Announcement

Collapse
No announcement yet.

SSL - SHA-1 deprecation in firefox giving insecure message

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SSL - SHA-1 deprecation in firefox giving insecure message

    on february 24th, firefox deprecated SHA-1 so I get a message about security that I don't see in chrome, safari or IE. Is anyone else having this issue?


    CapturFiles-20150380_190387.jpg



    Attached Files

  • #2
    Actually I had it using the Chrome the other day and made a post about it as well as submitting a ticket to support, however I got the warning trying to log into my dashboard. They provided a different link for me to go into my dashboard where I don't get the warniing and told me that it was my security settings in chrome. Highly concerned me.

    This was the response I received from support:

    Thanks for reaching out to us! I'm sorry about the issue that you are experiencing. TO be able to go to the back end without any issue you will need to login using this URL, which is the URL for the SSL certificate installed on your store:

    https://www.passion4mopars.con/admin

    When we install an SSL certificates to customers store we normally remove the binding of that URL (the .3dcartstores.com URL ) from your store. It seems that in this case that binding was only recently removed. If you use the URL about you will not have any further issue since this is the URL that is bound to your store.


    Needless to say the link provided by support didn't work because of the dot con, but I figured that out. My error I receive is captured in the screen shot




    Attached Files

    Comment


    • #3
      I checked your homepage using firefox and you're getting the exact same message as I am. Other than the .con, I think support gave you the right answer to the other issue. I'll let you know what I figure out after I talk to someone from the SSL department. I'm guessing that they probably have an insane amount of SSL certificates to reinstall and aren't dealing with it unless someone bugs them about it.



      Originally posted by Toobusy View Post
      Actually I had it using the Chrome the other day and made a post about it as well as submitting a ticket to support, however I got the warning trying to log into my dashboard. They provided a different link for me to go into my dashboard where I don't get the warniing and told me that it was my security settings in chrome. Highly concerned me.

      This was the response I received from support:



      Needless to say the link provided by support didn't work because of the dot con, but I figured that out. My error I receive is captured in the screen shot



      Comment


      • #4
        Is your SSL with 3dc or a third party? Mine was third party and now it's with 3dc

        Comment


        • #5
          i have a norton ssl that 3dcart installed. I just checked yours and i only see the message when i go to the secure version of your homepage so you should be okay since no one actually gets served that page. 3dcart hasn't called me back so we'll see what happens.

          Comment


          • #6
            I just read where paypal is upgrading from SHA-1 to SHA-256. Anyone have any idea if that's going to affect anything we need to change?
            NOTE: The information below is in response to an industry-wide security upgrade and is not unique to PayPal. These updates will help secure your website’s interaction with the PayPal website and Application Programming Interface (API). Not all merchants are required to make these changes. Please ensure you are prepared for this event by consulting with your technology team, website vendor or individual(s) responsible for your PayPal integration.


            https://ppmts.custhelp.com/app/answers/detail/a_id/1236

            Comment


            • #7
              Regarding my site, 3dcart reinstalled the intermediate SSL certificate and mentioned that they didn't know why the other was installed. I don't know enough about SSL to know if sha-256 is used by default when you have sha-2 or if you have to do something different. I'm not sure about the paypal integration but you could send a ticket to support to give them a heads up in case they need to update it.

              Comment

              Working...
              X