SSL Certificates

September 14th, 2017
Gwyn Headley

by Gwyn Headley

Managing Director

Firstly, many apologies for the lack of fotoLibra service over the past few days. The good news is that everything is now back up and running as it should be.

The problem was with our SSL Certificate. An SSL Certificate is a cryptographic protocol that provides security over a computer network. Websites use SSLs to secure communications between their servers and web browsers. Without a valid SSL Certificate you wouldn’t be able to access a website — unless you ignored a string of increasingly dire warnings.

We have automatically renewed our SSL Certificate every two years for the past fourteen years. This year we paid for the renewal on August 25th. Unfortunately our service provider 123-Reg changed their certifying authority from Globalsign to an American company, without notifying us. An email from this unknown new company, Starfield Technologies, demanding sensitive corporate data, went straight into trash.

When we eventually checked with our service provider we were told the email wasn’t spam, it was actually from a legitimate company, despite its very iffy write-up in Wikipedia. In order to verify our SSL Certificate Starfield demanded from us a letter of attestation signed by a lawyer, and an invoice from an outside supplier verifying our telephone number.

How many invoices do you get with YOUR telephone number printed on them? Right — just one, if any; from your phone supplier; BT in our case.

The American company rejected the bill from BT because they had made it out to VisCon Pro Ltd, not to fotoLibra’s holding company VisConPro Ltd. An errant space was sufficient for disqualification.

They rejected our letter of attestation because it was signed by a solicitor, not a lawyer. Americans, eh?

They were not at all interested in the fact that all our corporate data is freely available from Companies House, presumably because Companies House is not yet totally under American control.

Because these verification letters did not meet their demands, this foreign company had the ability to pull the plug on our certification. And so they did. Despite their failure to comprehend our valid credentials, they ensured we were unable to trade for five days.

Do we get recompense? Maybe, if we had phalanxes of highly trained American lawyers. But we don’t.

So once again, please accept our apologies for this downtime. I hope it won’t happen again.


Add your comment


10 Responses to “SSL Certificates”

  1. First, I sympathise with you over anything of this nature that interferes with your ability to conduct business.

    That said, and to be fair to Americans (I am married to one, so I am prickly about generally-phrased adverse comments about them) – any country requiring certification would want it from a notary public, not from a solicitor, wouldn’t it?

    Notaries are by definition internationally recognised. Solicitors are not.

    And some documents, countries require an apostile given under The Hague Convention. Getting that quickly would have been fun.

    And you can’t blame the US company because your provider names you incorrectly, can you – not when they are providing you with what amounts to a certificate of trustworthiness? Not when that is the exact purpose of the exercise?

    Had you got your SSL cert from Symantec, you would be in a more problematic position. Google (and Mozilla) will start ‘marking as untrusted’ all existing Symantec SSL certificates from October 2018. And the Symantec brand includes GeoTrust, Thawte, RapidSSL and VeriSign. It’s a lot of certificates. You can read about the accusations of fraud – just google ‘Google Chrome vs. Symantec’.

  2. John Cleare says:

    I have every sympathy.
    I too have just been out of action with a push-button that wouldn’t push but required an expensive IT engineer to fix.

    Life was so much simpler before the world went digital, the internet was invented and poisonous social media materialised.

    Let’s go back to painting on cave walls and sending messages in a cleft stick.

  3. Derek Metson says:

    I just clicked ‘Connect despite the warnings’ and got on with it. I don’t allow computers to rule me unless I can avoid it. It’s happened several times using Firefox on perfectly reputable sites. My car’s computer often tells me to go up a gear when the road ahead says I should be going down. I drive the cart – not the computer!

  4. Derek Metson says:

    Cart? try ‘car’

  5. Frank Gorny says:

    f you think this is bad, have a look at the new Sonos privacy statement and what information they plan to collect from your wifi speaker! Seems to be every thing except your inside leg measurement – or maybe I just did not read that far in the T&C’s
    I, too, just ignored the warning for the fotoLibra website, and connected anyway. Our server keeps popping up an error message on our screens now in Japanese. Having managed to get it translated, it is telling us it can’t get any error information. Shades of the windows error message “Keyboard error – press any key to continue” Looney!

  6. Mark Goodwin says:

    I do sympathise Gwyn, I have been with 123-Reg also for many years and lately they are becoming a pain in the proverbial.

    One of the products I have with them is 3 different email addresses, this year without notice I notice in my PayPal account that 123 – Reg had taken out 3 x £40 odd pounds! When I rang to enquire why they had taken so much for three measly email addresses, I was told that “Ah…yes.. the reason your email address has doubled in the last year is because we have doubled your server space for each address”. I said I didn’t request that, I was happy with what I had, they said “Sorry but we have done it across the board to all email address owners!” I said don’t care change it back, they said they couldn’t but they would give me three months free for each address.
    What’d yer do?

  7. tim gartside says:

    hate 123! I had a domain with them I did not require anymore so let it lapse and ignored the emails. Apparently they do an auto renew-great for some but not when you are unaware. Got letters from grubby debt recovery agency. Had to write a strongly worded letter, threatening court action etc and even threw in an invoice for my wasted time. All got sorted very quickly after that but they kindly pointed out they did not recognise my invoice!!

  8. John Strain says:

    “They rejected our letter of attestation because it was signed by a solicitor, not a lawyer. Americans, eh?”

    I love that. Americans have a different meaning for solicitors.

  9. Derek Metson says:

    Nowhere else you can get an SSL from??