What the heck is up with Hello Cables?

[Omega-TI]

I went to buy an extension for senior I hooked up with a TI last year and I get the NOT SECURE notice, okay no big deal, many places switch to a secure when you want to check out right?  Not in this case.  So I had to tell the old duffer he was out of luck.

 

 

 

 

[+OLD CS1]

The problem is in the report: ERR_CERT_DATE_INVALID.  Most likely means the site's secure certificate expired.

 

I could not get connect-world.net to load, but when I go to https://hello-cables.com I get this:

 

www.hello-cables.com uses an invalid security certificate. The certificate is only valid for the following names: www.connectworld.net, connectworld.net The certificate expired on Thursday, November 12, 2020, 7:00 AM. The current time is Sunday, November 15, 2020, 9:21 AM.

 

So, yeah, connectworld.net's certificate expired on November 12.  You can still get to the site and the connection is still encrypted, just that the browser will not validate the site.  I would be okay using the site as the certificate information checks out, it is just expired.

[+arcadeshopper]

Happens all the time. Certificate expired. Doesn't mean anything unless they don't get a new certificate in a reasonable time. You should email them and let them know

Sent from my LM-V600 using Tapatalk

[+dhe]

Yep... And it's even more challenging now... Used to be 4 .. 5 year certs where the norm. Know google wants people to up every year.

I've yet to see a register send a reminder notice, like they do on domains.

[+OLD CS1]

30 minutes ago, dhe said:

Yep... And it's even more challenging now... Used to be 4 .. 5 year certs where the norm. Know google wants people to up every year.

I've yet to see a register send a reminder notice, like they do on domains.

During the SHA-1 hash deprecation ICANN limited certificates to three years as part of the scheme to move everyone to SHA-2 (gave everyone three years on their existing SHA-1 hashed certs.)  Next thing I know I can only do two years, then Google and Apple make this decree that no certificates with an expiration date longer than one year from issue will be accepted, with the exception of CA (certificate authority) certs.  Pain in the ass if you have multiple servers and multiple services to update every bloody year.

 

Now, Sectigo and its brands will SELL you up to five years, but you still have to re-issue every year.  You have the option of using the same CSR or generating a new one.  For Windows machines using the built-in tools I do not believe you have the option of pairing a new cert with an existing private key.  At least using OpenSSL you can.  I do everything in OpenSSL then export into .pfx (pkcs12) for the Windows boxen.

 

Sectigo brands (RapidSSL, Comodo, etc.) will send renewal notifications starting at 60 days.  It goes to the email address listed as the administrative contact of the certificate during registration.

 

(I am only affected so far as Internet-facing services go.  Internally I run my own CA and do automated pushes to all of my managed machines.)

[+dhe]

I also got bit, by not knowing the rules for certs. For personal domain, I went with a .US - Compared to .com - lots of open names, and .us is short also.

 

So I took out this .us domain, I literally started getting phones calls day and night, people wanting to sell me web services. There is no way to make your contact info private with .us <-=-- No wonder people don't want to do that thing!!!

[+OLD CS1]

34 minutes ago, dhe said:

There is no way to make your contact info private with .us <-=-- No wonder people don't want to do that thing!!!

I had not noticed that before.  I have had a .us domain since it was opened up for public registrations.  I have received phone calls from this Jason guy with Coding Brains (asshole) frequently, even after getting rude with him about his calls.  .us is a country TLD, and I am not sure what its rules are, but you may be able to use an anonymizing services (I given them free to my customers.)

[Omega-TI]

Lemme guess, forcing you to re-up every year puts more money in their pockets right?

 

 

 

[+OLD CS1]

18 minutes ago, Omega-TI said:

Lemme guess, forcing you to re-up every year puts more money in their pockets right?

Yes and no.  Most sellers give discounts for multi-year purchases.  But, even now, you can still purchase multi-year for the discounts you just have to re-issue.  While I have not read the proclamations, I have heard that the single-year issuance would push more people to Let's Encrypt which offers free certs with three-month renewals (but also an automated client which does the work for you,) and this was part of the push by Google and Apple to eventually move to such short-length certifications.

 

I dunno.  I can imagine some benefits to short certificates but they are all stretches.  One of which could be preventing an abandoned site being hijacked for nefarious purposes.  Still a stretch.  I have read several articles rejecting Google and Apple for this, but really, what choice do we have?  Either we capitulate or accept incompatibility with millions of devices (equals potential customers, users, &c.)  Personally, I do not care and would secure my personal stuff with self-signed certificates. Same as why I reject paying to put my businesses in these voice searches.

[InfiniteTape]

3 hours ago, dhe said:

Yep... And it's even more challenging now... Used to be 4 .. 5 year certs where the norm. Know google wants people to up every year.

I've yet to see a register send a reminder notice, like they do on domains.

DigiCert sends reminders. Lots of reminders. "Ok, ok, I get it!" level of reminders.