I have used FQs ssl for years without a hitch, but now that I have a spiffy new notebook with IE 6 on it, I get a warning when I try to access my secure order page.

The warning says:

"The name on the security certificate is invalid or does not match the name of the site"


When I click "View Certificate", I get:

"Issued To: *.MerchantQuest.net"


The URL of my page is at:

https://xlowrisk.merchantquest.net/cgi-bin/sgx2/shop.cgi?page=rbi.html


Any ideas?


best regards,
Jeff

Hello Jeff,

Visitors visiting your site with differing Browsers probably have been seeing that Warning for quite some time. I just visited in Mozilla RC-1 and IE 5.5 and neither prompted the warning. However when clicking on the Lock Icon I can see that the Certificate has been issued to MerchantQuest.

The fact that Only the domain listed on the Certficate can be confirmed, which is MerchantQuest is documented in this Tutorial:
http://www.aota.net/E-Commerce/owncert.php4
Remember, if you do not have your own certificate, your customers will not be able to confirm that they are doing business with your company. For example, if you use the shared server certificate offered by FutureQuest, the only thing that can be confirmed by the customer is that FutureQuest® is who they claim to be.

I hope this helps,
Bob

This is normal for the shared certificate. Perhaps IE didn't give you warnings for versions prior to 6, however, Netscape has been giving that type of warning for quite some time.


To avoid this type of warning, you would need to purchase your own private certificate which matches your domain name.

Bob, Sheila,

Thanks for the headsup. I thought that " *.merchantquest.net" would cover "xlowrisk.merchantquest.net."

I guess I need to go get a certificate. Is there any real difference between Verisign, Thawte, and Equifax?


Jeff

I thought that " *.merchantquest.net" would cover "xlowrisk.merchantquest.net."

It should. I also use IE6 and do not get this warning. I do notice that you have your script in the cgi-bin rather than the sgi-bin, though. Do you still get the warning when you link directly to your guarantee page:

https://xlowrisk.merchantquest.net/rbi-guarantee-secure.htm

Is there any real difference between Verisign, Thawte, and Equifax?

The only real differences are price, the number of browsers supported, and the perceived/actual amount of trust your visitors place in the above companies. Verisign and Thawte will cover the largest number of browsers but the actual numbers will vary as each CA's root certificate expires from year to year and from browser to browser.