Domain Separation and Invalid Certificate

michaelj · 24 Aug 2003, 01:29 AM

I changed my bookmark from fastmail.fm to letterboxes.org, but when I attempt to get in with a secure setting https I'm getting a windows pop up that states "the name on the security certificate is invalid or does not match the name of the site." I can then select yes to proceed or no.
When I looked the certificate says www.fastmail.fm.

Michael

jgoldberg · 24 Aug 2003, 01:40 AM

Hmm. Fastmail could spend the money to get a signed site certificate for each domain. I don't know what bulk applications might cost, maybe around 150 USD per domain.

Another alternative would be for fastmail to set itself up as a certifying authority (CA) and ask people to include that CA certificate in their list of trusted CAs. The problem with that (which is a design error in the standards) is that trusting a CA is an all or nothing thing. As far as I know, there is no way to tell a browser to trust the fastmail CA only for certain domains.

I could well be wrong. The last time I looked into this sort of things was more than 5 years ago.

vidvandre · 24 Aug 2003, 03:41 AM

Or...

You could still log in at fastmail.fm, just add "@letterboxes.org" to your user name and you should be able to enjoy the benefits of the certificate again...

IMHO; Spending around $150 for 60+(?) domains to get certificates isn't a good investment...

m-t · 25 Aug 2003, 04:41 AM

Quote:

Originally posted by vidvandre
Or... You could still log in at fastmail.fm, just add "@letterboxes.org" to your user name...

Elsewhere in the forum (sorry can't tell exactly where), someone explained how to bring up the fastmail.fm login page in a way that automatically fills in username@domain (and also password, if desired), so that you don't have to fill all this in each time. It doesn't depend on cookies or history either. I love having only to fill in my password now (I also have set this page as my home page).

vidvandre · 25 Aug 2003, 04:56 AM

Quote:

Originally posted by m-t
...automatically fills in username@domain (and also password, if desired), so that you don't have to fill all this in each time...

This has been discussed in many threads, recently it was discussed extensively in the "What's the fastest way to access the fastmail login page?" thread...

24 Aug 2003, 01:29 AM	#1
michaelj Senior Member Join Date: Apr 2002 Location: New York, NY Posts: 176	Domain Separation and Invalid Certificate I changed my bookmark from fastmail.fm to letterboxes.org, but when I attempt to get in with a secure setting https I'm getting a windows pop up that states "the name on the security certificate is invalid or does not match the name of the site." I can then select yes to proceed or no. When I looked the certificate says www.fastmail.fm. Michael

24 Aug 2003, 01:40 AM	#2
jgoldberg Member Join Date: Jul 2003 Location: Plano, Texas Posts: 88	Hmm. Fastmail could spend the money to get a signed site certificate for each domain. I don't know what bulk applications might cost, maybe around 150 USD per domain. Another alternative would be for fastmail to set itself up as a certifying authority (CA) and ask people to include that CA certificate in their list of trusted CAs. The problem with that (which is a design error in the standards) is that trusting a CA is an all or nothing thing. As far as I know, there is no way to tell a browser to trust the fastmail CA only for certain domains. I could well be wrong. The last time I looked into this sort of things was more than 5 years ago.

24 Aug 2003, 03:41 AM	#3
vidvandre Cornerstone of the Community Join Date: Dec 2002 Location: Sørumsand(!), Norway Posts: 625	Or... You could still log in at fastmail.fm, just add "@letterboxes.org" to your user name and you should be able to enjoy the benefits of the certificate again... IMHO; Spending around $150 for 60+(?) domains to get certificates isn't a good investment...