Project

General

Profile

Support #8768

unsafe redirect?

Added by Marilyn Weber over 1 year ago. Updated over 1 year ago.

Status:
Resolved
Priority name:
Normal
Assignee:
-
Category name:
-
Target version:
Start date:
2017-10-02
Due date:
% Done:

0%

Estimated time:

Description

Users Alejandro Varderi and Nora Glickman report:

"The link to Enclave magazine (https://enclave.commons.gc.cuny.edu/) is not recognized by the CUNY e-mail system. It says that the link is not safe. Is there a way to fix this problem? We have had the same address for the past four years and it has worked well up to recently."

This is happening on Chrome, but it looks fine on Redmine.

History

#1 Updated by Marilyn Weber over 1 year ago

They add:

"This is what we get:

There is a problem with this website's security certificate.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website."

#2 Updated by Boone Gorges over 1 year ago

  • Status changed from New to Reporter Feedback

The wildcard SSL certificate used for *.commons.gc.cuny.edu sites itself seems to be fine. See eg https://www.ssllabs.com/ssltest/analyze.html?d=enclave.commons.gc.cuny.edu

The text of the report suggests that "the" CUNY e-mail system (which?) is preemptively scanning links in outgoing emails, and is (incorrectly) determining that the SSL cert is incorrect. Could I please get the following information to help narrow things down?

- Where is "the link to Enclave"? In an email? If so, what is the email client (eg: Office 365)? What is the email domain (eg: citytech.cuny.edu)? Can I please get a content of the unmodified message source?
- Are Alejandro and Nora independently seeing this issue? If so, it'd be helpful to get the above information for both of their setups.
- Can I get more info about this comment: " This is happening on Chrome, but it looks fine on Redmine." - Is "Redmine" a typo for "Firefox"? Is this comment from you (Marilyn) or from the reporters? If Marilyn, can you please give more info about how you tested the "this is happening on Chrome" part, including (if possible) screenshots of the error message you see?
- Regarding the "This is what we get" follow-up from the reporters: Where are they seeing this? Is it being reported by the browser? Is it being reported by the email client? Are there any "learn more" links? Could I get a screenshot if possible?

Thanks!

#3 Updated by Marilyn Weber over 1 year ago

Yes, I typed Redmine instead of Firefox. Sorry about that, sincerely. I cannot replicate the problem on either Firefox or Chrome, so I'll try to get them to send you screenshots.

I will ask them all the other questions and will report back.

#4 Updated by Marilyn Weber over 1 year ago

Here are the replies:

-The problem is not with the CUNY e-mail system, it’s with the different browsers. They issue a warning the first time someone tries to connect to Enclave.

-The link to Enclave is in the Commons domain at the Graduate Center. The magazine is uploaded by the designer directly into it.

-The website domain is www.enclave.commons.gc.cuny.edu

-The first time you try to connect to it, the browsers don’t recognize the link and issue a warning. However, if you by pass it and go to the domain, it will be recognized as safe next time. For instance, in my college computer I can access Enclave directly on Google and Google Chrome because I used it before, but not in Mozilla because I never used it. I tried today for the first time, and I got the following warning: Your connection is not secure

The owner of www.enclave.commons.gc.cuny.edu has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Learn more… Report errors like this to help Mozilla identify and block malicious sites. Once I disregarded the warning I was able to connect to Enclave, and I no longer have this problem with Mozilla.

-The warning is issued by all browsers the first time someone connects to the Enclave link.

-This is the page of the most recent issue:

Número 6. Primavera de 2017 (https://enclave.commons.gc.cuny.edu/)

TABLA DE
CONTENIDOS

Palabras de los editores (https://enclave.commons.gc.cuny.edu/2017/09/06/palabras-de-los-editores-3/)

Sobre los artistas (https://enclave.commons.gc.cuny.edu/2017/09/10/sobre-los-artistas-3/)

NARRATIVA

Nicolás Melini (https://enclave.commons.gc.cuny.edu/2017/09/06/sinaangas/)

Claudia Salazar Jiménez (https://enclave.commons.gc.cuny.edu/2017/09/06/en-paz/)

Antonio Díaz Oliva (https://enclave.commons.gc.cuny.edu/2017/09/07/animalitos-que-fume-para-salir-de-la-depresion/)

Sergio Astorga (https://enclave.commons.gc.cuny.edu/2017/09/07/microficciones/)

Mónica Ivulich (https://enclave.commons.gc.cuny.edu/2017/09/07/el-nono/)

Atanasio Alegre (https://enclave.commons.gc.cuny.edu/2017/09/07/pianoforte/)

Miguel Aníbal Perdomo (https://enclave.commons.gc.cuny.edu/2017/09/07/signados-por-la-luz/)

Soleida Ríos (https://enclave.commons.gc.cuny.edu/2017/09/07/desayuno-en-villana-27-de-marzo/)

Gregory Cohen (https://enclave.commons.gc.cuny.edu/2017/09/07/de-cuentos-para-ninos-sospechosos/)

TEATRO

Lupe Gehrenbeck (https://enclave.commons.gc.cuny.edu/2017/09/08/gregor-mac-gregor-rey-de-los-mosquitos/)

PERFILES

Gregory Cohen (https://enclave.commons.gc.cuny.edu/2017/09/08/gregory-cohen-entrevistado-por-nora-glickman/)

VENTANA ABIERTA

Marta Pessarrodona (https://enclave.commons.gc.cuny.edu/2017/09/09/marta-pessarrodona-y-su-amor-a-barcelona/)

POESÍA

Edda Armas (https://enclave.commons.gc.cuny.edu/2017/09/09/de-fruta-hendida/)

Eduardo Espina (https://enclave.commons.gc.cuny.edu/2017/09/09/de-todo-lo-que-ha-sido-para-siempre-una-sola-vez-poemas-ante-la-muerte-del-padre-y-la-madre/)

Silvia Guerra (https://enclave.commons.gc.cuny.edu/2017/09/09/cinco-poemas-2/)

Gonzalo Sobejano (https://enclave.commons.gc.cuny.edu/2017/09/09/cinco-poemas-3/)

Luisa Futoransky (https://enclave.commons.gc.cuny.edu/2017/09/09/plantitas/)

Inmaculada Lara Bonilla (https://enclave.commons.gc.cuny.edu/2017/09/09/debate-junto-al-plomo-y-otros-poemas/)

Jorge Ortega (https://enclave.commons.gc.cuny.edu/2017/09/09/lugares-encubiertos/)

Enrique Bruce (https://enclave.commons.gc.cuny.edu/2017/09/09/arrojamos-cadaveres-al-mar-y-otros-poemas/)

Jacqueline Herranz-Brooks (https://enclave.commons.gc.cuny.edu/2017/09/10/de-lyrics-of-the-street/)

ISSN 2473-697X

#5 Updated by Boone Gorges over 1 year ago

Thank you for the additional details, Marilyn!

The problem is the URL http://www.enclave.commons.gc.cuny.edu/. The www is breaking things. Our SSL certificate covers .commons.gc.cuny.edu, not *..commons.gc.cuny.edu.

The first thing I'd suggest is for the reporters to ensure that they're not using that URL anywhere in their promotional materials, emails, files generated by designers, website copy, etc. The correct URL is https://enclave.commons.gc.cuny.edu.

Second, if the incorrect address is being generated anywhere in the Commons platform itself - in site navigation, for example - please let me know the details. I'm unaware of anyplace where this could happen, but if it does, it may be something I can address.

#6 Updated by Matt Gold over 1 year ago

Hi Boone -- is there a way to redirect all http://www.* requests to https://*?

#7 Updated by Boone Gorges over 1 year ago

We already do that. But the browser error described here happens before the request even reaches WordPress. It's during the certificate verification process.

#8 Updated by Marilyn Weber over 1 year ago

Looks like this solved it. Thanks!

#9 Updated by Boone Gorges over 1 year ago

  • Status changed from Reporter Feedback to Resolved
  • Target version set to Not tracked

Thank you for confirming!

Also available in: Atom PDF