Customers logging into "secure and efficient payment service" Sage Pay this morning were served up an error message saying that the site could not be trusted, and didn't have a valid security certificate. SSL certificate error message, credit: screengrab Looks like someone forgot to renew the site's SSL certificate – which …
To be fair the live.sagepay.com domain, which processs all payments, is under a different certificate, so this would have only affected their portal.
someone outside the company
outsourcing gives you someone to blame whose training you are not responsible for
How can it possible have "no effect on our customers"? Are they suggesting that their customers should ignore failed certificate validation?
> Are they suggesting that their customers should ignore failed certificate validation?
Please type in your password here: _
Stupidity training at its best.
Read Jeff's comment.
ah, load balancers
Especially ones not managed by the same folks that manage the webservers themselves.
This raises a question to which I'd appreciate frank, brutal or even silly answers: If you have load balancers and provide SSL connections, do you use the same CA-issued certificate on both your load balancers and your backend web servers? Or do you only install the CA-issued certificate on your load balancers and use internal-CA-signed certificates internally? The downside being having to manage additional certificates, and the upside being that your internal certificates can be issued for 10 years and as long as they don't all expire on the same day, while you may run degraded for 30 minutes if one of your servers is taken out of the pool, you won't go down hard.
Re: ah, load balancers
Typically you'd just install the certificate on the reverse proxies (acting as both load balancers and failover) and then skip SSL encryption between the reverse proxies and application servers since you are already inside a closed network, usually just transfering TCP packages between the DMZ and application server network through the firewall. This saves the SSL encryption overhead and enables you to geek away with content caching options on the RP's as well.
Ah, that ol' chestnut...the third party supplier was it? Yeeeeesssss, of course it was.
It is minor issue, which has no impact on our customers.
WTF - not trading has a massive impact on their customers, perhaps they forget who their customers are and who makes them their money
What? Money comes from customers?
What? Money comes from customers?
Surely money is generated through procedures!
Wait for it
A wise Sage once said.....
They're not the only ones with certificate issues just now
I run a nagios check which tells me how many days remain on my SSL certificate on any particular host.
Just what I want my customers receiving, the good old "Abandon All Hope Ye Who Enter" page.
> We currently have a valid and in-date SSL certificate and are working with our hosting company to replace the expired certificate on our site.
Valid Since: 26/04/2012 00:00:00 GMT
Well, yeah, sure, you renewed the certificate in advance and just forgot to install it.
- Vid Hubble 'scope snaps 200,000-ton chunky crumble conundrum
- Updated + vids WHOA: Get a load of Asteroid DX110 JUST MISSING planet EARTH
- 10 years of Facebook Inside Facebook's engineering labs: Hardware heaven, HP hell – PICTURES
- Very fabric of space-time RIPPED apart in latest Hubble pic
- Massive new AIRSHIP to enter commercial service at British dirigible base