Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Security warning on Verizon server [Telecom]

3 views
Skip to first unread message

Telecom digest moderator

unread,
Oct 22, 2009, 10:34:07 PM10/22/09
to
I just tried to access https://www.verizon.com/ . I got an error message, saying that
"The certificate is only valid for a248.e.akamai.net". Anyone else have this result?

Bill
--
Bill Horne
Moderator

Gene S. Berkowitz

unread,
Oct 23, 2009, 1:30:54 AM10/23/09
to
In article <20091023023...@telecom.csail.mit.edu>,
telecomdigestmode...@telecom-digest.and-this-too.org
says...

> I just tried to access https://www.verizon.com/ . I got an error message, saying that
> "The certificate is only valid for a248.e.akamai.net". Anyone else have this result?
>
> Bill

Yes, I get the same error.

Issuer: GTE CyberTrust Global Root
Issued to: a248.e.akamai.net

--Gene

Tony Toews [MVP]

unread,
Oct 22, 2009, 11:57:31 PM10/22/09
to
Telecom digest moderator
<telecomdigestmode...@telecom-digest.and-this-too.org> wrote:

>I just tried to access https://www.verizon.com/ . I got an error message, saying that
>"The certificate is only valid for a248.e.akamai.net". Anyone else have this result?

Yes, I get a similar message in both IE and FireFox. However if I click continue
anyhow it takes me to www22.verizon.net. As does http://www.verizon.net.

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/accsmstr.htm
Tony's Microsoft Access Blog - http://msmvps.com/blogs/access/
For a free, convenient utility to keep your users FEs and other files
updated see http://www.autofeupdater.com/
Granite Fleet Manager http://www.granitefleet.com/

David Clayton

unread,
Oct 23, 2009, 1:52:04 AM10/23/09
to
On Thu, 22 Oct 2009 22:34:07 -0400, Telecom digest moderator wrote:

> I just tried to access https://www.verizon.com/ . I got an error message,
> saying that "The certificate is only valid for a248.e.akamai.net". Anyone
> else have this result?
>

Yes, either the DNS address for that site has been hijacked or the
webmaster at Verizon has a big configuration problem - probably the latter
given that this works:

https://www22.verizon.com/

--
Regards, David.

David Clayton
Melbourne, Victoria, Australia.
Knowledge is a measure of how many answers you have, intelligence is a
measure of how many questions you have.

John Levine

unread,
Oct 23, 2009, 12:13:49 PM10/23/09
to
In article <20091023023...@telecom.csail.mit.edu> you write:
>I just tried to access https://www.verizon.com/ . I got an error message, saying that
>"The certificate is only valid for a248.e.akamai.net". Anyone else have this result?

It's just a configuration error. Akamai is a giant content delivery
network that lots of big web sites use to host the static parts of
their content. There's nothing at all odd about Verizon's home page
being hosted at Akamai.

R's,
John

***** Moderator's Note *****

I understand Akamai's role, but it seems odd that Verizon would allow
such an error to happen while it tries to position itself as a data
delivery company.

Bill Horne
Moderator

Steven

unread,
Oct 23, 2009, 1:48:39 PM10/23/09
to
Telecom digest moderator wrote:

> I just tried to access https://www.verizon.com/ . I got an error
> message, saying that "The certificate is only valid for
> a248.e.akamai.net". Anyone else have this result?

I get the same, just click OK and it connects. Must be some kind of
link. Try www.verizon.net, the following link you used just forwards
to the net address: https://www.verizon.com.

--
The only good spammer is a dead one!! Have you hunted one down today?
(c) 2009 I Kill Spammers, Inc., A Rot in Hell. Co.

tlvp

unread,
Oct 23, 2009, 10:24:58 PM10/23/09
to
On Fri, 23 Oct 2009 12:13:49 -0400, John Levine <jo...@iecc.com> wrote:

> In article <20091023023...@telecom.csail.mit.edu> you write:
>> I just tried to access https://www.verizon.com/ . I got an error
>> message, saying that "The certificate is only valid for
>> a248.e.akamai.net". Anyone else have this result?
>

> It's just a configuration error. ...
>
>--- [snip] ---


>
> ***** Moderator's Note *****
>
> I understand Akamai's role, but it seems odd that Verizon would
> allow such an error to happen while it tries to position itself as a
> data delivery company.

I guess VZ Brand Identity and VZ Tech only rarely compare notes ... .

Cheers, -- tlvp
--
Avant de repondre, jeter la poubelle, SVP

David Clayton

unread,
Oct 24, 2009, 1:39:48 AM10/24/09
to
On Fri, 23 Oct 2009 10:48:39 -0700, Steven wrote:

> Telecom digest moderator wrote:
>
>> I just tried to access https://www.verizon.com/ . I got an error
>> message, saying that "The certificate is only valid for
>> a248.e.akamai.net". Anyone else have this result?
>
> I get the same, just click OK and it connects. Must be some kind of link.
> Try www.verizon.net, the following link you used just forwards to the net
> address: https://www.verizon.com.

When you get a certificate for a SSL web server the domain name in the
cert *must* match the domain of the site you are going to, else you get
that mismatch error message.

There is probably a "master" web server for the Verizon domain that load
shares the incoming requests by redirecting to other web sites that do the
actual work, and someone probably has made some changes and forgot to set
up the correct cert for that initial site.

In general you should *never* ignore that sort of error, as it may
indicate a hijacked web site just waiting to steal your banking details
etc.

Robert Bonomi

unread,
Oct 24, 2009, 2:03:30 PM10/24/09
to
In article <20091023023...@telecom.csail.mit.edu>,

> I just tried to access https://www.verizon.com/ . I got an error
> message, saying that "The certificate is only valid for
> a248.e.akamai.net". Anyone else have this result?

Despite appearances, this is a non-issue. 'akamai.net' is a
_well-known_ provider of large-scale distributed web-page delivery.
They have server farms "everywhere" (both geographically, and 'on net'
at most major connectivity providers) and "automagically" direct a
query for a page for one of their customers to the server 'nearest'
the query source. This allows for servicing truly _enormous_ numbers
of requests, and for providing fast response to page requests.

Getting SSL certificates 'right' in that environment is _really_
messy.

***** Moderator's Note *****

If it's too messy, they shouldn't try to do it. A server which is
configured to deliver a default certificate that has no relationship
to the URL it's serving should not offer the service.

Bill Horne
Moderator

Garrett Wollman

unread,
Oct 24, 2009, 5:14:17 PM10/24/09
to
In article <E6qdnTxaWujv3H7X...@posted.nuvoxcommunications>,
Bill Horne writes:

>If it's too messy, they shouldn't try to do it. A server which is
>configured to deliver a default certificate that has no relationship
>to the URL it's serving should not offer the service.

At the time a Web server is required to identify itself by certificate
in the SSL/TLS protocol, it has absolutely no idea what URL the client
is going to request. Few servers or clients support the more recent
versions of TLS that allow the virtual host name to be negotiated (and
the servers are, as a general rule, not going to use it until the vast
majority of clients support it).

-GAWollman
--
Garrett A. Wollman | What intellectual phenomenon can be older, or more oft
wol...@bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers. | accepted by all practitioners? - S.J. Gould, 1993

***** Moderator's Note *****

Then it shouldn't have any SSL certificate at all.

Harumph!

Robert Bonomi

unread,
Oct 25, 2009, 12:32:17 PM10/25/09
to
In article <E6qdnTxaWujv3H7X...@posted.nuvoxcommunications>,

When you figure out how to make HTTPS work _without_ having a
certificate, let me know. I know people who will pay a fortune for
that know-how. :)

Truth is, _VERIZON_ *shouldn't* be using a 3rd-party network for
something that is 'sensitive enough' to call for HTTPS. But, then,
the odds are that -nothing- of the verizon content hosted on the
akamai-hosted server _is_ actually that sensitive. <wry grin>

***** Moderator's Note *****

My point is that https should _not_ work without a certificate. If the
server can't deal with an https request properly, it should refuse to
serve it. Better to not do a job than to do it half-fast.

Bill Horne
Moderator

0 new messages