Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

this certificate chain is imcomplete

Hi! This is a serious security problem if we can not upload ca_bundle certificate. Our pages are not secure and how do you expect us to trust to your paid service if you can not give us some basic SSL security on free service.
If you really do not know how to fix it I can do that for free. But you can not offer your users these bad security standards - even if we pay you nothing because be sure that we are the one who moves to your paid service and make you money when our business grows on your free service (I did that for three of my clients).

Comments

  • And it is really important because Facebook's and Messenger's integrated browsers gives you alert about unsecure certificate.

  • edited May 6

    @jakobhostnik said:
    Hi! This is a serious security problem if we can not upload ca_bundle certificate. Our pages are not secure and how do you expect us to trust to your paid service if you can not give us some basic SSL security on free service.
    If you really do not know how to fix it I can do that for free. But you can not offer your users these bad security standards - even if we pay you nothing because be sure that we are the one who moves to your paid service and make you money when our business grows on your free service (I did that for three of my clients).

    I'm sorry, but how is the lack of CA chain support a "serious security problem"? If you have a valid SSL certificate, you have a valid SSL certificate. If your certificate is valid, all visitors with remotely modern browsers can connect to your website, see a green lock and have a safe and secure connection to your hosting account.

    There are plenty of free hosting providers who don't offer support for SSL at all. We give you the ability to use SSL and install your own SSL certificates. Not all free hosting providers offer that. So I'd say we're definitely on the good end of the spectrum.

    Sure, the lack of CA chain support is a limitation, but the other 90% of your visitors can still access your website.

    On iFastNet, you can install a full CA chain. That's an advanced security feature reserved for premium hosting. We obviously cannot provide all premium features for free. If we did, why would anyone still upgrade?

    @jakobhostnik said:
    And it is really important because Facebook's and Messenger's integrated browsers gives you alert about unsecure certificate.

    Then their browsers have bad security standards. All well built, modern browsers and modern operating systems don't require CA chains to validate a certificate.

  • I'm sorry, but how is the lack of CA chain support a "serious security problem"? If you have a valid SSL certificate, you have a valid SSL certificate. If your certificate is valid, all visitors with remotely modern browsers can connect to your website, see a green lock and have a safe and secure connection to your hosting account.

    Without full CA chain someone can simply make MIME attack.

    Then their browsers have bad security standards. All well built, modern browsers and modern operating systems don't require CA chains to validate a certificate.

    Yes I agree that those browsers sucks...

    There are plenty of free hosting providers who don't offer support for SSL at all. We give you the ability to use SSL and install your own SSL certificates. Not all free hosting providers offer that. So I'd say we're definitely on the good end of the spectrum.

    But I bet you are better than that.

    On iFastNet, you can install a full CA chain. That's an advanced security feature reserved for premium hosting. We obviously cannot provide all premium features for free. If we did, why would anyone still upgrade?

    You get users on premium hosting when all inodes or Daily Hits are used, ...
    (You got me three times) This seems fair. But do not take our security.

  • edited May 6
    > @jakobhostnik said:
    > I'm sorry, but how is the lack of CA chain support a "serious security problem"? If you have a valid SSL certificate, you have a valid SSL certificate. If your certificate is valid, all visitors with remotely modern browsers can connect to your website, see a green lock and have a safe and secure connection to your hosting account.
    >
    >
    >
    >
    >
    > Without full CA chain someone can simply make MIME attack.
    >
    > Then their browsers have bad security standards. All well built, modern browsers and modern operating systems don't require CA chains to validate a certificate.
    >
    >
    >
    >
    >
    > ...Yes I agree that those browsers sucks...
    >
    > There are plenty of free hosting providers who don't offer support for SSL at all. We give you the ability to use SSL and install your own SSL certificates. Not all free hosting providers offer that. So I'd say we're definitely on the good end of the spectrum.
    >
    >
    >
    >
    >
    > But I bet you are better than that.
    >
    > On iFastNet, you can install a full CA chain. That's an advanced security feature reserved for premium hosting. We obviously cannot provide all premium features for free. If we did, why would anyone still upgrade?
    >
    >
    >
    >
    >
    > You get users on premium hosting when all inodes or Daily Hits are used, ...
    > (You got me three times) This seems fair. But do not take our security.

    CA_chain can be optional CA_chain just let the browser know your ssl was issued to a valid certificate authority, If you have valid ssl then you have! The browser just can't verify if your ssl is legit, but still your ssl encryption is still working or still doing their job to encrypt your website
  • @jakobhostnik said:

    I'm sorry, but how is the lack of CA chain support a "serious security problem"? If you have a valid SSL certificate, you have a valid SSL certificate. If your certificate is valid, all visitors with remotely modern browsers can connect to your website, see a green lock and have a safe and secure connection to your hosting account.

    Without full CA chain someone can simply make MIME attack.

    I'm not that familiar with MIME attacks, but from what I know, it mostly has to do with uploading compromised files through a website's upload functionality. How would having an SSL CA chain affect the MIME types of files?

    @jakobhostnik said:

    There are plenty of free hosting providers who don't offer support for SSL at all. We give you the ability to use SSL and install your own SSL certificates. Not all free hosting providers offer that. So I'd say we're definitely on the good end of the spectrum.

    But I bet you are better than that.

    I'm sorry to disappoint.

  • @jakobhostnik said:

    I'm sorry, but how is the lack of CA chain support a "serious security problem"? If you have a valid SSL certificate, you have a valid SSL certificate. If your certificate is valid, all visitors with remotely modern browsers can connect to your website, see a green lock and have a safe and secure connection to your hosting account.

    Without full CA chain someone can simply make MIME attack.

    Then their browsers have bad security standards. All well built, modern browsers and modern operating systems don't require CA chains to validate a certificate.

    Yes I agree that those browsers sucks...

    There are plenty of free hosting providers who don't offer support for SSL at all. We give you the ability to use SSL and install your own SSL certificates. Not all free hosting providers offer that. So I'd say we're definitely on the good end of the spectrum.

    But I bet you are better than that.

    On iFastNet, you can install a full CA chain. That's an advanced security feature reserved for premium hosting. We obviously cannot provide all premium features for free. If we did, why would anyone still upgrade?

    You get users on premium hosting when all inodes or Daily Hits are used, ...
    (You got me three times) This seems fair. But do not take our security.

    This is not something InfinityFree can do(as far as I know).
    This limit(no CA_BUNDLE on free hosting)is set by iFastnet.
    However,as mentioned before,you don't need CA_BUNDLE to be secure,you can work without it,or upgrade to iFastnet.
    Alternatively,you can go and select Cloudflare's FULL SSL and upload your certificate there,if you want a free solution to CA_BUNDLE.

Sign In or Register to comment.