L.S.,

I use a shopping cart system called uShop. This is a java based shop with several classes.
Since 4 years I have this shop running at an other SSL server. Now I moved
to Powweb and have a lot of problems to get this shop to run.
I wrote several emails to Powweb support, but I think they don't understand my problem. Anytime I get an other answer like; "you have to use your https address, there are false links in the site etc". Of course these kind of answers
I am not looking for.

The problem comes with calling the classes and sending encrypted information. I get error messages telling that the website is not secure.
Has anybody the same problem and maybe solved it?

The Error message sounds like:
The security certificate was issued by a company that is not trusted.
The name of the website is not the same as on the certificate *.secure.powweb.com and so not trusted by Equifax.

At my former ISP (http://www.scartserver.com) I had the ability to use a cgi wrap address and this worked fine.

URL?

My guess is that you are using a URL of the form https://example.com/ where instead it should be https://examplecom.secure.powweb.com/

I undressed my site till just the shoppingcart class. You can read the source code.

https://typicallydutchbiz.secure.powweb.com/typicallydutch.biz/testsecure/bollen01.htm

regards
riksen

I don't get a browser warning with your site the way it is now.

I don't get a browser warning with your site the way it is now.I did. I think it has to do with browser settings. At least that's how it appears.

I don't think it has to do with browser settings. I tried in both IE and Firefox, and the SSL certificate was fine, as I would expect it to be. The domain is typicallydutchbiz.secure.powweb.com and that matches *.secure.powweb.com.

I don't understand half of what I know about SSL, but when I used the link provided by riksen I did get the warning about the certificate. I checked using FireFox .9 and IE 6.

Dear fellows,

This site was running for 4 years without any problems.
Should it be now the browsersettings? How shall I explain
my customers to change their settings?

I think it has to do with *.secure.powweb.com for this is
the only part that has changed.

regards

Very strange. Those of you who get the warning, what exactly does it say the problem is? And what do you see on the page?

Here's a couple of screen shots of what I see in FireFox

The SSL Error (http://www.rccomputer.net/stuff/ssl_error.jpg)

Page after accepting cert (http://www.rccomputer.net/stuff/ssl_error2.jpg)

I don't understand half of what I know about SSL, but when I used the link provided by riksen I did get the warning about the certificate. I checked using FireFox .9 and IE 6.I tried the site in Opera 7.23, Netscape 7.1, Firefox .9, IE6 and Mozilla 1.7 and all worked fine for me - accepted the certificate as being correct. Installations are the default level of security on all browsers.

I would say that those of you having problems have corrupted root CA certificates in your browsers. Do you see the same problem in OPS?

I would say that those of you having problems have corrupted root CA certificates in your browsers. Do you see the same problem in OPS?
I have no problems with any other SSL sites on Powweb. And I doubt that all of my browsers (5) would have the same problem.

Dear all,

I didn't got the warnings as my shopping cart runned at http://www.scartserver.com, but appears as I placed the shop on Powweb. So with the same browser IE6 no problems at SSL scartserver.com and security problems at SSL Powweb.com. It is not a problem of the browser for this is the same one (IE6). I think all other browsers are very good ones (Morzilla, Netscape or Opera), but 96% on the internet is using IE5 or 6. So this is the only important browser for me as shopowner. I think it is dealing with the *.secure.powweb.com link as the error message tells.

There is something odd about your page that is causing this. My own store uses the same SSL method without problems. Try my Cheshire Garden link below and click on "Sign In" - see if you get a warning.

That said, I don't get a warning for your page using either Firefox or IE6.

Steve,

I can sign into your store with no problems, no SSL error at all. This is using the same FireFox .9 as before.

Oh, I wonder if it's something in the Java Runtime Environment people have loaded on their system.... The use of Java is the only odd thing I see here, and I think that message you see is coming from Java.

I tested in IE and saw the Equifax error box appear, requiring me to accept in order to continue. I tested in Mozilla Firebird (yes, that one is still on this desktop, but Firefox is on another) and got a message to install Java plug-in (which I had not bothered to install) to verify that this is the culprit. I was directed to a page to buy light bulbs without seeing the Error message.

But why it runs without errors on my former ISP and with this error messages at powweb.com? With the same browser and desktops? Four different desktops I tried.

regards

I see the message at the bottom "Loading Java Applet Failed". I never tried installing a Java applet on a secure server since I never had the need to do so.

Your applet still has the APPLET tag and was not converted to the updated Java code to use the OBJECT tag. This was done during the Sun Java plugin vs. Microsoft JVM plugin war of 2003 when Microsoft no longer wanted to support Java.

You may want to update your code to see if this helps.
http://java.sun.com/products/plugin/1.3/docs/tags.html

Thanks for your remark. I changed the code, but got the same error/ warning. It is not that the applet doesn't work for I changed the codebase to the not SSL address and it works fine. Its a security matter.
Have a look:
http://www.typicallydutch.biz/testsecure/bollen01.htm

As I had mentioned earlier, I had not tried to use an applet with a secure server and actually suspected this to be the problem. But we must eliminate the other possible causes first. I see that the insecure version works correctly.

We had to be careful about correctly programming code to pass variables from insecure to secure servers. You have an applet class uShopInputMenu.class with the codebase http://www.typicallydutch.biz/classes which are both insecure. Did you have the applet class uShopInputMenu.class with a secure codebase for the secure address?

All links are/ were secure and as I told this site was running for four years without problems. By moving to powweb I just changed the links to typicallydutchbiz.secure.powweb.com etc.

The problem seems to be that some users' systems have an old version of the Java Runtime Environment which does not have built in the recognition of Equifax as a CA (Certificate Authority). Equifax has been a CA and in browsers for several years, I think.

The idea of a shopping cart in Java gives me the shivers - lots of people will refuse to load Java. You can try updating your JRE at www.java.com

SteveL,

You were right. I updateted my JRE to 1.4.2 and got no error messages anymore.

So the problem is that Equifax is not built in the former JRE. I must perhaps think about a PHP or perl shopping system, for I don't know how many "customers" have an old JRE running, because I uses the newest and updated XP prof. and IE6 + packs.

Thanks a lot to all participants
riksen

The idea of a shopping cart in Java gives me the shivers - lots of people will refuse to load Java

I thought the same thing. We have created both Perl and PHP shopping carts with or without a database. Credit card companies can be specific about the security of a website. If your payments are not securely handled, the credit card company may ask you to change your code before you can accept payments from them. A few years ago, a client asked me to create a shopping cart for him since his old website was not acceptable for accepting payments!