2

recently, I ordered a SSL certificate for my website. Prior to that, everything worked fine for me, the website was fast and I had no issue. Since the certificate has been installed by OVH... Well... Things changed... The issue is that not everybody has the same behaviour as me. When I go on "https://www.areaprog.com/" with different browsers, here is what I get:

Chrome:

"Your connection is not private

Attackers might be trying to steal your information from www.areaprog.com (for example, passwords, messages or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID"

Firefox:

"This connection is untrusted

You have asked Firefox to connect securely to www.areaprog.com, but we can't confirm that your connection is secure.

Technical details:

www.areaprog.com uses an invalid security certificate.

The certificate is only valid for ssl2.ovh.net

(Error code: ssl_error_bad_cert_domain)"

Internet explorer:

"The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server."

I asked to OVH and everything is fine for them and apparently, it is also the case for other people out there (I asked around to see if I was the only one), but other people also experiences the same issue...

Moreover, Firebug keeps on saying:

"This site makes use of a SHA-1 Certificate; it's recommended you use certificates with signature algorithms that use hash functions stronger than SHA-1"

Besides, for people who are experiencing this issue, well, the site is extremely slow. For me, a simple page takes more than 20 seconds to load...

Does some of you have the same issue than me and does someone have an idea of what to say to OVH who keeps telling me that everything is OK?

Thanks a lot

ssougnez
  • 5,315
  • 11
  • 46
  • 79
  • It sounds like the SSL certificate was ordered for the domain `ssl2.ovh.net` and not `www.areaprog.com`. Can you verify the domain in your purchased certificate? It may also be worth verifying that the fingerprint your browser receives matches the certificate fingerprint. – Mr. Llama Jul 20 '15 at 20:35
  • I don't have access to the OVH server so I don't know how to verify the domain in the purchased certificate. I just ordered it and they installed it (I really know nothing about all these stuff). When I talked with OVH support, they just told me that the certificate was installed correctly and that it could come from browser caching issue, so I emptied my caches but I still have the issue... – ssougnez Jul 20 '15 at 20:45
  • You might want to contact OVH then. Let them know that the certificate they issued doesn't match your hosting domain name. – Mr. Llama Jul 20 '15 at 20:46
  • I see a valid certificate for www.areaprog.com with Fingerprint: f5372e56a934d613a425c96ce6d203703f7e4a19 when I access the site and no errors in my browsers. https://www.ssllabs.com/ssltest/analyze.html?d=areaprog.com&latest also indicates no issues with the certificate. Was this resolved by OVH? – Anand Bhat Jul 21 '15 at 03:35
  • Not yet, the ticket is still open... I know someone who has the same issue, I'm trying to see with him what we have in common to understand what is going on... – ssougnez Jul 21 '15 at 10:54
  • So, the problem is fixed apparently. However, OVH is not very truthful with me. When I posted the original message, me and a friend had the issue. Then, all of a sudden, the issue vanished for him and I and OVH keeps telling me that they didn't change anything... Weird weird... – ssougnez Jul 27 '15 at 21:09

0 Answers0