Google Blogoscoped

Forum

Sb.google.com Error Message?  (View post)

Lalufu [PersonRank 1]

Wednesday, July 19, 2006
13 years ago9,381 views

It means what the message says....

someone at google has forgotten to create an appropriate certificate for sb.google.com, and has used the certificate for www.google.com instead. Firefox does not like this.

Markus Renschler [PersonRank 1]

13 years ago #

It seems that Google shares IP addresses between its services. For http this is not a problem because the web server is able to read the host header value before assigning a request to a web site. For https this is different. Here you can only set up one service per IP address because it is the only way to make the web server know to which site a request belongs (the data is in the headers, the headers are encrypted, you had to choose the right certificate to answer in order to avoid this message).

You can also try www.google.de – There you will see that the certificate belongs to google.com – and you will get goole.com (English content) although you entered google.de.

The question is: From where did you get the link? Either the link is wrong or they have not updated their configuration, yet.

Philipp Lenssen [PersonRank 10]

13 years ago #

Is this related to Google doing SafeBrowsing (SB) checks in the background with the Google Toolbar for Firefox?

Ionut Alex. Chitu [PersonRank 10]

13 years ago #

... or Firefox 2.0

William robins [PersonRank 0]

13 years ago #

Intercept communications ? Don't you have a brain!? just read the error message and use your brain if you have one and stop submitting such a shit to digg.
How Stupid-..

Philipp Lenssen [PersonRank 10]

13 years ago #

William's rambling must be referring to this Digg submission made by Ianklaric :)

digg.com/security/Someone_is_i ...

Sohil [PersonRank 10]

13 years ago #

I think Safebrowsing data is now sent to an encrypted connection which is sb.google.com but the securtiy certificate was for www.google.com

Firefox's built-in precaution is alerting us of that.

Try going to sb.google.com

You'll get the same error message that I saw when normally browsing.

I was using Firefox 2 Beta 1 btw.

egon [PersonRank 1]

13 years ago #

Man, you guys need to quit being so harsh. I've been getting that too. All it says is that the cert is owned by www.google, not sb.google. Not everybody knows what that means.

egon | www.AutomoBlog.net

Piotr Konieczny [PersonRank 9]

13 years ago #

A few months ago, there was exactly the same problem with GMail's certificate.

menneke [PersonRank 1]

13 years ago #

Lalufu is right, that's all there is to it, that how certificates work. Btw, Firefox on Mac OS X doesn't display this message.

James Bradbury [PersonRank 5]

13 years ago #

I ran a network trace with Ethereal while browsing, and every site I visit, FireFox does a "safe browsing" check. I only have FireFox 1.5.

Robert Marshall [PersonRank 1]

13 years ago #

Strange – from looking at the code[1], all the sb.google.com requests are supposed to be plain HTTP and not SSL. Anyway, I happened to see bug 345124[2], so I'd guess this is a server-side thing that's being seen at Google as well.

[1] lxr.mozilla.org/seamonkey/sour ...
[2] bugzilla.mozilla.org/show_bug. ...

aJ [PersonRank 1]

13 years ago #

It's a security feature in both FF and TB which informs users when security certificates do not match the domain they were sent from.
In cases like these, if you are sure that the certificate is valid for that mismatched domain, you can use the andrewlucking.com/archives/cat ... (Remember Mismatched Domains) extension for both FF and TB.

Sankar Anand [PersonRank 10]

13 years ago #

i get the same error everytime i log in to google adsense

and i am using firefox

why do i get this error in firefox ?

Andrew [PersonRank 0]

13 years ago #


Checkout the script in #2 of
zen-cart.com/forum/showpost.ph ... as this will show you that the NON-SSL javascript file is google-analytics.com/urchin.js but the SSL javascript file is ssl.google-analytics.com/urchi ... and if you use these URLs correctly then you don't get any errors or warning messages.

From what I've seen it's not well documented but this is how Google Analytics expects it to be setup so just do it that way and both IE and FF are happy in and out of SSL.

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!