After receiving the message "Firefox has not connected to this website," I received a thank-you message from the organization I was trying to donate to.
I was trying to send some end-of-year donations when I received this message: The owner of www.oregoned.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. ………..
However, we received a "thank you for your generous contribution" of $100 (8:02 EST--we are on the west coast) just after this. Has my information been compromised?
Επιλεγμένη λύση
Okay, the good news is, the certificate is valid; it's the same one I get. The webmaster appears to have forgotten to install the bundle file, which contains intermediate certificates from the certificate issuer that link the site certificate to one that Firefox's already trusts. (https://www.ssllabs.com/ssltest/analyze.html?d=www.oregoned.org)
The intermediate cert was just issued on November 6th, so anyone who hasn't already visited a site that uses it will get the error, while those whose Firefox saved the intermediate cert from another site are fine. There's not an obvious way to get that intermediate cert saved if you don't already have it because there's no master list of sites that use it. Just luck.
Ανάγνωση απάντησης σε πλαίσιο 👍 0Όλες οι απαντήσεις (6)
What was the sequence of events that occurred? On some sites, you may start a donation and then you are transferred to the payment processer's site (for example, PayPal), and then after the payment is submitted you are transferred back to the organization's site. If everything went properly until that last step, it would make sense that your payment went through.
If you go to this URL right now, do you get an error?
If you do, please click the Advanced button and copy/paste the more detailed information there into a reply. It's particularly helpful to have the code at the end which often starts with SEC_ERROR.
This is the message that appeared when I followed your directions:
Your connection is not secure
The owner of www.oregoned.org has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website.
Learn more…
Report errors like this to help Mozilla identify and block malicious sites
www.oregoned.org uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER
Could you click the SEC_ERROR_UNKNOWN_ISSUER code? That should expand a panel showing a coded version of the certificate that Firefox is objecting to, and there should be a button you can use to copy that, and then paste it into a reply. A volunteer can decode it and comment on whether the "Issuer" looks suspicious.
Peer's Certificate issuer is not recognized.
HTTP Strict Transport Security: false HTTP Public Key Pinning: false
Certificate chain:
BEGIN CERTIFICATE-----
MIIEszCCA5ugAwIBAgIQA92U1jAdfeZTVZHj5DssQjANBgkqhkiG9w0BAQsFADBe MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 d3cuZGlnaWNlcnQuY29tMR0wGwYDVQQDExRSYXBpZFNTTCBSU0EgQ0EgMjAxODAe Fw0xNzEyMjEwMDAwMDBaFw0xODEyMjExMjAwMDBaMBsxGTAXBgNVBAMTEHd3dy5v cmVnb25lZC5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDR21yZ MsXc7eeWEo6wxk55VEsKaVLz2YvTd2HVGNdUyfJF1U5oGvLHQ/mH0D5HHSwCwUZS VnHqJocsk39XBsymg5vtG+O5pUGZpy0apVjWIbUtac35/Dqms0do70v7bkufVEGo OuThmxyxhDLslWvthYKTSFhkw2HQNusM0cLtn360m7kxO0J46AZxHWSB1L5+xVQH lR1dSmElIOwDKjXzTwozyDtTxYgB5+pNCEvwoV5uphqtyvUiWytGFhXDU5/kdr/q sTQhE7N/hQtRzg5e8ZjMr6yJ8wD3OhEeQbN9puWwhNk5VU6p/VYZtpTQDt6iZWvo E4KZrvOErWA8XZorAgMBAAGjggGuMIIBqjAfBgNVHSMEGDAWgBRTyhdZ/GvAAyEv Gq7kqqgcglbadTAdBgNVHQ4EFgQULKODMhMdEv4g1vgS2OYLwS7Rqi8wKQYDVR0R BCIwIIIQd3d3Lm9yZWdvbmVkLm9yZ4IMb3JlZ29uZWQub3JnMA4GA1UdDwEB/wQE AwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwPgYDVR0fBDcwNTAz oDGgL4YtaHR0cDovL2NkcC5yYXBpZHNzbC5jb20vUmFwaWRTU0xSU0FDQTIwMTgu Y3JsMEwGA1UdIARFMEMwNwYJYIZIAYb9bAECMCowKAYIKwYBBQUHAgEWHGh0dHBz Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwCAYGZ4EMAQIBMHUGCCsGAQUFBwEBBGkw ZzAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5yYXBpZHNzbC5jb20wPQYIKwYB BQUHMAKGMWh0dHA6Ly9jYWNlcnRzLnJhcGlkc3NsLmNvbS9SYXBpZFNTTFJTQUNB MjAxOC5jcnQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAQEAmhG+nMS6hfYy BrduqB5mZqMgd3lLQMLNOlfMqougtWFcX9X58zUsR4VqGzZAKQRF4cVdpvRLHmrO pWS0h2edOz1CjV7tEspu92FIFMJqnCI/PJ9zzPcVTeNtQACsmeEltWGEd0683KNy YI8BKhOe1Y204tVWVJF/C5NxyXbZO3PHbfYq13qJN5o9w0XiaFZ1cf6qiavhypeP NeRUY9Gb+HVWjTJV44i7XQqHzXKOys/8LJisz5K0Cha5lfuW7vrMfIijMPkaUJHU rt3FDMv6UYxBoT538X+4Jac+75epD11K3rRX+KKnLuzmdbC7BqWLJs7q0ALkORDI FJIjquaxFA==
END CERTIFICATE-----
Επιλεγμένη λύση
Okay, the good news is, the certificate is valid; it's the same one I get. The webmaster appears to have forgotten to install the bundle file, which contains intermediate certificates from the certificate issuer that link the site certificate to one that Firefox's already trusts. (https://www.ssllabs.com/ssltest/analyze.html?d=www.oregoned.org)
The intermediate cert was just issued on November 6th, so anyone who hasn't already visited a site that uses it will get the error, while those whose Firefox saved the intermediate cert from another site are fine. There's not an obvious way to get that intermediate cert saved if you don't already have it because there's no master list of sites that use it. Just luck.
Thanks so much--jogo