Ok, we were worried about the forum upgrade, but it seems the forum is using an authenticator, so all's well, right?

Except, why do I not see an 'eTrust' or 'Verisign' or other such trusted logo anywhere on the forum? Maybe I'm worried over nothing, and from my PC all seems fine, but here's what I see when I try to log in from my Galaxy:

http://i1138.photobucket.com/albums/n534/basilvino/Screenshot_2013-04-29-15-19-431.png

and:

http://i1138.photobucket.com/albums/n534/basilvino/Screenshot_2013-05-01-18-43-571.png

to me, when my browser tells me in plain english that the certificate can't be trusted, can be duplicated by a hacker, and that I should proceed at my own risk, well... that worries me.

Turbine: I've yet to see any real clarification regarding what measures you've taken to ensure our account security. More importantly, I want to see a logo from a trusted Authenticator. The forums need some work, we all know that, but THIS is just not acceptable.

Same thing on my Asus tablet when i try to log in. Not very encouraging. Will post pic in a few after it logs me out 4 times !

http://i474.photobucket.com/albums/rr106/badbob117/Screenshot_2013-05-01-21-58-09_zpsb4746bba.jpg (http://s474.photobucket.com/user/badbob117/media/Screenshot_2013-05-01-21-58-09_zpsb4746bba.jpg.html)

Mine has the trusted green lock thing on url in Boat browser and dolphin browser, but i don't think its there in the default browser. All browsers however give me some kinda the warning like this. Have yet to try chrome cuzz i don't have that app.

Ok, we were worried about the forum upgrade, but it seems the forum is using an authenticator, so all's well, right?Except, why do I not see an 'eTrust' or 'Verisign' or other such trusted logo anywhere on the forum? Maybe I'm worried over nothing, and from my PC all seems fine, but here's what I see when I try to log in from my Galaxy:http://i1138.photobucket.com/albums/n534/basilvino/Screenshot_2013-04-29-15-19-431.pngand:http://i1138.photobucket.com/albums/n534/basilvino/Screenshot_2013-05-01-18-43-571.pngto me, when my browser tells me in plain english that the certificate can't be trusted, can be duplicated by a hacker, and that I should proceed at my own risk, well... that worries me.Turbine: I've yet to see any real clarification regarding what measures you've taken to ensure our account security. More importantly, I want to see a logo from a trusted Authenticator. The forums need some work, we all know that, but THIS is just not acceptable.LOL, security...

Another interesting point: I don't even have to attempt a login to get this message. Yes, that's right, I can't even READ the boards, not-logged-in, at all, unless I click the 'Proceed Anyway' button. So JUST VISITING the site is a security risk, never mind logging in.

And not a word from Turbine.

Another interesting point: I don't even have to attempt a login to get this message. Yes, that's right, I can't even READ the boards, not-logged-in, at all, unless I click the 'Proceed Anyway' button. So JUST VISITING the site is a security risk, never mind logging in.

And not a word from Turbine.

On some of the pages, using Opera, I will get a notice saying the "The server attempted to apply security measures, but failed" :eek:

Turbine: I've yet to see any real clarification regarding what measures you've taken to ensure our account security.

I'm sorry Ogre, but that just simply isn't true. Cordovan him(her?)self has stated that for security reasons the "remember me" feature will not be activated in the forseeable future. *facepalm*

A little more digging and found that our certificates are being issued by Network Solutions. Here's a link to the SSL Shopper review site for them:

http://www.sslshopper.com/network-solutions-certificate-authority-reviews.html

Bit of an eyeopener there.

edit: of the 12 sites reviewed on SSL Shopper, only ONE provider got a worse rating than Network Solutions.

A little more digging and found that our certificates are being issued by Network Solutions. Here's a link to the SSL Shopper review site for them:

http://www.sslshopper.com/network-solutions-certificate-authority-reviews.html

Bit of an eyeopener there.

edit: of the 12 sites reviewed on SSL Shopper, only ONE provider got a worse rating than Network Solutions.

Thanx for the link. That was... disturbing. Makes me wonder why they are being used by a high profile company? I mean ****, just about the only satisfied customer was an "auto seller."

Wow... Just... Wow.

Ok, we were worried about the forum upgrade, but it seems the forum is using an authenticator, so all's well, right?

Except, why do I not see an 'eTrust' or 'Verisign' or other such trusted logo anywhere on the forum? Maybe I'm worried over nothing, and from my PC all seems fine, but here's what I see when I try to log in from my Galaxy:

http://i1138.photobucket.com/albums/n534/basilvino/Screenshot_2013-04-29-15-19-431.png

and:

http://i1138.photobucket.com/albums/n534/basilvino/Screenshot_2013-05-01-18-43-571.png

to me, when my browser tells me in plain english that the certificate can't be trusted, can be duplicated by a hacker, and that I should proceed at my own risk, well... that worries me.

Turbine: I've yet to see any real clarification regarding what measures you've taken to ensure our account security. More importantly, I want to see a logo from a trusted Authenticator. The forums need some work, we all know that, but THIS is just not acceptable.

All this means is that the CA cert for Network solutions is embedded in the browser on your desktop and not in your portable device. This means your portable device will not trust ANY cert signed by network solutions and really means there is more of a problem with your device than the forums. (as long as you want to trust sites which use NA certs)

All this means is that the CA cert for Network solutions is embedded in the browser on your desktop and not in your portable device. This means your portable device will not trust ANY cert signed by network solutions and really means there is more of a problem with your device than the forums. (as long as you want to trust sites which use NA certs)

Which seems like an obvious answer, and I'd buy it too, except that I'm on a Samsung Galaxy using Chrome... not exactly an obscure or rare combo.

FWIW, this was my experience and the little bit of digging I did:

https://www.ddo.com/forums/showthread.php/415736-This-Connection-is-Untrusted

As an aside, I also sometimes get the following when browsing the forum:

"You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party."

Which seems like an obvious answer, and I'd buy it too, except that I'm on a Samsung Galaxy using Chrome... not exactly an obscure or rare combo.

No, but they went with a cheap certifying authority and they are known to not be included in many systems by default (which is why they get bad ratings).

The certificate is valid (which is why its fine for those of us that are on desktops), but your device can't confirm it without getting the key one level up first.

I made the mistake of going with the cheapest SSL vendor once too...silly mistake.

The other problem seems to be that some of their pages are very poorly constructed. They are mixing http and https content on the same page. It's not technically a security violation of the non secure stuff are fluff items like the background images, but it is poor design, everyththing should be pushed encrypted if the page is encrypted.

Oh, and there is a double header problem that shows up too from time to time. That makes this site look like a phishing site to many browser security settings/programs.

All this means is that the CA cert for Network solutions is embedded in the browser on your desktop and not in your portable device. This means your portable device will not trust ANY cert signed by network solutions and really means there is more of a problem with your device than the forums. (as long as you want to trust sites which use NA certs)

Hmm. I have to agree here. The root certificate is trusted by Safari and the details look good. Unless Mobile Chrome is making it a policy to not trust one or more certificates from Network Solutions anymore, you shouldn't be seeing that warning. I would lean towards it being a configuration issue on the device side. There is possibly a particular flavor of the Network Solutions CA certificate missing.

Occasionally, certain browsers will give this error when others do not. For example, Microsoft Internet Explorer can automatically download intermediate certificates the first time you visit a site that needs one while Firefox cannot.This just means that when they changed to the new forums, the intermediate certs needed did not get updated, IE does this automantically other browsers like firefox can not, and that goes for phones.

This certificates needs an upgrade or reissue every time the server change. There is a private key part that contains the servers private signature (this change when the server is moved, upgraded or even have some hardware changes that warrants a server serial change) and there is the public key part where things got downloaded with your browsers. When one of them don't match, advance browsers can detect them yanking a "certificate error" issue. To fix this, Turbine must request a new pair from the certificate issuer to reflect the changes.

Other browsers are not as wise or as advance as others when detecting mismatch instead they just silently accepts it, "it worked before why reject it now" policy built in them.

Servers once migrated or update mostly use an in-house certificate which is also secure but browsers will find out that it lacks a trusted company as an issuer.

When using certificates, http:\\ddo.com and https:\\ddo.com are 2 different websites. To overcome this, others will use an expanded certificate covering both URL or make a redirect to one of the 2 versions.