cs-cart login site certificate bad

[size=3][font=arial, helvetica, sans-serif]I recieved email from sales@cs-cart.com stating “A critical vulnerability has been discovered and fixed in CS-Cart 1.3.5 and 2.x.x.” When I try to login to the help desk to get the fix. I get a message about [/font][/size][size=3][font=arial, helvetica, sans-serif] a problem with this website's security certificate. I tried from several different browsers, and get same type of message. So is the email bogus about the critical vulnerability or cs-cart site just having problems with there ssl certificate?[/font][/size]

[size=3][font=arial, helvetica, sans-serif]Thanks for any info,[/font][/size]

[size=3][font=arial, helvetica, sans-serif]David[/font][/size]

All legit on my end.



I have done a little more testing.

I get the certificate error in ie 8 and safari 5. fire fox is ok.

firefox shows a certificate with valid dates of 4/14/2011 to 4/14/2012 ie 8 and safari show valid dates of 5/31/2010 to 5/31/2011

I have cleared safari cache (Edit > Empty cache)

Also the ie cache (Tools > internet option > General tab > Browsing history delete)

I get a certificate error in FF (wants me to create an exception). I informed helpdesk and they said:


Thank you for contacting us.

The problem may be caused by the fact that you use the old url of our Help desk system: https://helpdesk.cs-cart.com

Please use the new one: [url=“My account -”]https://cs-cart.com/helpdesk[/url]


Using the old URL should just do a redirect and it should use the cert of the redirected to site.

If I use the “new one” above, it redirects to My account - which also wants a cert exception!


[quote name='tbirnseth' timestamp='1333598630' post='134342']

I get a certificate error in FF (wants me to create an exception).


It seems it is the problem with Firefox itself. Some Firefox users get the same error even on paypal.com and other popular websites:

[url=“I get error about invalide security certificate | Firefox Support Forum | Mozilla Support”]http://support.mozilla.org/en-US/questions/666001[/url]

By the way, The Tool provided a screenshot above and it was made in FF, if I am not mistaken.

Me personally do not get an SSL error in my Firefox browser (v9.0.1), when I visit https://www.cs-cart.com/helpdesk.

Please, try to clear the browser cache and delete cookies for 'cs-cart.com' in your FF and see if it helps.

Also, use this URL to check your HTTPS connection to cs-cart.com - [url=“https://www.cs-cart.com/store_closed.gif”]https://www.cs-cart.com/store_closed.gif[/url]

Let us know the result.

Old or new URL get certificate error in winxp version's of ie and safari. I tried from my adroid phone and get the error also.

The new url still shows the certificate from the old URL. Maybe that has something to do with it.





I believe it's due to CS-Cart having client redirects from My account - to http://helpdesk.cs-cart.com (new).

I get the warning in IE8
There is a problem with this website's security certificate.

The security certificate presented by this website has expired or is not yet valid.
The security certificate presented by this website was issued for a different website's address.
Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.
We recommend that you close this webpage and do not continue to this website.
Click here to close this webpage.
Continue to this website (not recommended).
More information

If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.
If you choose to ignore this error and continue, do not enter private information into the website.
For more information, see "Certificate Errors" in Internet Explorer Help.

I don't have this issue with other sites so I doubt it is my browser.

Not my issue, just trying to make you aware of problems someone might have when going to cs-cart.com for an SSL page.

They're your customers you're scaring away, not mine.

If you didn't use an outside payment system for payments, I certainly wouldn't purchase from an https site where the certificate failed.

But it seems that you've resolved it now anyway.

Thank you all for letting us know that you see the 'invalid SSL certificate" warnings and in what browsers.

We will continue examining this issue with our SSL certificate.

We will ask you to check it in your browsers again, if you do not mind, when we finish.

Thank you.

I just check with ie and safari and it is now working.


[quote name='dsdewitt' timestamp='1333977621' post='134537']

I just check with ie and safari and it is now working.


Thank you for letting us know. Unfortunately, some website visitors still see the invalid certificate error on www.cs-cart.com. We know the reason and we are working on it.

Thank you for your patience.

Lantan, do hope you share the cause and solution with us so we can all learn from it.

Hello all,

It seems we have found out the reason for the 'expired certificate' error. The expired certificate was on helpdesk.cs-cart.com (we no longer use this domain), not on www.cs-cart.com, but some browsers that did not fully support SNI ([url=“Server Name Indication - Wikipedia”]http://en.wikipedia.org/wiki/Server_Name_Indication[/url]) retrieved an SSL certificate from the old domain. We have adjusted our server settings to shut helpdesk.cs-cart.com down completely.

I would like to ask you all who saw the 'expired certificate' error to open the following URL in your browsers once again:

My account -

Please let us know the result.

Thank you in advance.

Works fine in IE 8

No more ([color=“#660066”]There[/color] [color=“#000088”]is[/color][color=“#000000”] a problem [/color][color=“#000088”]with[/color] [color=“#000088”]this[/color][color=“#000000”] website[/color][color=“#008800”]'s security certificate[/color])