the same invalid server certificate message when I post here. They're currently residing back on my desktop.
I posted here so Vic doesn't feel like he's my dedicated IT staffer. Any help would be appreciated. Thanks.
If you right-clicked (if your Mac has a 1-button mouse, ctrl-click) the links from thawte's site, you should have a file that ends in .pem, not .pem.html. (It's possible that your older browser isn't as clever as it ought to be, and added the .html; you could try just removing the .html part of the file name.) Double-clicking a proper .pem file should launch Apple's Keychain Access application, which will then ask you if you want to install the certificate. (At least, it'll do that on OS X 10.6 and higher; I *think* it'll do the same on 10.5, but I'm not 100% positive.)
If you right-clicked (if your Mac has a 1-button mouse, ctrl-click) the links from thawte's site, you should have a file that ends in .pem, not .pem.html. (It's possible that your older browser isn't as clever as it ought to be, and added the .html; you could try just removing the .html part of the file name.) Double-clicking a proper .pem file should launch Apple's Keychain Access application, which will then ask you if you want to install the certificate. (At least, it'll do that on OS X 10.6 and higher; I *think* it'll do the same on 10.5, but I'm not 100% positive.)I started another thread not knowing about this one.
I've gone to get the Thawte root certificate(s) from their site Vic linked to, but you can tell I'm clueless b/c now I have 2 .pem.html files on my desktop, and when I open them, it's just gibberish.
I don't know how to actually "install" these root certificates, or even if I should be installing these .html versions.
I even tried putting them into my hard disk icon (don't laugh). Still the same invalid server certificate message when I post here. They're currently residing back on my desktop.
I posted here so Vic doesn't feel like he's my dedicated IT staffer. Any help would be appreciated. Thanks.
VICTORY! Thanks so much Vic, that solved the problem.