Gmail and AdSense Using Invalid Security Certificate
Firefox 3 shows that Google using invalid security certificates across it’s different services including Gmail and AdSense. Security certificate for it’s Analytics is ok.
ReadersZone
Technology,Security,Software Review
June 22nd, 2008 at 9:40 AM
Uhh, you realise how ssl works, right? The certificate has to match the hostname, if multiple hostnames point to the same service, then you have to use the one the certificate is valid for if you want to use ssl.
Obviously in this case google is using mail.google.com and http://www.google.com not the gmail.com or google.com. All sites work like this, check out how microsoft is using invalid certificates here https://wwwtk2test1.microsoft.com/
or check out how verisign are using an invalid certificate here https://www.verisign.net/ or paypal, ebay, etc. This is how the internet works, make sure you understand it before making random uninformed blog posts.
June 22nd, 2008 at 11:09 AM
the page is corrupt when showed in Safari
June 22nd, 2008 at 3:56 PM
This is because the security certificates are bound with www domains and you are trying to access it without it. All browsers will show you invalid certificates if you try to browse without using the www.
June 22nd, 2008 at 4:11 PM
I receive the same error page on FF-3 accessing adsense via https://google.com/adsense
June 22nd, 2008 at 7:16 PM
https://microsoft.com/ Oh Noes
June 22nd, 2008 at 9:23 PM
kbhjb and Keith have explained it why you are getting that invalid certificate issue.
Ramesh
The Geek Stuff
June 22nd, 2008 at 9:37 PM
https://ebay.com/
https://paypal.com
https://citibank.com/
This is not a security issue, this is how ssl works. OMG GOOGLE HACKED DIGG ME PLZ!!!!!1111
June 23rd, 2008 at 1:27 AM
Oops! I too got same thing here….
June 23rd, 2008 at 5:07 AM
For me Adsense is showing this error even without https.
June 27th, 2008 at 1:18 AM
I am getting this from a long time
in IE 7
on nearly all google services
August 12th, 2008 at 9:05 AM
If you find the error message enoying when logging on to gmail through https, just use instead of https://gmail.com
August 12th, 2008 at 9:08 AM
correction:
If you find the error message enoying when logging on to gmail through https, just use https://mail.google.com instead of https://gmail.com
August 14th, 2008 at 4:37 AM
Sry moutosh that doesn’t work:
https://mail.google.com redirects to
https://www.google.com/accounts/ServiceLogin?
So the certificate continutes not to match during the vital login phase.
August 21st, 2008 at 10:15 PM
same thing happening to me too, all alternate inputs (http, https) for gmail, igoogle, etc. bring up the warning screen on mac for safari and firefox 3. this is not normal. nothing works. it did two days ago, however.
September 17th, 2008 at 2:31 PM
This is rather annoying, i cant visit my sites i usually visit, i’ve never had this issue until 3 days ago.
im NOT going to be “tarded” and type in gmails full address when i know by typing gmail.com will take me to googles mail server is there any reason im NOW seeing this do i need to clear a cache or change some settings
September 17th, 2008 at 2:33 PM
ADD;
I forgot to mention, im using Fire Fox 3.01 and have some addons installed
Download em all
and
Fire guestures
September 28th, 2008 at 2:18 AM
So… what can we do about this besides tell Google to make their certificates match?
September 28th, 2008 at 7:33 AM
@ Ale
you can simple add the exception when this error will come
September 29th, 2008 at 2:16 AM
Thanks.
October 14th, 2008 at 9:32 AM
I simply went to the ORIGINAL Firefox site…REdownloaded Firefox…and it worked fine for me………NO error messages….
November 5th, 2008 at 7:34 AM
it’s a malware that’s been doing this, not firefox
http://forums.techguy.org/malware-removal-hijackthis-logs/541483-solved-invalid-security-certificate-when.html
November 15th, 2008 at 4:20 PM
Oh Man! Just check the date and time of your PC. If you set it on current date/time, this problem will disappear.
January 10th, 2009 at 7:51 AM
Thanks JSA your the only one that has it sorted: fixed my lap top instantly, date got mucked up by no.1 son fiddling around with things beyound me.
its not malware.
January 11th, 2009 at 3:39 PM
owh my…
tq JSA..i owe u buger..haha..
January 15th, 2009 at 6:28 AM
Thanks JSA… You the man… Forget all these other technology gurus that can tell you what is wrong but not able to fix it. I’m an engineer myself and I hate dealing with these techno know it all geeks that talk down at you for not knowing what the problem is but they don’t really know how to fix the problem. There is hope with people like you out there…!!!!
February 7th, 2009 at 9:49 AM
awesome man(JSA)…thanx a lot..
February 14th, 2009 at 12:47 AM
JSA you the man…
March 12th, 2009 at 5:05 PM
you the man JSA
Thank you
March 15th, 2009 at 3:05 AM
This is a big security issue!!! I performed few penetration testing, and when i do man in the middle attack to sniff the passwords of the ssl connection, i prompt fake cert and the user would get this error (before this i do arp poisoning on gateway). If user add an exception and continue with logging in i can get all usernames and passwords. So it is big issue!!! When i go to log in on to my gmail account i am never sure if i am being attacked or it is real problem with their cert. I heard some funny explanations here (like use www etc…)
May 11th, 2009 at 3:17 PM
Check your Date and Year setting in PC
May 21st, 2009 at 8:51 PM
THAT’S IT!!!! The date was incorrectly set by mistake! Thanks so much JSA and xenon. So glad I found your solution rather than having to delete and re-download.
August 14th, 2009 at 3:52 AM
re: across it’s different services
that should be:
its different services
thanks,
–a
August 16th, 2009 at 9:13 PM
Solution:
Just Check date of your pc.
Correct it and it will be ok.
All the best.
Ravindra
http://suvidhashopping.info