Users Alejandro Varderi and Nora Glickman report:
"The link to Enclave magazine (https://enclave.commons.gc.cuny.edu/) is not recognized by the CUNY e-mail system. It says that the link is not safe. Is there a way to fix this problem? We have had the same address for the past four years and it has worked well up to recently."
This is happening on Chrome, but it looks fine on Redmine.
#1 Updated by Marilyn Weber almost 2 years ago
"This is what we get:
There is a problem with this website's security certificate.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website."
#2 Updated by Boone Gorges almost 2 years ago
- Status changed from New to Reporter Feedback
The wildcard SSL certificate used for *.commons.gc.cuny.edu sites itself seems to be fine. See eg https://www.ssllabs.com/ssltest/analyze.html?d=enclave.commons.gc.cuny.edu
The text of the report suggests that "the" CUNY e-mail system (which?) is preemptively scanning links in outgoing emails, and is (incorrectly) determining that the SSL cert is incorrect. Could I please get the following information to help narrow things down?
- Where is "the link to Enclave"? In an email? If so, what is the email client (eg: Office 365)? What is the email domain (eg: citytech.cuny.edu)? Can I please get a content of the unmodified message source?
- Are Alejandro and Nora independently seeing this issue? If so, it'd be helpful to get the above information for both of their setups.
- Can I get more info about this comment: " This is happening on Chrome, but it looks fine on Redmine." - Is "Redmine" a typo for "Firefox"? Is this comment from you (Marilyn) or from the reporters? If Marilyn, can you please give more info about how you tested the "this is happening on Chrome" part, including (if possible) screenshots of the error message you see?
- Regarding the "This is what we get" follow-up from the reporters: Where are they seeing this? Is it being reported by the browser? Is it being reported by the email client? Are there any "learn more" links? Could I get a screenshot if possible?
#4 Updated by Marilyn Weber almost 2 years ago
Here are the replies:
-The problem is not with the CUNY e-mail system, it’s with the different browsers. They issue a warning the first time someone tries to connect to Enclave.
-The link to Enclave is in the Commons domain at the Graduate Center. The magazine is uploaded by the designer directly into it.
-The website domain is www.enclave.commons.gc.cuny.edu
-The first time you try to connect to it, the browsers don’t recognize the link and issue a warning. However, if you by pass it and go to the domain, it will be recognized as safe next time. For instance, in my college computer I can access Enclave directly on Google and Google Chrome because I used it before, but not in Mozilla because I never used it. I tried today for the first time, and I got the following warning: Your connection is not secure
The owner of www.enclave.commons.gc.cuny.edu has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Learn more… Report errors like this to help Mozilla identify and block malicious sites. Once I disregarded the warning I was able to connect to Enclave, and I no longer have this problem with Mozilla.
-The warning is issued by all browsers the first time someone connects to the Enclave link.
-This is the page of the most recent issue:
Número 6. Primavera de 2017 (https://enclave.commons.gc.cuny.edu/)
Palabras de los editores (https://enclave.commons.gc.cuny.edu/2017/09/06/palabras-de-los-editores-3/)
Sobre los artistas (https://enclave.commons.gc.cuny.edu/2017/09/10/sobre-los-artistas-3/)
Nicolás Melini (https://enclave.commons.gc.cuny.edu/2017/09/06/sinaangas/)
Claudia Salazar Jiménez (https://enclave.commons.gc.cuny.edu/2017/09/06/en-paz/)
Sergio Astorga (https://enclave.commons.gc.cuny.edu/2017/09/07/microficciones/)
Mónica Ivulich (https://enclave.commons.gc.cuny.edu/2017/09/07/el-nono/)
Atanasio Alegre (https://enclave.commons.gc.cuny.edu/2017/09/07/pianoforte/)
Miguel Aníbal Perdomo (https://enclave.commons.gc.cuny.edu/2017/09/07/signados-por-la-luz/)
Silvia Guerra (https://enclave.commons.gc.cuny.edu/2017/09/09/cinco-poemas-2/)
Gonzalo Sobejano (https://enclave.commons.gc.cuny.edu/2017/09/09/cinco-poemas-3/)
Luisa Futoransky (https://enclave.commons.gc.cuny.edu/2017/09/09/plantitas/)
Inmaculada Lara Bonilla (https://enclave.commons.gc.cuny.edu/2017/09/09/debate-junto-al-plomo-y-otros-poemas/)
Jacqueline Herranz-Brooks (https://enclave.commons.gc.cuny.edu/2017/09/10/de-lyrics-of-the-street/)
#5 Updated by Boone Gorges almost 2 years ago
Thank you for the additional details, Marilyn!
The problem is the URL http://www.enclave.commons.gc.cuny.edu/. The www is breaking things. Our SSL certificate covers .commons.gc.cuny.edu, not *..commons.gc.cuny.edu.
The first thing I'd suggest is for the reporters to ensure that they're not using that URL anywhere in their promotional materials, emails, files generated by designers, website copy, etc. The correct URL is https://enclave.commons.gc.cuny.edu.
Second, if the incorrect address is being generated anywhere in the Commons platform itself - in site navigation, for example - please let me know the details. I'm unaware of anyplace where this could happen, but if it does, it may be something I can address.