I just tried to access https://www.verizon.com/ . I got an error message, saying that "The certificate is only valid for a248.e.akamai.net". Anyone else have this result?
In article <20091023023407.GA24...@telecom.csail.mit.edu>, telecomdigestmoderator.remove-t...@telecom-digest.and-this-too.org says...
> I just tried to access https://www.verizon.com/ . I got an error message, saying that > "The certificate is only valid for a248.e.akamai.net". Anyone else have this result?
> Bill
Yes, I get the same error.
Issuer: GTE CyberTrust Global Root Issued to: a248.e.akamai.net
<telecomdigestmoderator.remove-t...@telecom-digest.and-this-too.org> wrote: >I just tried to access https://www.verizon.com/ . I got an error message, saying that >"The certificate is only valid for a248.e.akamai.net". Anyone else have this result?
Yes, I get a similar message in both IE and FireFox. However if I click continue anyhow it takes me to www22.verizon.net. As does http://www.verizon.net.
On Thu, 22 Oct 2009 22:34:07 -0400, Telecom digest moderator wrote: > I just tried to access https://www.verizon.com/ . I got an error message, > saying that "The certificate is only valid for a248.e.akamai.net". Anyone > else have this result?
Yes, either the DNS address for that site has been hijacked or the webmaster at Verizon has a big configuration problem - probably the latter given that this works:
David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
In article <20091023023407.GA24...@telecom.csail.mit.edu> you write:
>I just tried to access https://www.verizon.com/ . I got an error message, saying that >"The certificate is only valid for a248.e.akamai.net". Anyone else have this result?
It's just a configuration error. Akamai is a giant content delivery network that lots of big web sites use to host the static parts of their content. There's nothing at all odd about Verizon's home page being hosted at Akamai.
R's, John
***** Moderator's Note *****
I understand Akamai's role, but it seems odd that Verizon would allow such an error to happen while it tries to position itself as a data delivery company.
Telecom digest moderator wrote: > I just tried to access https://www.verizon.com/ . I got an error > message, saying that "The certificate is only valid for > a248.e.akamai.net". Anyone else have this result?
I get the same, just click OK and it connects. Must be some kind of link. Try www.verizon.net, the following link you used just forwards to the net address: https://www.verizon.com.
-- The only good spammer is a dead one!! Have you hunted one down today? (c) 2009 I Kill Spammers, Inc., A Rot in Hell. Co.
On Fri, 23 Oct 2009 12:13:49 -0400, John Levine <jo...@iecc.com> wrote: > In article <20091023023407.GA24...@telecom.csail.mit.edu> you write: >> I just tried to access https://www.verizon.com/ . I got an error >> message, saying that "The certificate is only valid for >> a248.e.akamai.net". Anyone else have this result?
> It's just a configuration error. ...
>--- [snip] ---
> ***** Moderator's Note *****
> I understand Akamai's role, but it seems odd that Verizon would > allow such an error to happen while it tries to position itself as a > data delivery company.
I guess VZ Brand Identity and VZ Tech only rarely compare notes ... .
Cheers, -- tlvp -- Avant de repondre, jeter la poubelle, SVP
On Fri, 23 Oct 2009 10:48:39 -0700, Steven wrote: > Telecom digest moderator wrote:
>> I just tried to access https://www.verizon.com/ . I got an error >> message, saying that "The certificate is only valid for >> a248.e.akamai.net". Anyone else have this result?
> I get the same, just click OK and it connects. Must be some kind of link. > Try www.verizon.net, the following link you used just forwards to the net > address: https://www.verizon.com.
When you get a certificate for a SSL web server the domain name in the cert *must* match the domain of the site you are going to, else you get that mismatch error message.
There is probably a "master" web server for the Verizon domain that load shares the incoming requests by redirecting to other web sites that do the actual work, and someone probably has made some changes and forgot to set up the correct cert for that initial site.
In general you should *never* ignore that sort of error, as it may indicate a hijacked web site just waiting to steal your banking details etc.
-- Regards, David.
David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.
In article <20091023023407.GA24...@telecom.csail.mit.edu>, Telecom digest moderator <telecomdigestmoderator.remove-t...@telecom-digest.and-this-too.org> wrote:
> I just tried to access https://www.verizon.com/ . I got an error > message, saying that "The certificate is only valid for > a248.e.akamai.net". Anyone else have this result?
Despite appearances, this is a non-issue. 'akamai.net' is a _well-known_ provider of large-scale distributed web-page delivery. They have server farms "everywhere" (both geographically, and 'on net' at most major connectivity providers) and "automagically" direct a query for a page for one of their customers to the server 'nearest' the query source. This allows for servicing truly _enormous_ numbers of requests, and for providing fast response to page requests.
Getting SSL certificates 'right' in that environment is _really_ messy.
***** Moderator's Note *****
If it's too messy, they shouldn't try to do it. A server which is configured to deliver a default certificate that has no relationship to the URL it's serving should not offer the service.
In article <E6qdnTxaWujv3H7XnZ2dnUVZ_u-dn...@posted.nuvoxcommunications>,
Bill Horne writes: >If it's too messy, they shouldn't try to do it. A server which is >configured to deliver a default certificate that has no relationship >to the URL it's serving should not offer the service.
At the time a Web server is required to identify itself by certificate in the SSL/TLS protocol, it has absolutely no idea what URL the client is going to request. Few servers or clients support the more recent versions of TLS that allow the virtual host name to be negotiated (and the servers are, as a general rule, not going to use it until the vast majority of clients support it).
-GAWollman -- Garrett A. Wollman | What intellectual phenomenon can be older, or more oft woll...@bimajority.org| repeated, than the story of a large research program Opinions not shared by| that impaled itself upon a false central assumption my employers. | accepted by all practitioners? - S.J. Gould, 1993
***** Moderator's Note *****
Then it shouldn't have any SSL certificate at all.
Robert Bonomi <bon...@host122.r-bonomi.com> wrote: >In article <20091023023407.GA24...@telecom.csail.mit.edu>, >Telecom digest moderator ><telecomdigestmoderator.remove-t...@telecom-digest.and-this-too.org> >wrote:
>> I just tried to access https://www.verizon.com/ . I got an error >> message, saying that "The certificate is only valid for >> a248.e.akamai.net". Anyone else have this result?
> Despite appearances, this is a non-issue. 'akamai.net' is a > _well-known_ provider of large-scale distributed web-page delivery. > They have server farms "everywhere" (both geographically, and 'on > net' at most major connectivity providers) and "automagically" > direct a query for a page for one of their customers to the server > 'nearest' the query source. This allows for servicing truly > _enormous_ numbers of requests, and for providing fast response to > page requests.
> Getting SSL certificates 'right' in that environment is _really_ > messy.
> ***** Moderator's Note *****
> If it's too messy, they shouldn't try to do it. A server which is > configured to deliver a default certificate that has no relationship > to the URL it's serving should not offer the service.
When you figure out how to make HTTPS work _without_ having a certificate, let me know. I know people who will pay a fortune for that know-how. :)
Truth is, _VERIZON_ *shouldn't* be using a 3rd-party network for something that is 'sensitive enough' to call for HTTPS. But, then, the odds are that -nothing- of the verizon content hosted on the akamai-hosted server _is_ actually that sensitive. <wry grin>
***** Moderator's Note *****
My point is that https should _not_ work without a certificate. If the server can't deal with an https request properly, it should refuse to serve it. Better to not do a job than to do it half-fast.
|
