mdshooters.com SSL certificate expired

[jettoblack]

Hi all,

Sorry if this is a dupe, a search did not find anything.

I'd like to recommend that people use HTTPS when accessing mdshooters.com especially from public internet connections. Call it a little dose of healthy paranoia. You can never be too careful these days.

But it looks like your SSL certificate from RapidSSL expired on June 27, 2013, so the browser puts up a big warning. It is probably still ok to use (can't be worse than unencrypted HTTP), but it would be best if this could be renewed.

 

[Second Amendment]

Can you translate that in to English?

 

[BUFF7MM]

I've never seen anything like that popup at anytime for me.

 

[CrazySanMan]

https uses encryption to protect any data you send/receive while connected to mdshooters. However, the certificate that encrypts the data is expired. A valid certificate means that the traffic you are receiving is authenticated as being from mdshooters. Without valid authentication, a malicious user could be spoofing the site or intercepting your traffic on the way to mdshooters.

 

[CrazySanMan]

I've never seen anything like that popup at anytime for me.

go to

https://www.mdshooters.com

instead of

http://www.mdshooters.com

 

[BUFF7MM]

go to

https://www.mdshooters.com

instead of

http://www.mdshooters.com

I just clicked on the top link and it went right to Maryland Shooters.

 

[jettoblack]

Can you translate that in to English?

No problem.

When you access a site using HTTP protocol (the address in the URL bar starts with http:// ), everything is sent over the internet in plain text. Anyone with access to the network between your computer and the mdshooters.com web server can see and read everything you do. This is really bad especially if you're using public Wi-Fi where anyone else on the same Wi-Fi can access everything you're doing.

When you use HTTPS (URL bar starts with https:// ) then most of the communications are encrypted in a way that is very difficult for anyone else to intercept your data. This is why all important sites, especially anything financial sites, social networks like Facebook, even Google search, use HTTPS.

For HTTPS to work, the site is supposed to have a valid SSL certificate. This proves to your browser that it is communicating directly with mdshooters.com web server instead of some "man in the middle." Typically the SSL certificate is good for 1 - 3 years and then have to be renewed. Whoever registered the SSL certificate for mdshooters.com failed to renew it when it expired last June. So when browsing mdshooters via https://www.mdshooters.com, it "works" (data is encrypted), but your browser will show a big warning that the SSL certificate expired.

 

[Second Amendment]

No problem.

When you access a site using HTTP protocol (the address in the URL bar starts with http:// ), everything is sent over the internet in plain text. Anyone with access to the network between your computer and the mdshooters.com web server can see and read everything you do. This is really bad especially if you're using public Wi-Fi where anyone else on the same Wi-Fi can access everything you're doing.

When you use HTTPS (URL bar starts with https:// ) then most of the communications are encrypted in a way that is very difficult for anyone else to intercept your data. This is why all important sites, especially anything financial sites, social networks like Facebook, even Google search, use HTTPS.

For HTTPS to work, the site is supposed to have a valid SSL certificate. This proves to your browser that it is communicating directly with mdshooters.com web server instead of some "man in the middle." Typically the SSL certificate is good for 1 - 3 years and then have to be renewed. Whoever registered the SSL certificate for mdshooters.com failed to renew it when it expired last June. So when browsing mdshooters via https://www.mdshooters.com, it "works" (data is encrypted), but your browser will show a big warning that the SSL certificate expired.

Thanks, I really wasn't trying to be a smart ass, I'm just not a computer guy.

 

[Mdeng]

You know the MSP site for the hql also has an expired security cert.

 

[Second Amendment]

go to

https://www.mdshooters.com

instead of

http://www.mdshooters.com

The one with the "s" doesn't come up for me.

 

[tsmith1499]

You know the MSP site for the hql also has an expired security cert.

Hmmmm. Maybe that should be mentioned during testimony next Wed. !! Thanks for the info. Didn't know that.

 

[linkstate]

I just clicked on the top link and it went right to Maryland Shooters.

Depending on which browser you're using and what security settings are applied, the warning may be a pop-up or a "warning" type icon near the address bar or on the bottom in the status bar.

I'm using Firefox and I get an exclamation mark icon on the address bar. If you click on that, you can see the certificate info.

 

[pwoolford]

Whoever thought up selling digital certificates deserves to be punched in the nuts. I feel raped every time I purchase one!

 

[BUFF7MM]

Depending on which browser you're using and what security settings are applied, the warning may be a pop-up or a "warning" type icon near the address bar or on the bottom in the status bar.

I'm using Firefox and I get an exclamation mark icon on the address bar. If you click on that, you can see the certificate info.

I'm not really worried about it, I don't have a thing on this device worth looking at anyhow.
But if this is a spoof site run by the .gov or .md I wish they'd let me know, that way I could really tell them what I think about them.

 

[linkstate]

I'm not really worried about it, I don't have a thing on this device worth looking at anyhow.
But if this is a spoof site run by the .gov or .md I wish they'd let me know, that way I could really tell them what I think about them.

I hear ya. I'm mostly concerned with valid certs when entering PII or financial info such as bank sites or when paying for something with a credit card

 

[swinokur]

PM Norton

 

[pez34a]

Can get 1 year SSL certs for free here: https://www.startssl.com/?app=1
Been using them for about 4 years now, works great.

They'll offer to generate the key for you too, which might be easier for the admin, but I prefer to generate my own key and certificate signing request (csr) and submit just the csr, so I alone maintain custody of the key and know its secure even if it turns out startssl.com is ever compromised.

 

[Benanov]

HTTPS definitely not using a valid cert here. They should fix that.