Hi David
The certificate error has been resolved.
It required a particular type of intermediate certificate installed in relation to the SSL certificate on the server.
Ionata installed the certificate last night and testing has been successful.
Regards
Scott
From: David Stenhouse [mailto:[email address]]
Sent: Monday, 8 July 2013 5:23 p.m.
To: Scott Savage
Subject: Re: Site Certificate message
Thanks Scott
David Stenhouse
021 226 6987
Sent from my iPhone
On 8/07/2013, at 3:47 PM, "Scott Savage" <[email address]> wrote:
Hi David
Not a problem. It's logged with the team to investigate.
Regards
Scott
-----Original Message-----
From: David Stenhouse [[email address]]
Received: Monday, 08 Jul 2013, 3:33pm
To: Scott Savage [[email address]]
Subject: FW: Site Certificate message
Hi Scott
Can you please let me know what we need to do to get this fixed. It appears to be at your end.
Thanks
David Stenhouse
Manager Passenger Services
ENVIRONMENT CANTERBURY
37 Main North Rd,
Papanui,
Christchurch
PO Box 345
Christchurch
New Zealand
mob: 021 226 6987
email: david.stenhouse@ecan.govt.nz
website: www.metroinfo.org.nz
From: Claire Nicholls
Sent: Friday, 5 July 2013 9:23 a.m.
To: David Stenhouse
Subject: RE: Site Certificate message
Importance: High
Hi David
We are having issues with some users seeing a security message on our mymetrocard website that Ionata created. It’s taken us a while to figure out what is going on and it looks like it maybe a server issue. Ionata tell us they do not host the site on their server and Lyndon tells us it’s not hosted on a Snap server. Can you tell us where the server is and what it’s called? Is it Rivera or Init?
Regards
Claire
From: Lyndon Walker
Sent: Thursday, 4 July 2013 8:29 p.m.
To: [email address]
Cc: Claire Nicholls
Subject: RE: Site Certificate message
Thanks Martin
As Snap only provide us with our wide area networks and internet connection, I don’t believe that they have anyting to do with it
Could it be part of our Init equipment at Revera? Clarie?
Can you tell me the name of it?
Or another information that I would find handy
I will do a bit of research to the what where this server is
Cheers
Lyndon
From: Martin Anderson [mailto:[email address]]
Sent: Thursday, 4 July 2013 6:39 p.m.
To: Lyndon Walker
Cc: Claire Nicholls
Subject: Re: Site Certificate message
Hi Lyndon
Regarding the report you that you provided. We don't actually manage the web server.
I believe Snap provides the server itself. We don't have an SLA with ECAN covering server maintenance.
We installed the certificate as provided so in this case I'm not sure what else we can do.
On 1 July 2013 07:13, Lyndon Walker <[email address]> wrote:
Claire
The way the certificate works is to check its validity when the site is loaded
The browser, either on the phone, laptop, tablet, pc or whatever goes out to the internet to a CA (Certificate Authority) to confirm its authenticity
This appears to be failing for these users
Does she have access to a PC to try this on?
Martin,
We do however need to tighten up the webserver itself, she may have some fancy ssl checker software loaded which is suggesting that she doesn’t continue
See the following report
https://www.ssllabs.com/ssltest/analyze.html?d=metrocard.metroinfo.co.nz&hideResults=on
Cheers,
Lyndon
From: Claire Nicholls
Sent: Monday, 1 July 2013 9:06 a.m.
To: Lyndon Walker
Subject: FW: Site Certificate message
Morning Lyndon
Did we get anywhere with the below? I would like to solve the problem when possible.
Kind regards
Claire
From: Peter and Victoria [mailto:[email address]]
Sent: Thursday, 27 June 2013 9:20 p.m.
To: Claire Nicholls
Subject: RE: Site Certificate message
Hi Claire,
Thank you for the update. The message I sent you earlier was from our Android tablet. So I thought I would try on my Android phone, but I am getting a similar message. This time it says the security certificate has expired. My husband suggested I try rebooting the phone and clearing the cache, but I am still getting the expired message.
He has just tried to get a balance on his Android phone and is getting the same message as I got earlier today on the tablet. I attach some screen shots from his phone which may be of help.I don't feel happy using the website to pay using my credit card. If you have any other ideas, please let me know.
Thanks,
Victoria BrownHi Victoria
I’ve had our teams internally and externally have a look at why you are getting the message. At the moment you’re the only person who has experienced it. Our security certificate was updated approx. two weeks ago and it has been confirmed that it is working correctly. This means that you can ignore the message and continue to top up using a credit card, the site is secure and will work correctly.
The team have noticed that the message recognises your device as a mobile and are looking into why it would be coming up on a mobile device.
One reason that has been mentioned to me a few times is that it could be that your computer security settings. They could be very high and restrictive and this may be why you are getting the message when the security licence is completely fine.
We are still looking into why it has shown up on your screen, I just wanted to give you an update this afternoon. In the meantime please feel free to ignore the message and continue to use the site.
Kind regards
Claire
<image001.png>
PO Box 345, Christchurch 8140, New Zealand
Customer Services: 0800 324 636
<image002.png><image003.png><image004.png>Claire Nicholls
Operations AdministratorPassenger Services Team
Environment Canterbury
[mobile number]
[email address]<image005.png>
<image007.png>
From: Peter and Victoria [mailto:[email address]]
Sent: Thursday, 27 June 2013 9:12 a.m.
To: Claire Nicholls
Subject: Site Certificate message
Hi Claire,
Here's the message I got when I tried to login to top up my son's metro card. I do not work for an organisation, I'm just a stay-at-home-mom!
Thanks for your help.
Victoria BrownThe site's security certificate is not trusted!
You attempted to reach metrocard.metroinfo.co.nz, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications.
You should not proceed, especially if you have never seen this warning before for this site.
Proceed anyway Back to safety
Help me understand
When you connect to a secure website, the server hosting that site presents your browser with something called a "certificate" to verify its identity. This certificate contains identity information, such as the address of the website, which is verified by a third party that your mobile device trusts. By checking that the address on the certificate matches the address of the website, it is possible to verify that you are securely communicating with the website you intended and not a third party (such as an attacker on your network).In this case, the certificate has not been verified by a third party that your mobile device trusts. Anyone can create a certificate claiming to be whatever website they choose, which is why it must be verified by a trusted third party. Without that verification, the identity information in the certificate is meaningless. It is therefore not possible to verify that you are communicating with metrocard.metroinfo.co.nz instead of an attacker who generated his own certificate claiming to be metrocard.metroinfo.co.nz. You should not proceed past this point.
If, however, you work in an organisation that generates its own certificates and you are trying to connect to an internal website of that organisation using such a certificate, you may be able to solve this problem securely. You can import your organisation's root certificate as a "root certificate", and then certificates issued or verified by your organisation will be trusted and you will not see this error next time you try to connect to an internal website. Contact your organisation's help staff for assistance in adding a new root certificate to your mobile device.