Security Certificate Alerts on Whatever — Don’t Panic!

Every once in a while I get an email or other notification from someone about their browser (usually Chrome but occasionally Firefox) warning them that Whatever is insecure and asking them if they really want to continue onto the site. In the interest of quelling concerns and also not having to write this up every single time it happens, let me tell you what’s going on.

1. Whatever is housed on WordPress’ VIP service (and happily so) at scalzi.wordpress.com; the address whatever.scalzi.com maps there.

2. Whatever’s security cerificate, however, is to the wordpress.com domain, not the scalzi.com domain.

3. So, if you’re directing your browser to use https, it may throw up a warning letting you know the domain doesn’t match.

So, the URL isn’t being hijacked — unless you see on the warning page that the security certificate is going somewhere other than wordpress.com.

I’ll look into seeing what can be done about figuring this out. In the meantime, if you are getting these warnings, here’s what you can do.

1. Use “http” rather than “https” when you put in the URL (note this is nominally insecure) and you’ll be taken to Whatever without fuss.

2. If you see the security certificate for the site is from wordpress.com, go to the advanced settings and click through, it’ll be fine (and your browser will probably remember your preference in the future).

3. Alternately, if you use https, substitute “scalzi.wordpress.com” for “whatever.scalzi.com” and you’ll be taken to Whatever without any security alerts. Note that once you’re there, the URL will show up as “whatever.scalzi.com.” Mapping is wacky. This works for sub-urls as well (direct links to entries, etc). Update: Note that IT folks in the comments say that when you’re punted back to whatever.scalzi.com, you’re being sent back to the site without https enabled.

Update: 4. Another option I just enabled it to access Whatever via a shared SSL Encryption setup. The URL to use is: https://ssl.perfora.net/whatever.scalzi.com (it will also work with individual entry URLs). Note using this will strip out insecure elements of the page (usually things like embedded media).

Hope this helps.

Bart Blauser, RIP

I’d like to take a moment here to note the passing of Bart Blauser, who was Krissy’s uncle, earlier this month, and whose life we celebrated yesterday at a memorial service with family and friends. Pretty simply, Bart was a fine example of “salt of the earth”: A good and decent man who loved his family and friends, enjoyed working the soil in his garden and farm, who worked hard and who, in my experience, treated everyone with kindness and friendliness. He also threw an excellent July 4th party every year, complete with pig roast, volleyball and a late night fire, around which people would gather and bring guitars.

There’s more to him than those things, of course, but those things are enough to give you a glimpse of why there is one less good man on the planet, who was loved, and who will be missed. May his spirit rest well.