Security warning on Verizon server [Telecom]

Yes, I get a similar message in both IE and FireFox. However if I click continue anyhow it takes me to www22.verizon.net. As does

Yes, I get the same error.

Issuer: GTE CyberTrust Global Root Issued to: a248.e.akamai.net

--Gene

Yes, either the DNS address for that site has been hijacked or the webmaster at Verizon has a big configuration problem - probably the latter given that this works:

-- Regards, David.

David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.

In article you write:

It's just a configuration error. Akamai is a giant content delivery network that lots of big web sites use to host the static parts of their content. There's nothing at all odd about Verizon's home page being hosted at Akamai.

R's, John

I understand Akamai's role, but it seems odd that Verizon would allow such an error to happen while it tries to position itself as a data delivery company.

Bill Horne Moderator

I get the same, just click OK and it connects. Must be some kind of link. Try

I guess VZ Brand Identity and VZ Tech only rarely compare notes ... .

Cheers, -- tlvp

-- Avant de repondre, jeter la poubelle, SVP

When you get a certificate for a SSL web server the domain name in the cert *must* match the domain of the site you are going to, else you get that mismatch error message.

There is probably a "master" web server for the Verizon domain that load shares the incoming requests by redirecting to other web sites that do the actual work, and someone probably has made some changes and forgot to set up the correct cert for that initial site.

In general you should *never* ignore that sort of error, as it may indicate a hijacked web site just waiting to steal your banking details etc.

-- Regards, David.

David Clayton Melbourne, Victoria, Australia. Knowledge is a measure of how many answers you have, intelligence is a measure of how many questions you have.

Despite appearances, this is a non-issue. 'akamai.net' is a _well-known_ provider of large-scale distributed web-page delivery. They have server farms "everywhere" (both geographically, and 'on net' at most major connectivity providers) and "automagically" direct a query for a page for one of their customers to the server 'nearest' the query source. This allows for servicing truly _enormous_ numbers of requests, and for providing fast response to page requests.

Getting SSL certificates 'right' in that environment is _really_ messy.

If it's too messy, they shouldn't try to do it. A server which is configured to deliver a default certificate that has no relationship to the URL it's serving should not offer the service.

Bill Horne Moderator

At the time a Web server is required to identify itself by certificate in the SSL/TLS protocol, it has absolutely no idea what URL the client is going to request. Few servers or clients support the more recent versions of TLS that allow the virtual host name to be negotiated (and the servers are, as a general rule, not going to use it until the vast majority of clients support it).

-GAWollman -- Garrett A. Wollman | What intellectual phenomenon can be older, or more oft snipped-for-privacy@bimajority.org| repeated, than the story of a large research program Opinions not shared by| that impaled itself upon a false central assumption my employers. | accepted by all practitioners? - S.J. Gould, 1993

Then it shouldn't have any SSL certificate at all.

Harumph!

When you figure out how to make HTTPS work _without_ having a certificate, let me know. I know people who will pay a fortune for that know-how. :)

Truth is, _VERIZON_ *shouldn't* be using a 3rd-party network for something that is 'sensitive enough' to call for HTTPS. But, then, the odds are that -nothing- of the verizon content hosted on the akamai-hosted server _is_ actually that sensitive.

My point is that https should _not_ work without a certificate. If the server can't deal with an https request properly, it should refuse to serve it. Better to not do a job than to do it half-fast.

Bill Horne Moderator