firefox doesnt trust x10hosting security certificates

jhw75

New Member
Messages
4
Reaction score
0
Points
0
firefox doesnt trust x10hosting security certificates: it says they are not signed by a trusted authority ( at least, one that it knows about ), so it warns me strongly not to use cpanel, and forces me to use a "security exception"
 

Darkmere

New Member
Messages
358
Reaction score
2
Points
0
I think it is because the certificate is outdated, not sure.
 

Corey

I Break Things
Staff member
Messages
34,553
Reaction score
204
Points
63
What is the URL you are getting this at?
 

leafypiggy

Manager of Pens and Office Supplies
Staff member
Messages
3,819
Reaction score
163
Points
63
I'm sure it will all be sorted out soon. In the meantime, there's no risk in using cPanel or any services your browser says don't have a valid SSL Cert.
 
Last edited:

jhw75

New Member
Messages
4
Reaction score
0
Points
0
What is the URL you are getting this at?
boru.x10hosting.com:2083 & boru.x10hosting.com:2096.

here is example firefox msg:

This Connection is Untrusted

You have asked Firefox to connect
securely to boru.x10hosting.com:2083, but we can't confirm that your connection is secure.
Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to
this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.

Technical Details

boru.x10hosting.com:2083 uses an invalid security certificate.
The certificate is not trusted because no issuer chain was provided.
(Error code: sec_error_unknown_issuer)

I Understand the Risks

If you understand what's going on, you
can tell Firefox to start trusting this site's identification.
Even if you trust the site, this error could mean that someone is
tampering with your connection.
Don't add an exception unless
you know there's a good reason why this site doesn't use trusted identification.
 

Avegaille

New Member
Messages
24
Reaction score
0
Points
1
I get those messages too the first time I log into my cpanel, so I had to allow firefox to open it...

I also want to add to this that some people viewing my site says that my site is listed under an attacking site and that their firewall/anti-virus blocks my said site.

And even google has tagged it as an attacker site (according to them) but it isn't... so I'm wondering why... o__o
 
Last edited:

jhw75

New Member
Messages
4
Reaction score
0
Points
0
additional info: when i tried to test fetchmail with my email account, fetchmail didnt like the certificate either:

fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: This means that the root signing certificate (issued for /C=US/OU=Domain Control Validated/O=*.x10hosti
ng.com/CN=*.x10hosting.com) is not in the trusted CA certificate locations, or that c_rehash needs to be run on th
e certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manua
l page.
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the first certificate
fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)

apparently, what i need is the CA certificate for x10hosting's security certificates: where would i find this ?

suggestion: x10hosting either should use a well-known "trusted CA", as appearing in various "rootcerts" distributed by vendors such as mozilla, etc, or should publicize that they do not, and provide the necessary CA certificate and instructions for those who dont know what to do with it.
 

jhw75

New Member
Messages
4
Reaction score
0
Points
0
additional info: when i tried to test fetchmail with my email account, fetchmail didnt like the certificate either:

fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: This means that the root signing certificate (issued for /C=US/OU=Domain Control Validated/O=*.x10hosti
ng.com/CN=*.x10hosting.com) is not in the trusted CA certificate locations, or that c_rehash needs to be run on th
e certificate directory. For details, please see the documentation of --sslcertpath and --sslcertfile in the manua
l page.
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the first certificate
fetchmail: Warning: the connection is insecure, continuing anyways. (Better use --sslcertck!)

apparently, what i need is the CA certificate for x10hosting's security certificates: where would i find this ?

suggestion: x10hosting either should use a well-known "trusted CA", as appearing in various "rootcerts" distributed by vendors such as mozilla, etc, or should publicize that they do not, and provide the necessary CA certificate and instructions for those who dont know what to do with it.

i see that someone must be working on this, because fetchmail gave me a different message today:
fetchmail: Server certificate verification error: self signed certificate
fetchmail: This means that the root signing certificate (issued for /C=US/ST=Unknown/L=Unknown/O=Unknown/OU=Unknown/CN=xboru.x10hosting.com/emailAddress=ssl@xboru.x10hosting.com) is not in the trusted CA certificate locations, ...

i hope you figure out that to be considered "secure", you need to use a "well-known" CA: you cant sign your own certificates for general use. they are ok for private use, as long as you also distribute the root signing certificates to the corresponding systems which are going to "trust" you.
 

SierraAR

Community Advocate
Community Support
Messages
827
Reaction score
17
Points
18
I've read that VeriSign is the only CA that every browser will trust. Anything else will have at least one browser that doesn't like it. (Or so I've heard.)
 
Top