|
I accept that this type of problem is typically a user error, so with great humility I write: I'm getting a error message when I click on the link to download session sheets for any of the Pathfinder Society Events that I have created. First Internet Explorer tells me there's a problem with the website's security certificate, then when I tell it to go there anyway it gives me an error message stating that the site is either unavailable or cannot be found. The same thing happens when I attempt to reserve more Pathfinder Society membership # cards. This problem has been persisting since last week and I have reproduced it on different computers in different locations. Thank you in advance!
Hey Gary, any ideas on this problem? I have tried to download on different computers and keep getting the same errors.This is a difficult problem for us to replicate. Can you tell us what browser and OS you're using?
Thanks Vic,
I've had the same problem here using both firefox and explorer on two different computers (both microsoft OS though). I too assumed it was a problem on my end with security levels, or that these particular downloads were not yet available, though I can download many items from Paizo without the error appearing.
The error message is:
paizo.com uses an invalid security certificate.
The certificate is only valid for secure.paizo.com.
(Error code: ssl_error_bad_cert_domain)
Any thoughts appreciated.
|
I've seen this message before, although it's usually when I search google for something on paizo and google directs me to https://paizo.com/~yadayadayada (while security is nice, it isn't really needed if I just want a messageboard post). It looks like the security certificate on the site is only for https://secure.paizo.com - but clearly the url above is just https://paizo.com. I think the same thing is happening with the id card (I had the same problem when I just tried to download it). I was able to add a security exception, which allowed me to download the pdfs. If you don't want to do that (even temporarily), you can copy the link to your card and remove the 's' from https--I was able to download my card that way as well. Any other fixes will have to come from the fine tech folks.
My system info, if needed:
|
|
Nope, same problem persisting but I'm enheartened that you are working on it Gary :)
The vebatim error message is "Internet Explorer cannot download...ownloadPathfinderSocietyCards from secure.paizo.com.
Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later."
Just curious, is the "...ownloadPathfinderSocietyCards" identifier lacking the "D" or is that just the way the error message expresses a string of information?
|
|
I think that's just the error message.
The second link works for me using Windows XP/IE7. The first link spits out the same error seen elsewhere. I tried disabling the pdf link helper for IE that installs with Acrobat Reader 9, but I still get the same error after disabling it. Both links work on linux and windows with Firefox, as well as with Safari on my iPod touch.
Chief Technical Officer
|
I've seen this message before, although it's usually when I search google for something on paizo and google directs me to https://paizo.com/~yadayadayada (while security is nice, it isn't really needed if I just want a messageboard post). It looks like the security certificate on the site is only for https://secure.paizo.com - but clearly the url above is just https://paizo.com.
Yep—secure communictaion should always happen through https://secure.paizo.com, with non-secure stuff through http://paizo.com. We've modified our redirect rules and robot rules to help index bots get it right, but once Google indexes something the wrong way, it tends to stick around for a while.
At any rate, you shouldn't need to set a security exception—you can just manually adjust the URL.
|
|
Yep—secure communication should always happen through https://secure.paizo.com, with non-secure stuff through http://paizo.com. We've modified our redirect rules and robot rules to help index bots get it right, but once Google indexes something the wrong way, it tends to stick around for a while.
At any rate, you shouldn't need to set a security exception—you can just manually adjust the URL.
I appreciate the y'all doing that--it was a minor annoyance but nothing more. I would just take out the 's' from the https to get to the page I wanted. The only reason I mentioned it in this thread is that it looked like the card was at some point referring to a secured page on your site that didn't have the 'secure.' prefix. (How ridiculous is it that my iPod can get to the pdf but Internet Explorer cannot?)
|
|
I just wanted to say "Thank You" to Gary (and Vic) for resolving this problem for me. Everything appears to be downloading again without the errors. This is just in time because I'm running a bunch of Pathfinder Society stuff at a convention this coming weekend. I appreciate your dedication & responsiveness Gary. But I suppose that's why Vic pays you the big bucks? ;)
|
I know defending microsoft isn't what the cool kids do these days, but it's not a *flaw* that IE demands a site to match the SSL certificate. Having set up a number of them in my time, I appreciate that it's obnoxiously difficult to configure correctly all the time. However, the point of an SSL certificate, especially one that is purchased from a Secure Root Certificate provider, is that the certificate is the evidence that whatever site you're on is legit and actually is the site they are supposed to be.
Since you're using that point to point encryption to also transmit very sensitive and secret data, I am very happy my browser is super anal about it being right. Especially since it has been shown that it is possible to fake SSL certs now. It's now very important to not be shanghied and take extra cautionary steps.
I for one would rather the site work correctly and keep the security. Just because other browsers let you get away with what is technically a security flaw doesn't make it bad - quite the opposite, actually.
If we're going to bash M$, lets talk about their crazy fricken licensing ordering programs! Gah!
|
Chief Technical Officer
|
...it's not a *flaw* that IE demands a site to match the SSL certificate. ... Just because other browsers let you get away with what is technically a security flaw doesn't make it bad.
You're correct that it's not a flaw in IE, but no other browser will "let you get away with it" either.
We have rules in place that rewrite the domain name to make sure you're using "paizo.com" for http requests, and secure.paizo.com for https requests. For example, notice that if you try to visit "paizo.com" using "https://" instead of "http://", we'll correct it, but the browser sees the mismatch before it sees the correction, so you get the warning dialog. (This is, as you point out, good behavior on the browser's part.)
The problem is that google's bots have apparently ignored part of the rewrite while indexing our site, so people clicking on some google search results were getting directed to the right domain name with the wrong protocol, which any browser would (correctly) flag as a problem.
I think we've managed to get it to stop doing that...
|
|
The problem is that google's bots have apparently ignored part of the rewrite while indexing our site, so people clicking on some google search results were getting directed to the right domain name with the wrong protocol, which any browser would (correctly) flag as a problem.
I think we've managed to get it to stop doing that...
Thank you. I appreciate the in-depth explanation, Vic. It's understandable that this problem would occur and it's not like Paizo did anything wrong - especially with Google's local caches along with their primary ones gumming website changes up.
I just hate the bandwagon when ignorance is the primary driver with the reins, especially in relation to reasonable security measures. I see people every day in my line of work disable those security measures because they think it's an annoyance, or that it does nothing for them and they should have to be bothered. A month or two later their identity is stolen because another site they were phished into going to took advantage of that change they made for the "legal" website that meant no harm.
Does that sound alarmist? Definately a little. I thought it was very alarmist before I saw it every day through my work. I never thought it would happen to anyone I know either. :(
If understanding why "IE is being annoying" or why "Firefox doesn't work right" is what keeps the bad stuff from happening to one person on here, then I'm glad I brought it up.