Archive for September, 2017

SSL Certificates

September 14th, 2017
Gwyn Headley

by Gwyn Headley

Managing Director

Firstly, many apologies for the lack of fotoLibra service over the past few days. The good news is that everything is now back up and running as it should be.

The problem was with our SSL Certificate. An SSL Certificate is a cryptographic protocol that provides security over a computer network. Websites use SSLs to secure communications between their servers and web browsers. Without a valid SSL Certificate you wouldn’t be able to access a website — unless you ignored a string of increasingly dire warnings.

We have automatically renewed our SSL Certificate every two years for the past fourteen years. This year we paid for the renewal on August 25th. Unfortunately our service provider 123-Reg changed their certifying authority from Globalsign to an American company, without notifying us. An email from this unknown new company, Starfield Technologies, demanding sensitive corporate data, went straight into trash.

When we eventually checked with our service provider we were told the email wasn’t spam, it was actually from a legitimate company, despite its very iffy write-up in Wikipedia. In order to verify our SSL Certificate Starfield demanded from us a letter of attestation signed by a lawyer, and an invoice from an outside supplier verifying our telephone number.

How many invoices do you get with YOUR telephone number printed on them? Right — just one, if any; from your phone supplier; BT in our case.

The American company rejected the bill from BT because they had made it out to VisCon Pro Ltd, not to fotoLibra’s holding company VisConPro Ltd. An errant space was sufficient for disqualification.

They rejected our letter of attestation because it was signed by a solicitor, not a lawyer. Americans, eh?

They were not at all interested in the fact that all our corporate data is freely available from Companies House, presumably because Companies House is not yet totally under American control.

Because these verification letters did not meet their demands, this foreign company had the ability to pull the plug on our certification. And so they did. Despite their failure to comprehend our valid credentials, they ensured we were unable to trade for five days.

Do we get recompense? Maybe, if we had phalanxes of highly trained American lawyers. But we don’t.

So once again, please accept our apologies for this downtime. I hope it won’t happen again.

Share