For a long time if your ssl cert was jacked up users would be displayed a popup warning and continue what they were doing. Firefox has taken a waaaaaaaaaay more intrusive approach to this and now displays a server error like page for misconfiguration servers/certs.
I had quickmarked my AdSense account url as https://google.com/adsense and when I just went there I saw this:
Then I retried it a few seconds later and it was ok. Not sure if it was a FireFox error or something on Googles side but 1 thing is for sure that new Firefox error page is no joke and will cost people business if they see it.
August 11, 2008 at 9:53 am
I’ve gotten an SSL error page from Adsense as long as I can remember and still do. That new Firefox page design is definitely a traffic killer. The IE7 one is just as bad.
August 11, 2008 at 9:54 am
That sucks. I hardly use adsense anymore. Direct advertising is much better imo!
August 11, 2008 at 9:57 am
Yep exactly what I did… I thought that google had shutdown Adsense for a second
August 11, 2008 at 10:00 am
That’s a good thing, except for the fact that I do have invalid ssl certs on my server cpanel etc, so I have to add exceptions for those.
August 11, 2008 at 10:01 am
I think it it will be a good thing..keep adapting or die…
August 11, 2008 at 10:14 am
I get that error pretty often when I’m accessing some ssl connections…it’s pretty hard to figure out what to do when you get it for the first time
August 11, 2008 at 10:34 am
Shoemoney, thanks for the good word. Those are potential die hard, or learn hard pops.
Regards, Matt
August 11, 2008 at 10:39 am
Yeah, I noticed this as well. My sister runs an ecom shop, and she lost business even when it was a simple popup warning. With this, I don’t think anyone at all would know to go beyond it. You wouldn’t lose some business, you’d lose all.
August 11, 2008 at 10:39 am
No, it’s not really a good thing. It’s overly restrictive. There are a lot of small sites out there with shared SSL, and they get hammered with this.
August 11, 2008 at 10:44 am
Commission Junction has SSL Certificate Issues as well, I wrote about it a week or two ago but no one seems to know or care yet.
August 11, 2008 at 10:48 am
I think it’s because you went to https://google.com and not https://www.google.com – I noticed that the other day. Their SSL certificate doesn’t appear to cover the non-www version of the site. Really they should do a redirect from one to the other – or at least you’d think they should!
August 11, 2008 at 10:54 am
I got one last night for gmail actually.
August 11, 2008 at 11:05 am
Google seems to have some kind of trouble/problems because i received that error message too on Gmail and a part of my Gmail-Accounts was deactivated without any reason.
August 11, 2008 at 11:06 am
i’ve been seeing that for a while now, i just ignore it at this point.
August 11, 2008 at 11:25 am
i have been noticing the same across many sites, specially with the new firefox version.
August 11, 2008 at 11:26 am
shared certs will cause a major problem with multiple domains on them..
August 11, 2008 at 11:28 am
adsense still is a viable business for many websites.
August 11, 2008 at 11:55 am
and I though google had a problem
August 11, 2008 at 12:07 pm
adsense banned my account for no reason
they sucks.
August 11, 2008 at 12:10 pm
Haven’t gotten this on gmail, but the others are problematic.
August 11, 2008 at 12:39 pm
You’d think they could set up a better redirect to their SSL covered www domain before the warning pops up.. Or take some of the billions they have and buy another cert
What’s even more annoying about FF3 is the Phishing/Malware alert, some tool reported one of my sites as a phishing site (it’s a proxy site, yeah, lame, but it’s passive income) so everyone visiting it got the nice big red screen of terror. (That and my host sent me a nasty letter, whoever reported it must have had no idea what a proxy was, went to eBay through the proxy and figured since it hit a sign in for ebay it was phishing…dumb twit) Obviously they don’t look TOO closely at sites reported as being bad, so you could potentially be at risk for having competitors report your site with a chance it could be flagged as bad. Fortunately my report that it wasn’t a phishing/malware site was processed pretty quickly, it happened over the weekend and seems to have been taken care of this morning.
August 11, 2008 at 1:06 pm
why would they ban you for no reason ? remember, No smoke without fire!
August 11, 2008 at 1:30 pm
I had problems with that too.
August 11, 2008 at 1:32 pm
I noticed this on my University’s webmail login. I was surprised to see such a large and prominent warning, but now it’s getting annoying.
August 11, 2008 at 1:35 pm
Very annoying, try adding the http://www...
August 11, 2008 at 1:45 pm
What the heck is that icon? Is that a crossing guard?
August 11, 2008 at 1:57 pm
Wow. Serious implications.
August 11, 2008 at 2:06 pm
Looks like a police officer that forgot to take off his seatbelt holding a badge
August 11, 2008 at 2:21 pm
I don’t think the redirect can be executed, I think firefox will interrupt as soon as it sees that the ssl cert is not valid.
August 11, 2008 at 2:34 pm
Hi Shoe,
Also the other thing I noticed with FF3 is that normal SSL certificates only show the URL bar as blue. It will only turn green if you get the EV SSL certificate.
I haven’t looked into the details, but it just seems like more paperwork that can easily be done. AKA more $$$ and profits
August 11, 2008 at 2:52 pm
Even if done in .htaccess? The server would redirect any request to the SSL domain and thus serve up the SSL-linked page before the wrong one?
August 11, 2008 at 4:36 pm
You have to make sure to update this. Any warnings scare people away.
August 11, 2008 at 5:34 pm
Well this is definitely good to know. BTW got my shoemoney t-shirt today, thanks!
August 11, 2008 at 6:48 pm
Yeah, as a host all of our secured servers showed that to clients. It’s when the domain is mismatched to the one on the certificate. It’s a pain.
August 12, 2008 at 3:33 am
That would definitely turn off a lot of customers if they continuously ran into that error all the time. Just a simple www missing can cause a lot of problems.
August 12, 2008 at 6:12 am
I know that they are not told the reason for the ban.
August 12, 2008 at 6:17 am
I think this is a serious sign. Interestingly, what really happens?
August 12, 2008 at 7:15 am
Lucky for me I dont have any secure pages. I think the page looks far too much like an error page, most users are just going to hit the back button when they see that. But then if you are running an e-commerce site you should be keeping on top of stuff like this.
August 12, 2008 at 9:20 am
I’m not sure what all the fuss is about… anyone who uses SSL and depends on customers (ie: selling something) should have a cert that matches their domain name… that’s always been the case.
Are people really finding that the new error is turning away more people than the old popup notice?
August 12, 2008 at 12:09 pm
Hey I’ve got a really crazy and wild idea….
After you’re done panicking…. UPDATE YOUR CERTS. Make sure your site is compliant. i.e. do some work for a change…. And you’ll be fine.
August 12, 2008 at 12:56 pm
i hate this feature, make people think ” site hacked”
August 12, 2008 at 1:10 pm
Bryn did you just ask for a shirt, win, or did you purchase it?
August 12, 2008 at 4:10 pm
FYI: Adsense is only on https://www.google.com/adsense without the www. you get the error .. you’d of thunk Google would 301 to the www. :confused:
August 12, 2008 at 6:48 pm
I saw a warning like this while Stumbling using Firefox 3 as the browser. Having a compliant, CLEAN site is more important than ever.
August 12, 2008 at 8:17 pm
yeah that’s true, I hate it too
August 12, 2008 at 8:47 pm
But for small sites that can’t really get direct advertising sales, adsense is a great base. There’s no denying that!
August 13, 2008 at 11:04 am
Ha wow I’m surprised they won’t redirect the users to include the www’s
August 15, 2008 at 2:27 am
Its a shame that Google isn’t fixing the problem.
August 18, 2008 at 11:22 pm
I agree- this is definitely no joke and can lose a lot of sites some traffic. Create a compliant site and you won’t run into this problem!
August 23, 2008 at 3:03 am
On almost all Google run sites I got that same message for weeks – It was a pain in the but
August 24, 2008 at 1:14 am
I also saw few messages like this before on my firefox.. i think google got hacked..
August 24, 2008 at 9:56 am
Geiger: Look here: Look at the sign in the ceiling:
http://www.ameinfo.com/amefiles/brand/dxb_passport.jpg
Firefox has used the official sign for “passport checkpoint” as a icon for SSL error.
August 27, 2008 at 8:57 am
That really sucks, I am not using adsense at all now using adbrite
August 31, 2008 at 2:32 pm
Some of you guys are totally missing the point. The AdSense website is just an example. SSL certs have long since been hard to use for any website, and the point of the post is that Firefox takes a very aggressive approach to invalid SSL certs for our security.
September 1, 2008 at 12:51 am
Same here!
November 13, 2008 at 12:29 am
I would leave a site in a second if i get this warning. i am a paranoid.