Jump to content
LOTROCommunity
Sign in to follow this  
LasraelLarson

Haven't read Official Forums since mid-March... Dear Frelorn, update your certificates already!

Recommended Posts

CertificateInvalid_zps7a02dac3.png

 

yeah, so i don't view the Official Forums.  haven't since mid-March.

 

so does anyone even wonder why DDO & Lotro can't update this certificate issue?  why the lack of professionalism? (i realize most aren't surprised, but still.)

 

...

 

and lastly, if i am going to wax on about the OF in new subject matter, at least i can start A NEW FUCKING THREAD!

 

looking at these Forums and seeing a subject long past being necroed to harp on about nonesense i would otherwise be unaware of...

 

had a few critical

fail33425.gif

as of late.

 

or the matter of a subject that should be well and firmly in the past...

eyeroll_zpsdc716be5.gif

 

so all around, good job everyone.

>.>

Share this post


Link to post
Share on other sites

Laur, any theories as to why the certificates are invalid?

 

why they aren't bothering to update them?

 

Infinite Crisis forums have no issues and are current & up to date.

Share this post


Link to post
Share on other sites

oh, i could ignore those warnings and proceed on to the website, thereby canceling the warnings and be able to see the site just fine...  i did do that a couple years back when the security issue first reared it's head.

 

but after all this time they still haven't fixed the issue?

 

arguable 4 chan has no interest whatsoever in LoTRO & the risk would be minimal.  but it only takes one asshole with a bit of knowledge to ruin the stew, as it were.

 

and the issue exists for all Turbine legacy game forums.  i get it for DDO forums, as well as Ashrons Call.

 

Infinite Crisis forums are fine, as are these, or most forums i visit, from LoL to WoW.

Share this post


Link to post
Share on other sites

Laur, any theories as to why the certificates are invalid?

 

why they aren't bothering to update them?

 

Infinite Crisis forums have no issues and are current & up to date.

It's a New England thing. Incompetence with networking professionals is rampant here, and not monitoring certificates is part of it. Oh and don't think anybody can locate the private key even when they notice and want to re-roll.

Share this post


Link to post
Share on other sites

To be honest, you're the only person I have come across that is getting certificate errors, and if as you say it's been an issue for a couple of years you would expect at least someone to mention it. Maybe the issue isn't at their end? might be something wrong with your browser.

Share this post


Link to post
Share on other sites

I've had a look and I don't actually see much wrong with the certificate, what browser are you using?

 

Firefox 32.0.3

Share this post


Link to post
Share on other sites

The certificate for LotRO is fine. The "issue" (if it rises to that level) is that they don't also provide an "issuer chain" certificate. This doesn't affect the security of the site. It's just unsightly for browsers that note this type of thing. I only see it on Firefox before I grant the site an exception. Neither IE nor Chrome care about this (relatively minor) oversight.

Share this post


Link to post
Share on other sites

The certificate is using a certificate chain but does not contain the missing one linking itself to the root certificate, consult the sslabs report for details.

 

Apparently, Firefox treats this differently than before and if you don't happen to have the certificate in question imported already (from, say, visiting other sites that also use it), the chain is now considered invalid.

 

It also has two other issues, one that is causing a warning when using the plain lotro.com domain, the other that will cause issues later when the Browsers start warning and rejecting SHA1-signed certificates.

 

Considering the docs for how to add the additional certificate to the server configuration, the "both" quote from above appears to be the correct interpretation.

 

SNy

Share this post


Link to post
Share on other sites

If you don't feel comfortable visiting the site on the basis of its certificate handling, perhaps one might consider that a blessing in disguise.  I haven't gone there since the forum database breach, and I haven't missed it.

Share this post


Link to post
Share on other sites

No one remembers the certificate SNAFU in either 2008 or 2009? The one where you had to set your compuers clock back 1 day just to log into the game? Worst run company in the history of gaming.

Share this post


Link to post
Share on other sites

I've got the same problem on my phone and also tablet I think

Yes I have seen that in the stock Android browser on Lotro and other sites, I never really took the time to investigate why that browser took issue with some certs, I usually just download Chrome for Android eventually.

Share this post


Link to post
Share on other sites

Oddly, I just built a new virtual machine from scratch with a fresh install of Firefox. Didn't get the certificate error. So either something has changed on Turbine's end, or Mozilla's. Or there's a flaw in my methodology. For several months, I could always count on a fresh install of Firefox showing the "issuer chain" warning. Not anymore.

Share this post


Link to post
Share on other sites

I just had the "untrusted certificate" pop up for O-forums when I went to them on my phone.

 

(Of note: the thread I was checking out was a week old thread that both somewhat named and shamed somebody and discussed details of how to exploit immediate skills for DPS gain... which is apparently still possible, at least for Wargs, according to that thread.  Over a week and no deletion - interesting.)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×