Thread: SSL Certificate installation

I get a 'Site Untrusted' When I add to our cart. Here's a screenshot of what I get: http://grab.by/3zhP This is the text of the warning.

This Connection is Untrusted You have asked Firefox to connect securely to promostadium.com, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.

Looks like the cert you have installed is only good for 'promostadium.com' and you were hitting the site at 'www.promostadium.com'. You can either have the SSL cert corrected to work on either, or just set the RedirectLiveToWWW AppConfig to true, and the cart will try to send anyone who hits the site without 'www' to www.

Do you have any other ideas to why the users are getting this issue? Most of my users come through the product feed, which has the http://www to it.

That is the issue, you can see it clearly enough in the screenshot you sent over:

You have asked Firefox to connect securely to promostadium.com

The certificate is only valid for www.promostadium.com

(Error code: ssl_error_bad_cert_domain)

Either customers are coming to the site from somewhere else that links to it without the 'www', or you have links in your skin that do so customers are hitting the site initially at www and are losing it at some point.

I made the recommended changes (RedirectLiveToWWW AppConfig to true), but still getting this error. See attached.

That's actually a different error now - (Error code sec_error_untrusted_issuer). That error's only encountered when trying to add a security exception, and generally means that whoever issued that SSL cert isn't on Firefox's list of trusted certificate authorities

You're only going to run into that when trying to access the site without WWW on a page that should be secured in Firefox though. That shouldn't happen if you make sure that customers hit your site at default.aspx first (not the middle of the site somewhere) and you have RedirectLiveToWWW.

The best way to handle this really is going to be to get a cert that'll work on both.

Very odd, I just tried this in firefox with my site and I get the same error. So I went and tried on other ASPDNSF sites and got the error. I then went and tried on some non ASPDNSF sites and got the error. I was able to find some sites that worked but the majority didnt. Also, I use a pretty popular cert company. I wonder if FF actually has an issue.

Do you have a recommendation on which one to use? Im using RapidSSL and that has not caused a problem until i renewed it.

I do not believe its your certificate, some pretty large ecommerce sites have the same issue ... try this https://walmart.com or this https://amazon.com/

I suspect its a FF issue.

The sec_error_untrusted_issuer error is (partly) a Firefox issue, yes. They've gotten much stricter lately about the cert authorities that they accept.

The ssl_error_bad_cert_domain one however is not. You'll get the same behavior in IE8 browsing to https://amazon.com/ as well (though the message looks different). You'll notice though that if you take the 's' off and go to just http://amazon.com/ you're redirected to 'www' so that the error doesn't come up when you do get to a secure part of the site. That's exactly what the RedirectLiveToWWW AppConfig is for.

I'm still having the same problem. I don't think its the browser because I went through the same process for my site and amazon and I hit that sec_error_untrusted_issuer error when checking out. I went through www.promostadium.com for my site.

Can someone please help? Its effecting my sales

is there a list of SSL cert's that we should use?

Hi Peps,

I'm also interested in finding out which SSL certificates are recommended for use with ASPDNSF for v7, v8, v9 etc

Regards,

The software will work with pretty much any standard (non-wildcard or shared) SSL cert. The only reason to look at specific ones would be if you're planning to use Google Checkout, as they only recognize certain Certificate Authorities.