certificate not renewed?

[communicant]

OK, to use the words of the FastMail rep, "something weird is happening." Are any efforts being made to find out what it is? I use Mac OSX and an older version of Safari, and I am still getting the "not trusted" warning every time I log on to FM. I find it odd that robn has simply disappeared from this thread, and has also apparently decided there is no need to obtain representative status from Edwin. Things seem kind of dead in the water at this point. Is FastMail concerned by this problem or not? Are any efforts being made to fix it? An update would be appreciated. I realize it is only some sort of glitch, but it is still a little disturbing to be told each morning that it is unsafe to use FastMail. I should think that FM would wish to fix this problem, which began when the certificate was renewed and which is clearly at the FastMail end of things. If several people on this forum are experiencing the problem, then it is reasonable to infer that many more subscribers are also experiencing some version of it. It is not an isolated occurrence caused by one person's old browser.

[robn]

Actually quite a lot of effort has been made to reproduce it. So far we're unable to find any evidence that there's a problem on our end. That's not me saying there's not a problem our end, but every combination of browser and OS we have and every certificate verification tool we've tried says that all is well. We've had no support tickets raised about it. There's obviously plenty of people that it is working for. So this is a very unusual situation, and we haven't yet figured out exactly what to advise.

As for the delay, well, this is far from the only task on our plates, and given that every indication says its not widespread, it has to take a back seat to things that are more urgent.

Have you opened a support ticket? Its important that you do, as its an important way to help us to discover problems and determine where to spend our time.

I also note that you haven't provided the specific browser and OS versions as I asked. The more information we can gather about the problem the better chance we have of understanding what's going on.

If you really really want to do something, you could try checking that your browser's certificate database is up to date and that you haven't manually edited it in the past. An idea that a colleague had was that perhaps you manually removed the DigiNotar certificate after it was compromised last year and inadvertently removed the DigiCert certificate instead? I'm not suggesting that's what has happened, but its an outside chance, and its something you could check if you really feel you must do something.

Finally, I have contacted Edwin about representative status, but haven't heard back yet.

[placebo]

Quote:

Originally Posted by robn

Actually quite a lot of effort has been made to reproduce it. So far we're unable to find any evidence that there's a problem on our end.

There's always the possibility the problem isn't on either end, and there's a man-in-the-middle attack being attempted.

[Richard Pearse]

A related issue, maybe the same issue, is that everytime the certificate is changed, for everyone not using the *fastmail.fm domain [for those that don't know, there are a large number of other domains] these people - we - always recieve security warnings about an invalid certificate. These warnings continue until we accept the certificate assigned to fastmail.fm for our alternative.domain.org.

Now, this is fine for me, I can work out what is going on, but many people will have problems - "should I bypass these warnings?".

Before every certificate change, update, fastmail should - must, really - contact every user connecting via a non-fastmail domain, both warning them and telling them how to accept a certificate that is rejected by their browser.

[BritTim]

Rob, if you have not yet seen this thread it may be worth your time to do so. He might still be on Netscape (not a huge proportion of the current base) but useful perhaps for diagnostic purposes.

[placebo]

Quote:

Originally Posted by Richard Pearse

A related issue, maybe the same issue, is that everytime the certificate is changed, for everyone not using the *fastmail.fm domain [for those that don't know, there are a large number of other domains] these people - we - always recieve security warnings about an invalid certificate. These warnings continue until we accept the certificate assigned to fastmail.fm for our alternative.domain.org.

You can avoid this problem by connecting to the non-fm domain insecurely. The site will automatically redirect to the secure fastmail.fm domain.

http://blog.fastmail.fm/2012/06/06/c...webmail-login/

[n5bb]

Quote:

Originally Posted by placebo

You can avoid this problem by connecting to the non-fm domain insecurely. The site will automatically redirect to the secure fastmail.fm domain.

http://blog.fastmail.fm/2012/06/06/c...webmail-login/

This works very well, and you don't have to enter the FM domain name in the username field when logging in using this technique.

• So if your Fastmail main address was in the sent.com domain:
• Enter the URL http://sent.com (not secure), or just sent.com in most browsers
• This automatically redirects to a (secure) Fastmail login page at:
  https://www.fastmail.fm/?domain=sent.com
• Enter your username (no domain is needed)
• Enter your password and press the Enter button or click Login

Bill

[jff6791]

This issue went away for me spontaneously about two days ago without anything active done at this end.

[communicant]

Quote:

Originally Posted by jff6791

This issue went away for me spontaneously about two days ago without anything active done at this end.

Same here. I knew the problem had to be at their end. Of course it is perfectly true that sometimes a problem is caused at the user's end, but it is annoying when that assumption becomes the default position which some companies automatically take. Fastmail seldom makes that mistake, but this time it seems to me they were flirting with it. (Their newest rep on this forum seemed to be headed in that direction.) Anyway, all's well that ends well, I suppose -- at least until the next time!

[stuart]

This problem is now happening to me, although only on one of two computers, both running Linux and FF 15.0.1. Did anyone ever come up with a good explanation or a solution?

[Bamb0]

Today when i loaded the site it did not alert me to anything so i would say they changed the cert....


Ill have to see if further logins also do not pop up a cert alert....

[stuart]

Inexplicably, the warning has now gone and I am able to access the site as normal, without worrying about untrusted certificates.

When I had the problem earlier today, I cleared all caches and even restarted the machine, but still Firefox had this problem with the site's certificate. Chrome on the same computer did not have the problem. Very strange.

[Bamb0]

Ahhhhh i just closed my browser and went to the page and got the alert again.. (I wonder why i didnt when i did that earlier)

[jff6791]

Quote:

Originally Posted by communicant

Same here. I knew the problem had to be at their end. Of course it is perfectly true that sometimes a problem is caused at the user's end, but it is annoying when that assumption becomes the default position which some companies automatically take. Fastmail seldom makes that mistake, but this time it seems to me they were flirting with it. (Their newest rep on this forum seemed to be headed in that direction.) Anyway, all's well that ends well, I suppose -- at least until the next time!

Next time is here. Getting same login warnings again today with Chrome and IE browsers.

[communicant]

Yes, for me too. The "untrusted" warning reappeared today. What on earth is going on? What is most unsettling is that last time FM seemed to have no idea what was causing it and couldn't replicate it, so they seemed to assume the problem was at the user end. Let's hope that doesn't happen this time.