Lock out of possible customers for your online shop by bad HTTPS configuration

November 1, 2015

As I wanted to send a registered mail today, I did a fast google search if this is now also possible online in Austria. I found a news article what said that sendstation.at provides such a service .. so I clicked on the link and got an error message in Firefox that the HTTPS connection is not Ok. A check at SSL Labs shows that … newer seen something bad like this:

sendstation

Ok, the news article was a bit older so I though lets check if the site is still in commission. So after excepting the error I was redirected to briefbutler.at and got again an error message in Firefox. And the SSL test shows that this time the configuration of the TLS is better, but the root is from A-Trust and least my Firefox, Chrome and SSL Labs don’t have that Certificate in the trust store.

briefbutler

Not sure how many customers this site gets .. maybe its in the Windows Trust Store and that’s ok from them if IE customers can visit them. Who needs more customers.  The lesson learned here should be to check your HTTPS not only with your PC – check with other devices and services like https://www.ssllabs.com/ssltest/.

1 Comment »

RSS feed for comments on this post. TrackBack URI

  1. Its funny how much this happens, most of the time the admin will just forget or move on and once it runs out (SSL), and the lockout is live the new admin will know about it lol, then its a race to fix it will everyone pulling their hair out! ahha

    Comment by John — November 10, 2015 #

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Powered by WordPress
Entries and comments feeds. Valid XHTML and CSS. 40 queries. 0.058 seconds.