Current time: 04-18-2014, 08:40 AM Hello There, Guest! (LoginRegister)

SSL - This web site does not supply ownership info
02-28-2010, 11:14 AM
Post: #1
SSL - This web site does not supply ownership info
Just signed up for the dreamhost SSL cert, but when going to the site with firefox there is a warning on the "lock" that says "This web site does not supply ownership information." there don't seem to be any issues/alerts with IE.

This may provide some concern about the security of our site to firefox users. Is there a way to add ownership information to the dreamhost (PositiveSSL CA/Comodo CA) cert?
Find all posts by this user
03-22-2010, 05:35 PM
Post: #2
SSL - This web site does not supply ownership info
I'm also wondering the same- where can we provide this information? Thanks!
Find all posts by this user
03-22-2010, 08:48 PM
Post: #3
SSL - This web site does not supply ownership info
Quote:I'm also wondering the same- where can we provide this information? Thanks!
You'll need to obtain an Extended Validation Certificate from a certificate authority that offers them. DreamHost doesn't offer these types of certificates, but Comodo CA, where they get the "domain validation" certificates from, does.

Customer since 2000 Cool openvein.org | Please don't feed the trolls. Angry
Visit this user's website Find all posts by this user
10-30-2010, 10:49 AM
Post: #4
RE: SSL - This web site does not supply ownership info
The message is a "trusting" among certificates providers and browsers builders, aka CABFORUM group. The message means that the certificate WAS NOT inserted at internal browser certification database.
At all mozilla browser products, for instance, the procedure (ir)responsible to emit this "trusting" warning is security.js (browser.jar/content/browser/pageinfo/security.js).

EV certificates is as (in)secure as a normal certificate, except by they insert some "unecessary" OIDs (see http://www.cabforum.org). EV is a policy and a political certification issuing than a new technology. Even if you follows the the CABForum EV Guide and issue a new (EV) certificate the message will continue happen. So there is a political problem and not a technology problem, that is "the certificate was not inserted at browser database as a valid certificate".

To proof my point of view try this:
For mozilla browsers only:
1) Go to directory where mozilla browser is stored.
2) Copy the browser.jar to a empty directory
3) decompress browser.jar by using unzip under console mode.
4) Goes to content/browser/pageinfo/
5) change security.js code
from - to +
var security = {
// Display the server certificate (static)
@@ -38,11 +38,10 @@
ui.QueryInterface(nsISSLStatusProvider);
var status = ui.SSLStatus;

- if (!isInsecure && status) {
+ if (status) {
status.QueryInterface(nsISSLStatus);
var cert = status.serverCert;
- var issuerName =
- this.mapIssuerOrganization(cert.issuerOrganization) || cert.issuerName;
+ var issuerName = cert.issuerName;

var retval = {
hostName : hName,
@@ -171,7 +170,7 @@
// fields must be specified for subject and issuer so that case is simpler.
if (info.isEV) {
owner = info.cert.organization;
- verifier = security.mapIssuerOrganization(info.cAName);
+ verifier = "IS EV:"+security.mapIssuerOrganization(info.cAName);
generalPageIdentityString = pageInfoBundle.getFormattedString("generalSiteIdentity",
[owner, verifier]);
}
@@ -181,18 +180,17 @@
// way to tell those apart, and no policy way to establish which organization
// vetting standards are good enough (that's what EV is for) so we default to
// treating these certs as domain-validated only.
- owner = pageInfoBundle.getString("securityNoOwner");
- verifier = security.mapIssuerOrganization(info.cAName ||
- info.cert.issuerCommonName ||
- info.cert.issuerName);
- generalPageIdentityString = owner;
+ owner = info.cert.organization;
+ verifier = "IS Normal Cert:"+security.mapIssuerOrganization(info.cAName);
+ generalPageIdentityString = pageInfoBundle.getFormattedString("generalSiteIdentity",
+ [owner, verifier]);
}
}
else {
// We don't have valid identity credentials.
- owner = pageInfoBundle.getString("securityNoOwner");
- verifier = pageInfoBundle.getString("notset");
- generalPageIdentityString = owner;
+ owner = info.cert.organization;;
+ verifier = "Identity disapproved:"+security.mapIssuerOrganization(info.cAName);
+ generalPageIdentityString = pageInfoBundle.getFormattedString("generalSiteIdentity",[owner,verifier]);
}

setText("security-identity-owner-value", owner);

6) compress with zip -0 (zero option or stored mode), and rebuild as browser.jar (zip will result in browser.zip. Rename this to browser.jar). Backup the original file browser.jar by renaming it to (for instance) to old-browser.jar. replace the old browser.jar by the patched one.
7) Restart the mozilla browser and see the results. The "political message" will gone out and you will see the distinguished name of cert.

That is it.
Find all posts by this user
01-02-2011, 12:51 PM (This post was last modified: 01-02-2011 12:51 PM by Deby.)
Post: #5
RE: SSL - This web site does not supply ownership info
Can you tell me where I go to get my SSL Certificate from DreamHost?
Find all posts by this user


Forum Jump: