Page 1 of 2 12 LastLast
Results 1 to 20 of 25
  1. #1
    Community Member Pehtis's Avatar
    Join Date
    Jan 2010
    Location
    Melbourne, Australia
    Posts
    434

    Default DDO invalid security certificate - ***?

    Technical Details

    www.ddo.com uses an invalid security certificate.

    The certificate is not trusted because no issuer chain was provided.

    (Error code: sec_error_unknown_issuer)


    I'm using Firefox browser now (Chrome now freezes up/crashes when I use gmail) and this message came. In this increasing insecure online world should I be worried about this site when visiting?

    Just wondering.
    Many of life's lessons are taught through games. So GAME ON!
    Ghallanda Server - Guild: Legends of Ancient Greece
    Characters: Kleftis, Archpapas, Polemistis, Elveis, Axesizis, Eurostos, Mihanodigos, Agiosmihanos, Trayoudis, Idikos ... so many more

  2. #2
    Hatchery Hero BOgre's Avatar
    Join Date
    Jan 2011
    Location
    Middlonowhere, Alberta, Canada
    Posts
    3,065

    Default

    Quote Originally Posted by Pehtis View Post
    Technical Details

    www.ddo.com uses an invalid security certificate.

    The certificate is not trusted because no issuer chain was provided.

    (Error code: sec_error_unknown_issuer)


    I'm using Firefox browser now (Chrome now freezes up/crashes when I use gmail) and this message came. In this increasing insecure online world should I be worried about this site when visiting?

    Just wondering.
    I brought this up back in April, for Chrome on Android. There's been no fix and no response...

  3. #3
    Community Member
    Join Date
    Sep 2011
    Location
    Denmark
    Posts
    1,669

    Default

    Quote Originally Posted by BOgre View Post
    I brought this up back in April, for Chrome on Android. There's been no fix and no response...
    I am having the same issue on my Android devices. Its really unproffesional not to have that fixed.

  4. #4
    Community Member
    Join Date
    Oct 2009
    Location
    3rd star from the left, and on til morning...
    Posts
    2,629

    Default

    Quote Originally Posted by BOgre View Post
    I brought this up back in April, for Chrome on Android. There's been no fix and no response...
    Its possible that its a transitory (temporary) problem. Try again a little later and see if it goes away on its own.

  5. #5
    Community Member Soulfurnace's Avatar
    Join Date
    Nov 2012
    Location
    The Land of Oz
    Posts
    1,534

    Default

    Quote Originally Posted by My2Cents View Post
    Its possible that its a transitory (temporary) problem. Try again a little later and see if it goes away on its own.
    That comment.. I think you just won the forums. ...Although on second thoughts, maybe only second place. Whoever said that the maintenance on 15/2/13 would be over shortly wins.

    Soulfurnace still remembers.

  6. #6
    Community Member
    Join Date
    Jan 2012
    Posts
    4,643

    Default

    This is a persistent issue with ddo.com on Firefox. It does not occur in IE.
    http://myaccount.turbine.com

    Je ne suis pas
    DDO Alpha Tester

  7. #7
    Hatchery Hero BOgre's Avatar
    Join Date
    Jan 2011
    Location
    Middlonowhere, Alberta, Canada
    Posts
    3,065

    Default

    Quote Originally Posted by BOgre View Post
    I brought this up back in April, for Chrome on Android. There's been no fix and no response...
    Quote Originally Posted by My2Cents View Post
    Its possible that its a transitory (temporary) problem. Try again a little later and see if it goes away on its own.
    really?

  8. #8
    Community Member
    Join Date
    Nov 2009
    Posts
    527

    Default

    Quote Originally Posted by mikarddo View Post
    I am having the same issue on my Android devices. Its really unproffesional not to have that fixed.
    Jup, I get the same on my tablet.

  9. #9
    Community Member noinfo's Avatar
    Join Date
    Jun 2007
    Posts
    2,529

    Default

    Quote Originally Posted by Pehtis View Post
    Technical Details

    www.ddo.com uses an invalid security certificate.

    The certificate is not trusted because no issuer chain was provided.

    (Error code: sec_error_unknown_issuer)


    I'm using Firefox browser now (Chrome now freezes up/crashes when I use gmail) and this message came. In this increasing insecure online world should I be worried about this site when visiting?

    Just wondering.
    Also double check the time/date is set properly on your computer, particularly the year.
    Milacias of Kyber

    Leader of the Crimson Eagles Kyber

  10. #10
    Community Member
    Join Date
    Oct 2009
    Location
    3rd star from the left, and on til morning...
    Posts
    2,629

    Default

    Quote Originally Posted by noinfo View Post
    Also double check the time/date is set properly on your computer, particularly the year.
    Yes, that would be my next recommendation.

    Firefox is stricter at checking these than other browsers, and I, personally, had it happen and then go away after a couple of hours, which is why I suggested that the first thing to do was to check again later - that was from personal experience and given all the wacky network and server issues that have been going on lately I tho0ught it was worth suggesting.

    I am reading this on Firefox and have not had any (of this specific type of problem) in the recent past.

    I'm not really familiar with security certificates, but I often wondered if you could go and adjust your security settings for ddo.com to solve the problem. Someone much more familiar with browser security levels and firefox and certificates would be a good person to ask.

  11. #11

    Default A possible technical reason

    When you log in to ddo.com you switch from the http protocol to the https protocol. During the secure connection setup, a certificate is sent by ddo.com to your browser. This certificate is signed by a root authority. If the root authority is not listed in your browser, then the connection is considered insecure. The ddo.com website's certificate is signed by "Network Solutions Certificate Authority". If your browser doesn't trust it, i.e. doesn't have it in its list, then you will get the message. It just needs to be added. I don't know which browsers ship with what lists of trusted root authorities, or how to get an updated list. Perhaps you can google it. There is probably an option when you get the message to trust it anyways and add it to the list of trusted root authorities, or at the very least for the browser to remember and trust the certificate from ddo.com, even though it is not signed by a trusted root authority. Hope this helps.
    Last edited by DDO_University; 08-26-2013 at 12:54 PM.
    DDO University : A player run organization with the goal of trying to enrich the playing experience and community of those who play Dungeons and Dragons Online through education and research.

    Visit http://ddouniversity.wordpress.com/ for more information

  12. #12
    Community Member
    Join Date
    Mar 2010
    Posts
    215

    Default

    The problem is that it's like $50 for a certificate trusted by all browsers. If money is that tight I'd be happy to buy one for turbine in exchange for another LR+20 on my characters...

  13. #13
    Community Member
    Join Date
    Oct 2009
    Location
    3rd star from the left, and on til morning...
    Posts
    2,629

    Default

    Quote Originally Posted by DDO_University View Post
    When you log in to ddo.com you switch from the http protocol to the https protocol. During the secure connection setup, a certificate is sent by ddo.com to your browser. This certificate is signed by a root authority. If the root authority is not listed in your browser, then the connection is considered insecure. The ddo.com website's certificate is signed by "Network Solutions Certificate Authority". If your browser doesn't trust it, i.e. doesn't have it in its list, then you will get the message. It just needs to be added. I don't know which browsers ship with what lists of trusted root authorities, or how to get an updated list. Perhaps you can google it. There is probably an option when you get the message to trust it anyways and add it to the list of trusted root authorities, or at the very least for the browser to remember and trust the certificate from ddo.com, even though it is not signed by a trusted root authority. Hope this helps.
    (Yes, when the warning page occurs, Firefox gives a prompt to "see the Technical Details", then to add an exception for that site. There are a couple of pages of prompts and warnings, to make sure the user knows what they;re doing, but I just did this with a *.gov site this morning.)

  14. #14

    Default

    FYI I get it on my Android phone every time. Even after telling my browser to ignore the problem.

  15. #15
    Community Member dameron's Avatar
    Join Date
    Mar 2006
    Posts
    1,465

    Default

    It's likely that whoever installed the *.ddo.com wildcard certificate from Network Solutions didn't include the chained certificates in their nginx configuration.

    Network Solutions provides a certificate bundle for wildcard domains (AddTrustExternalCARoot.crt, STAR.ddo.com.crt, NetworkSolutions_CA.crt, and UTNAddTrustServer_CA.crt for the curious) and while in Apache (what ddo.com was running up until February) it's fairly easy to tell if the wildcard certificate has been installed correctly by examining the certificate chain in Chrome, I'm not familiar enough with nginx to eyeball it.

    In Android, when I go to a site that I know is configured correctly with a Network Solutions wildcard certificate, I can examine the certificate chain and see that it includes the intermediate certificate but when I go to the ddo forums on android all I see is the bare *.ddo.com certificate.

    The pertinent info is here: http://nginx.org/en/docs/http/config...s_servers.html, under SSL certificate chains. I greatly anticipate that all they need to do is cat the required files into a single file in the right order and then all manner of devices should be able to connect without the annoying warning.

  16. #16
    Community Member Theboz's Avatar
    Join Date
    Mar 2006
    Location
    Elgin, IL
    Posts
    2,830

    Default

    Quote Originally Posted by My2Cents View Post
    Yes, that would be my next recommendation.

    Firefox is stricter at checking these than other browsers, and I, personally, had it happen and then go away after a couple of hours, which is why I suggested that the first thing to do was to check again later
    The reason you see this warning in Firefox and in Android, is not that it is stricter at checking, it's because that IE knows what to do and corrects the problem(or whatever it does behind the scenes) Firefox does not have that option and that's why you see the warning.
    Member of Mythical

  17. #17

    Default

    Quote Originally Posted by dameron View Post
    It's likely that whoever installed the *.ddo.com wildcard certificate from Network Solutions didn't include the chained certificates in their nginx configuration.

    Network Solutions provides a certificate bundle for wildcard domains (AddTrustExternalCARoot.crt, STAR.ddo.com.crt, NetworkSolutions_CA.crt, and UTNAddTrustServer_CA.crt for the curious) and while in Apache (what ddo.com was running up until February) it's fairly easy to tell if the wildcard certificate has been installed correctly by examining the certificate chain in Chrome, I'm not familiar enough with nginx to eyeball it.

    In Android, when I go to a site that I know is configured correctly with a Network Solutions wildcard certificate, I can examine the certificate chain and see that it includes the intermediate certificate but when I go to the ddo forums on android all I see is the bare *.ddo.com certificate.

    The pertinent info is here: http://nginx.org/en/docs/http/config...s_servers.html, under SSL certificate chains. I greatly anticipate that all they need to do is cat the required files into a single file in the right order and then all manner of devices should be able to connect without the annoying warning.
    Great info. Thanks for providing it. Just checked the response header. Got :

    Server:nginx/1.1.19

    Let's hope the right person at Turbine reads your follow up.
    DDO University : A player run organization with the goal of trying to enrich the playing experience and community of those who play Dungeons and Dragons Online through education and research.

    Visit http://ddouniversity.wordpress.com/ for more information

  18. #18
    Community Member
    Join Date
    Sep 2009
    Posts
    85

    Default No forum access on Kindle Fire either

    Quote Originally Posted by mikarddo View Post
    I am having the same issue on my Android devices. Its really unproffesional not to have that fixed.
    I think its the silk browser but I miss being able to read the forums on my kindle. It should be fixed. How many others are cut off from the game this way?

  19. #19
    Community Member Noctus's Avatar
    Join Date
    Apr 2008
    Location
    In the green heart of GERMANY - where wilderness means the next village is 3 klicks away.
    Posts
    4,543

    Default

    Just installed a fresh Firefox and BAM! this hit me. Highly annoying to click through 5 security warning each time i want to take a look at the DDO forums.


    Is there any way to fix this from my User-side?
    Erzskalde (Warchanter) / Erzmarschall (melee FvS) / Erzsoldat (waiting for TR-time) / Erzschmied (ranged Artificer)

    AOK - From Argonnessen

  20. #20
    The Hatchery Paleus's Avatar
    Join Date
    Sep 2009
    Location
    Stormreach Sewers
    Posts
    1,621

    Default

    Quote Originally Posted by My2Cents View Post
    Its possible that its a transitory (temporary) problem. Try again a little later and see if it goes away on its own.
    (Necro thread ftw) I'm sure if we wait just a little longer this temporary problem will go away.
    Kobold never forgive....kobold remember waterworks.

    Quote Originally Posted by KookieKobold View Post
    i'll be putting a bug into our system.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

This form's session has expired. You need to reload the page.

Reload