Re: "http:" and "https:" -- must I register the same domain name twice to reserve my name for both?

From: Rob (rob.ellison@bigfoot.com)
Date: 05/05/02


From: "Rob" <rob.ellison@bigfoot.com>
Date: Sun, 05 May 2002 12:50:25 GMT

the likely reson for this is that your hosting company is using 1 IP address
to host multiple web sites - yours being one of them. this is possible using
HTTP 1.1.
however, HTTPS is not supported by HTTP 1.1, it uses HTTP 1.0 (which doesnt
support multiple domains per IP address)
when you goto https://velek.com the web server does not read the domain name
that your browser sends (velek.com) and so doesnt know which website you are
trying to access. i would guess that the website you are getting is that
your hosting company.
if you wanted to use https your hosting company would need to provide you
with a dedicated IP address.
i would have thought that they would know this!!
anyway, hope i explained that ok.
cheers,
Rob

this means that if
"Bill Velek" <billvelek@alliancecable.net> wrote in message
news:3CD4D162.30201@alliancecable.net...
> My last name is 'Velek' and I own the domain name "velek.com", which
> I've had for family use since the late 1990's. It has never expired.
>
> There is apparently a difference between "http:" and "https:" because,
> although using the same _domain_name_, they contain two entirely
> different sites, with the latter NOT belonging to me. See
> http:www.velek.com and https:www.velek.com
>
> I discovered this when I _accidentally_ included the 's' in the URL at
> the end of 'http', and after a couple of pop-up windows which indicated
> "Server Certificate Expired" and "Security Error: Domain Name Mismatch"
> -- the text of which is quoted in detail below for those interested --
> I arrived at a web-site that is entirely different than mine, but still
> uses "velek.com". At least that's what is still listed in my browser's
> URL location bar.
>
> Since the pop-up windows warn of a possible effort to intercept messages
> intended for my domain and suggest contacting the site administrator, I
> became concerned that maybe someone was hacking my site or something of
> that nature, so I telephoned the hosting service where my site is
> stored. When I explained what happened, I was surprised that I was
> questioned about what I was doing trying to reach a "secured" web-site
> -- as if maybe I had been doing something WRONG. I explained that I had
> come upon that by _accident_, and I was then told that I "shouldn't be
> going there", that it has nothing to do with my web-site, and to not pay
> any attention to it. If that's not true, then I'm certainly going to
> change to another hosting service, but I'd like to know what the
> difference is between "http:" and "https:". Also, if there is some
> reason why I might someday want to use "httpS:" for my _own_ purposes,
> how do I go about reserving the same domain name -- velek.com? Did I
> somehow miss something when I registered my domain?
>
> For those interested in more detailed info, this is what each pop-up
> window actually stated:
>
> "Server Certificate Expired" <-- in the Title Bar> ... and the window's
> text said:
> "gazeboguys.com is a site that uses a security certificate to encrypt
> data during transmission, but its certificate expired on 7/11/2001 5:03
pm."
> "You should check to make sure that your computer's time ... is correct."
> "Would you like to continue anyway?"
>
> I then clicked on the "View Certificate" button, and the following
> pop-up window appeared:
>
> "Certificate Viewer: "gazeboguys.com" <-- in the Title Bar> ... and the
> window's text had two tabs for pages with the following info:
>
> "General" <-- Tab>
> "Could not verify this certificate because it has expired."
> "Issued to
> Common Name (CN) gazeboguys.com
> Organization (O) The Gazebo Guys
> Organizational Unit (OU) Northwest
> Serial Number 01:24:20
> "Issued by
> Common Name (CN) Thawte Server CA
> Organization (O) Thawte Consulting cc
> Organizational Unit <not part of certificate>"
> "Validity
> Issued on 6/27/2000
> Expires on 7/11/2001
> "Fingerprints
> SHA1 Fingerprint
> SE:C0:08:ED:11:3D:51:8E:2E:74:E1:A0:71:81:37:A8:71:BE:06:82
> MD5 Fingerprint
> 7D:B7:15:25:51:9E:F5:2A:F3:EF:BF:62:B3:16:74:28
>
> "Details" <-- Tab>
> Certificate Hierarchy
> Thawte Server CA
> gazeboguys.com
>
> Certificate Fields
> gazeboguys.com
> Certificate
> Version
> Serial Number
> Certificate Signature Algorithm
> Issuer
> Validity
> Not before
> Not after
> Subject
> Subject Public Key Info
> Subject Public Key Algorithm
> Subject's Public Key
> Extensions
> Object Identifier (2 5 29 37 )
> Object Identifier (2 5 29 19 )
> Certificate Signature Algorithm
> Certificate Signature Value"
>
> After viewing the Certificate, I clicked "OK" and this was the next
> pop-up window:
>
> "Security Error: Domain Name Mismatch" <-- in the Title Bar> and the
> window said:
> "You have attempted to establish a connection with "www.velek.com".
> However, the security certificate presented belongs to
> "gazeboguys.com". It is possible, though unlikely, that someone may be
> trying to intercept your communication with this web site."
> "If you suspect the certificate shown does not belong to
> "www.velek.com", please cancel this connection and notify the site
> administrator."
>
> Then I clicked "OK" and a web-site appeared that is entirely different
> than mine, but still appears to use "velek.com".
>
> Any help will be appreciated.
>
> Thanks.
>
> Bill Velek
>



Relevant Pages

  • Re: "http:" and "https:" -- must I register the same domain name twice to reserv
    ... the likely reson for this is that your hosting company is using 1 IP address ... however, HTTPS is not supported by HTTP 1.1, it uses HTTP 1.0 (which doesnt ... > Since the pop-up windows warn of a possible effort to intercept messages ... > "gazeboguys.com is a site that uses a security certificate to encrypt ...
    (comp.security.firewalls)
  • Re: "http:" and "https:" -- must I register the same domain name twice to reserv
    ... the likely reson for this is that your hosting company is using 1 IP address ... however, HTTPS is not supported by HTTP 1.1, it uses HTTP 1.0 (which doesnt ... > Since the pop-up windows warn of a possible effort to intercept messages ... > "gazeboguys.com is a site that uses a security certificate to encrypt ...
    (comp.security.ssh)
  • Re: "http:" and "https:" -- must I register the same domain name twice to reserv
    ... this wouldnt affect your service atall, unless of course u decided do https ... > the likely reson for this is that your hosting company is using 1 IP ... >> Since the pop-up windows warn of a possible effort to intercept messages ... >> "gazeboguys.com is a site that uses a security certificate to encrypt ...
    (comp.security.ssh)
  • Re: "http:" and "https:" -- must I register the same domain name twice to reserv
    ... this wouldnt affect your service atall, unless of course u decided do https ... > the likely reson for this is that your hosting company is using 1 IP ... >> Since the pop-up windows warn of a possible effort to intercept messages ... >> "gazeboguys.com is a site that uses a security certificate to encrypt ...
    (comp.security.misc)
  • Re: "http:" and "https:" -- must I register the same domain name twice to reserv
    ... this wouldnt affect your service atall, unless of course u decided do https ... > the likely reson for this is that your hosting company is using 1 IP ... >> Since the pop-up windows warn of a possible effort to intercept messages ... >> "gazeboguys.com is a site that uses a security certificate to encrypt ...
    (comp.security.firewalls)