Page 1 of 1

Alice Elog

Posted: Sat Dec 05, 2009 3:55 pm
by Harbles
I notice that if I try to login to the Alice Elog via the LHCportal link I get a red screen saying unsecure content an have no access. But If I copy the link to a new tab so I'm not inside the LHCportal anymore I get a dangerous site not secure certificate error, if I ignore that and login it works ok but I get a warning that HTTPS is not on.
It works but I'm curious about why the HTTPS shows an error. Might this be Chrome browser specific?

Re: Alice Elog

Posted: Sat Dec 05, 2009 4:00 pm
by Harbles
Just tried with IE browser and while logging in I still get unsecure site error but if I ignore I can still get in to the log but showing certificate errors. Hmmm?

Re: Alice Elog

Posted: Sat Dec 05, 2009 5:11 pm
by Danny252
CERN's internal certificates are known to cause problems. However, it's perfectly safe to tell your browser to ignore these problems - unless you think CERN are trying to take over your computer!

I thought we had a topic giving info on this, but it seems to have gone for a walk...

Re: Alice Elog

Posted: Sat Dec 05, 2009 5:15 pm
by aperture_science
Harbles, I don't think it's a browser issue - it looks like their security cert is self-signed. 'Modern' browsers are much better in warning you about the potential security issues with that - for example, Firefox says:

alice-logbook.cern.ch uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is unknown.
(Error code: sec_error_unknown_issuer)

Usually, that means that the security cert is self signed, and indeed it is: if you browse directly to http://alice-logbook.cern.ch/ , Firefox will show you the certificate information:
self-signed cert.png
self-signed security certificate throws up security warnings in most current browsers (thankfully)
self-signed cert.png (58.04 KiB) Viewed 4196 times
The other elogs at http://ab-dep-op-elogbook.web.cern.ch/ are signed by Comodo, a "trusted certificate authority". Thus, no warnings when viewing those, but a (safe) warning for the alice site. Firefox allows you to bypass the warning and view the site anyway, if you think it's safe to do so.

P.S. Interestingly, the certificate issuer in the case of the ALICE server is also named as a "Trusted Certificate Authority"... in this case, CERN itself... LOL. Most likely, most browsers don't recognize the "CERN Trusted Cert Auth" as such, hence the warning.

Re: Alice Elog

Posted: Sat Dec 05, 2009 5:28 pm
by Xymox
That is a interesting point...

Its possible to get the CERN signing certificate and add it to your browser to avoid these warnings...

Yes, someplace I covered that these errors are normal and how to deal with them. Nothing has been deleted so im not sure where it is right now.

I will revisit this issue and see how to add the CERN cert to Firefox. Should be easy but I have to go find it.

So maybe none of these documents are self signed. We just need the CERN cert.