The certficate is not trusted on https://specialorders.secondlife.com/

[Zeta Vandyke]

When going for buying a region and choosing "Go To Special Orders" the certficate is not trusted on https://specialorders.secondlife.com/

 

[Lindal Kidd]

Call LL Billing tomorrow and bring this to their attention.

800-294-1067 or 703-286-6277

[EnCore Mayne]

happening for https://forums-archive.secondlife.com/ too. i put a report into JIRA about it.

edit: the JIRA was closed by "Spidey Linden" with the rational that it was a duplicate. the referenced duplicate (created after mine) was closed due to it being a duplicate of mine.

you can't make this sh*t up.

any wonder why they are letting their certs lapse?

Edited April 3, 2023 by EnCore Mayne

[Zeta Vandyke]

12 hours ago, Lindal Kidd said:

Call LL Billing tomorrow and bring this to their attention.

800-294-1067 or 703-286-6277

Its not an issue for me personally, I just noticed it and thought they would like to know. Tried a ticket but that system is very limited when it comes to this kind of thing. So I posted it here to maybe get their attention as I assume they will want to fix that.

Being 9 hours time difference from them I am not going to phone call it in.

Maybe tagging a Linden here in the message (would not know which one).

[Love Zhaoying]

Certificates expire, they will probably fix it first thing Monday.

[Zeta Vandyke]

9 hours ago, Love Zhaoying said:

Certificates expire, they will probably fix it first thing Monday.

It was actually recently renewed (22 Mar 2023 00:00:00 GMT) but the certificate seems to be for an invalid domain name "Error code: SSL_ERROR_BAD_CERT_DOMAIN"

When looking at the actual certificate it says *.secure.netsuite.com where I think it should say *.secondlife.com or specialorders.secondlife.com if its not a wildcard certificte.

But I am not an IT pro, just based on my own website cert experience, so I could be completely wrong here

 

 

[Rowan Amore]

18 minutes ago, Zeta Vandyke said:

It was actually recently renewed (22 Mar 2023 00:00:00 GMT) but the certificate seems to be for an invalid domain name "Error code: SSL_ERROR_BAD_CERT_DOMAIN"

When looking at the actual certificate it says *.secure.netsuite.com where I think it should say *.secondlife.com or specialorders.secondlife.com if its not a wildcard certificte.

But I am not an IT pro, just based on my own website cert experience, so I could be completely wrong here

 

 

I get this error...NET::ERR_CERT_COMMON_NAME_INVALID

[Zeta Vandyke]

Not fixed as of yet.

[Rolig Loon]

In any case, reporting it here will have no effect at all. Lindens rarely come here. They expect you to submit trouble reports as Support Cases and system flaws as JIRA BUG reports.

[EnCore Mayne]

apparently reporting it anywhere has the same results as if you were talking to them personally. support's response from Dottie Linden:

"I did inquire about this specific certificate issue, and it looks like there is no current plan to update that security certificate for the forum archives."

in other words, all our years of experience and community input has that much meaning to the current corpse riders.

[bigmoe Whitfield]

Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for forums-archive.secondlife.com. The certificate is only valid for the following names: cloudfront.net, *.cloudfront.net
 

the dns portion is the only thing wrong I'm seeing on that certificate,  wonder why it wont be updated.  odd

[Love Zhaoying]

2 hours ago, EnCore Mayne said:

apparently reporting it anywhere has the same results as if you were talking to them personally. support's response from Dottie Linden:

"I did inquire about this specific certificate issue, and it looks like there is no current plan to update that security certificate for the forum archives."

in other words, all our years of experience and community input has that much meaning to the current corpse riders.

Perhaps they are too cheap to buy another certificate? Or just can't be bothered to update certs and the list when sites are missed with expiring certs? May as well move it to the Internet Archive.

[EnCore Mayne]

because corporate decision makers have decided the historical records from the people who have established and maintained the integrity of the platform aren't worth it.

i have no idea how simple or complex it is to renew the damned certificate but that doesn't matter. the decision from its representative Linden eliminates our access to this important community asset. it's deplorable and shameful and indicative of the Linden's inability to recognize the significance these resources have to their userbase.

[Lindal Kidd]

Yeah, I get a security warning from Firefox when I click on any link to the Forum archives.

But you can still get there. Simply ignore the warning and tell the browser to damn the torpedoes, full speed ahead.

[EnCore Mayne]

the latest firefox won't allow it connection.

[Love Zhaoying]

9 hours ago, EnCore Mayne said:

because corporate decision makers have decided the historical records from the people who have established and maintained the integrity of the platform aren't worth it.

i have no idea how simple or complex it is to renew the damned certificate but that doesn't matter. the decision from its representative Linden eliminates our access to this important community asset. it's deplorable and shameful and indicative of the Linden's inability to recognize the significance these resources have to their userbase.

They just have to 1) Pay the cert provider for a new cert, or if the archive is being hosted by a third party, convince the third party to do so, and 2) Have the website host company install the new cert.

I suspect the issue is that a third party is hosting the archive, and there is some issue getting the third party to do cert updates. I definitely would not ascribe to LL some nefarious, ulterior motive as you do.

[Lindal Kidd]

10 hours ago, EnCore Mayne said:

the latest firefox won't allow it connection.

That's odd. I was able to get there.

https://forums-archive.secondlife.com/120/1.html

I am using Firefox 112.0.2 (64-bit)

[EnCore Mayne]

same version. same wanton disregard of the Lab's report/intent.

[Qie Niangao]

I'm not sure what the Lab's problem is with getting proper certs. The following variant of the problem has been kicking around for as long as scripts have been able to get SSL URLs:

string secureURL;
key requestID;

default
{
    state_entry()
    {
        requestID = llRequestSecureURL();
    }
    http_request(key httpRequestID, string method, string body)
    {
        if (requestID != httpRequestID)
            return;
        if (method == URL_REQUEST_DENIED)
            llWhisper(DEBUG_CHANNEL, "Error while attempting to get a secure URL:\n" + body);
        else 
        if (method == URL_REQUEST_GRANTED)
            llLoadURL(llGetOwner(), 
                "See https://jira.secondlife.com/browse/BUG-226463" +
                "\n\nCheck if this URL works in a fresh browser:", 
                (secureURL = body));
    }
    touch_start(integer total_number)
    {
        if (llGetOwner() == llDetectedKey(0))
        {
            llReleaseURL(secureURL);
            llResetScript();
        }
    }
}

 

Edited April 30, 2023 by Qie Niangao

[Wulfie Reanimator]

On 4/29/2023 at 5:48 PM, EnCore Mayne said:

the latest firefox won't allow it connection.

Click on "Advanced..." and "Accept the risk and continue."

Despite the expired cert, there's very little chance that the website is gonna be anything other than what we know it to be.

Edited April 30, 2023 by Wulfie Reanimator

[EnCore Mayne]

i think y'all are missing the point. according to the source from the Linden Realm: "there is no current plan to update that security certificate for the forum archives."

it's not a technical problem. it's a Policy Decision.

[Rowan Amore]

Even Microsoft only provides support for about 10 years on their Windows versions.  Firestorm has a 3 viewer policy.  The old forums closed in 2006?   It's not as if you can't read.them anymore.   If it were some kind of nefarious reason, they'd have nuked them entirely.  

2 hours ago, Wulfie Reanimator said:

Click on "Advanced..." and "Accept the risk and continue."

Despite the expired cert, there's very little chance that the website is gonna be anything other than what we know it to be.

It's kind of fun reading through some of those old threads and seeing the same issues popping up today.

[Qie Niangao]

I think some of us were encountering a deeper problem accessing forums-archive and generating that NET::ERR_CERT_COMMON_NAME_INVALID error (not the SSL_ERROR_BAD_CERT_DOMAIN error) where the Advanced button did not offer a workaround but included something about how the domain was flagged as HSTS in the browser. This is weird, and I don't know how our browsers ever got the idea that secondlife.com (the whole 2nd level domain) was flagged for HTTPS only. Maybe bad timing? Detritus from an early MFA implementation? No idea, but it takes some extra effort to clear that flag. In Chrome, use chrome://net-internals/#hsts and go to the Query HSTS/PKP domain section and enter forums-archive.secondlife.com to see what's there; if you're affected by this HSTS problem, it will show one or more HTTPS only restrictions on the secondlife.com domain, so if you enter secondlife.com in the Delete domain security policies you should be able to get an "Advanced" option to proceed the next time you browse to forums-archive.

It still makes no sense to me that the Lab would leave anything behind non-working certs. However little they care about the forums-archive content, they should care enough about the security practices of SL users to not encourage them in doing mysterious backdoor workarounds. Some clever internet lawyer might find the Lab's lax practices here incur liability for the next phishing victim.

[animats]

2 hours ago, EnCore Mayne said:

i think y'all are missing the point. according to the source from the Linden Realm: "there is no current plan to update that security certificate for the forum archives."

it's not a technical problem. it's a Policy Decision.

“He who controls the present, controls the past. He who controls the past, controls the future.” - Orwell, "1984".

Fortunately, there's a backup copy at the Internet Archive: https://web.archive.org/web/20220716014102/https://forums-archive.secondlife.com/120/1.html

[EnCore Mayne]

1 hour ago, Qie Niangao said:

I think some of us were encountering a deeper problem accessing forums-archive and generating that NET::ERR_CERT_COMMON_NAME_INVALID error (not the SSL_ERROR_BAD_CERT_DOMAIN error) where the Advanced button did not offer a workaround but included something about how the domain was flagged as HSTS in the browser.

when i first encountered this issue i coulda swore there was no Advanced option to accept risk. i thought that odd but fer sure it was a full stop. the only other times i'd encountered any cert errors i normally got through with the available Advanced option. NOW, something's changed to provide an Advanced option. if Name_Invalid prevents any further access and Bad_Cert_Domain allows accepting risk could someone at the Lab have tweaked something between then and the current Bad_Domain state?

[Love Zhaoying]

8 minutes ago, EnCore Mayne said:

when i first encountered this issue i coulda swore there was no Advanced option to accept risk. i thought that odd but fer sure it was a full stop. the only other times i'd encountered any cert errors i normally got through with the available Advanced option. NOW, something's changed to provide an Advanced option. if Name_Invalid prevents any further access and Bad_Cert_Domain allows accepting risk could someone at the Lab have tweaked something between then and the current Bad_Domain state?

They are toying us, changing settings in response to what is posted on this thread. Cover your computer's camera, quick!