January/February 2019 issue of acmqueue The January/February 2019 issue of acmqueue is out now

Subscribers and ACM Professional members login here

Web Security

  Download PDF version of this article PDF

Error 526 Ray ID: 4cd0ea574e502192 • 2019-04-25 14:13:03 UTC

Invalid SSL certificate








What happened?

The origin web server does not have a valid SSL certificate.

What can I do?

If you're a visitor of this website:

Please try again in a few minutes.

If you're the owner of this website:

The SSL certificate presented by the server did not pass validation. This could indicate an expired SSL certificate or a certificate that does not include the requested domain name. Please contact your hosting provider to ensure that an up-to-date and valid SSL certificate issued by a Certificate Authority is configured for this domain name on the origin server. Additional troubleshooting information here.


Originally published in Queue vol. 12, no. 8
see this item in the ACM Digital Library



Paul Vixie - Go Static or Go Home
In the end, dynamic systems are simply less secure.

Axel Arnbak, Hadi Asghari, Michel Van Eeten, Nico Van Eijk - Security Collapse in the HTTPS Market
Assessing legal and technical solutions to secure HTTPS

Ben Laurie - Certificate Transparency
Public, verifiable, append-only logs

Christoph Kern - Securing the Tangled Web
Preventing script injection vulnerabilities through software design


(newest first)

Mike Schwartz | Tue, 14 Jul 2015 20:20:05 UTC


This is in regard to (the word "connectively" in) the paragraph [at http://queue.acm.org/detail.cfm?id=2668966 ] that says

(((( Events took an unexpected turn when Pakistan Telecoms bogus BGP announcement leaked out of Pakistan. PCCW, a large IP that provides global network connectively to Pakistan Telecom, received the bogus routing announcement, selected the bogus route, and announced it to its own neighbors. Because the bogus route was for a longer prefix (/24) than the legitimate route (/22), longest-prefix-match routing meant the bogus route was always more preferred by the legitimate route, and within minutes, at least two-thirds of the Internet was sending its YouTube traffic to Pakistan.2 The incident was eventually resolved via manual intervention of network operators at YouTube, PCCW, and other ISPs worldwide. )))).

Before I even finish typing this, my [Chrome] browser is already providing a wiggly red under-lining, for the word "connectively" -- as well as for some acronyms, and other strings that are (apparently) absent from its "spell-check" dictionary.

The word "connectively" is probably wrong, and my guess is that it should be "connectivity" -- which is a word often preceded by the modifier "network".

Just "FYI".

Mike Schwartz [email protected] Glendale AZ

Russ White | Fri, 12 Sep 2014 13:33:57 UTC

BGPSEC won't solve the problems given here -- it doesn't actually defend against leaks. BGPSEC tries to encode transitive trust and policy into the AS Path, both of which are very poor ideas. To make matter worse, BGPSEC is completely and totally undeployable in the real world (unless, of course, you intend to replace every router in the Internet to get security), and actually exposes new security holes (such as exposing not only which AS signed the update, but the actual router that signed the update).

There are better ideas out there, but the IETF community isn't listening. Once governments got involved and "chose a solution," technical discussion was shut down.

Leave this field empty

Post a Comment:

© 2018 ACM, Inc. All Rights Reserved.