https - hopefully not too stupid a question

Peter Fairbrother zenadsl6186 at
Sun Jun 17 17:24:15 BST 2012

Roland Perry wrote:
> In article <4FDDF8D7.7080108 at>, Peter Fairbrother 
> <zenadsl6186 at> writes
>> In practice, the client will normally do a DNS on the hostname before 
>> a https connection is established. So if all the client's traffic is 
>> being monitored then the monitors will usually have the hostname anyway.
> Hmm, if I try to access:
> (Where is what my DNS translates into)
> I get:
>   This is probably not the site you are looking for!
>   You attempted to reach, but instead you actually reached a
>   server identifying itself as This may be
>   caused by a misconfiguration on the server or by something more
>   serious. An attacker on your network could be trying to get you to
>   visit a fake (and potentially harmful) version of
> Is this my browser (Chrome) not getting its act together, or is there an 
> infelicity in one of the protocols?

I get (Firefox):

Secure Connection Failed uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The certificate is only valid for

(Error code: sec_error_unknown_issuer)

I think the browsers are looking to check the hostname in the requested 
URL matches the hostname in the certificate - and it doesn't, !=

Both actions seem like perfectly good behaviour to me.

-- Peter Fairbrother

More information about the ukcrypto mailing list