Why is microsoft.com using a cert issued to akamai.net?

TheMSsForum.com: The Microsoft Software Forum

Point IE (or better browser) to:

https://www.microsoft.com/

Then laugh at the cert warning:

The name on the security certificate is invalid
or does not match the name of the site

Microsoft...Security...Ironic?!

Not to mention, akamai.net is a notorious advertiser/tracking service. This
is not good for privacy concerns.

Come-on Microsoft, certainly you can do better...please attempt to instill
some confidence in your users.
Top

Re: Why is microsoft.com using a cert issued to akamai.net? by Bill

Bill
Thu Aug 28 00:34:09 CDT 2003

Like it or not, Akamai.net is hosting a wide variety of Microsoft's
server-based services.

They have the network required.

"Lee Harvey" <leeharvey@grassyknoll.com> wrote in message
news:%23Gv3W7ObDHA.1872@TK2MSFTNGP12.phx.gbl...
> Point IE (or better browser) to:
>
> https://www.microsoft.com/
>
> Then laugh at the cert warning:
>
> The name on the security certificate is invalid
> or does not match the name of the site
>
> Microsoft...Security...Ironic?!
>
> Not to mention, akamai.net is a notorious advertiser/tracking service.
This
> is not good for privacy concerns.
>
> Come-on Microsoft, certainly you can do better...please attempt to instill
> some confidence in your users.
>
>


Top

Re: Why is microsoft.com using a cert issued to akamai.net? by Lee

Lee
Thu Aug 28 08:56:58 CDT 2003

"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:uLpx$XSbDHA.1272@TK2MSFTNGP12.phx.gbl...
|
| They have the network required.

*agree*

But, regardless of who is hosting Microsoft's website, they should install a
cert issued to www.microsoft.com, rather than use one of their own.

Agree?

Personally, I view this as very unprofessional -- of both companies.


Top

Re: Why is microsoft.com using a cert issued to akamai.net? by jcochran

jcochran
Thu Aug 28 08:59:27 CDT 2003

On Wed, 27 Aug 2003 19:01:37 -0400, "Lee Harvey"
<leeharvey@grassyknoll.com> wrote:

>Point IE (or better browser) to:
>
> https://www.microsoft.com/
>
>Then laugh at the cert warning:
>
> The name on the security certificate is invalid
> or does not match the name of the site
>
>Microsoft...Security...Ironic?!
>
>Not to mention, akamai.net is a notorious advertiser/tracking service. This
>is not good for privacy concerns.
>
>Come-on Microsoft, certainly you can do better...please attempt to instill
>some confidence in your users.

Akamai provides front end load balancing for many of Microsoft's
servers, plus they handle most of ther streaming video. You do have
the option to deny accepting the cert if you have an issue.

Jeff
Top

Re: Why is microsoft.com using a cert issued to akamai.net? by Bill

Bill
Thu Aug 28 10:59:57 CDT 2003

"Lee Harvey" <leeharvey@grassyknoll.com> wrote in message
news:O1WduvWbDHA.2960@tk2msftngp13.phx.gbl...
> *agree*
>
> But, regardless of who is hosting Microsoft's website, they should install
a
> cert issued to www.microsoft.com, rather than use one of their own.
>
> Agree?
>
> Personally, I view this as very unprofessional -- of both companies.



I agree that this needs fixing, and suspect that it is a product of a very
quick substantial re-arrangement of operations in response to recent worms.


Top

Re: Why is microsoft.com using a cert issued to akamai.net? by Michel

Michel
Thu Aug 28 11:12:32 CDT 2003

"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:OcA$q1XbDHA.1740@TK2MSFTNGP10.phx.gbl...
> "Lee Harvey" <leeharvey@grassyknoll.com> wrote in message
> news:O1WduvWbDHA.2960@tk2msftngp13.phx.gbl...
> > *agree*
> >
> > But, regardless of who is hosting Microsoft's website, they should install
> a
> > cert issued to www.microsoft.com, rather than use one of their own.
> >
> > Agree?
> >
> > Personally, I view this as very unprofessional -- of both companies.
>
>
>
> I agree that this needs fixing, and suspect that it is a product of a very
> quick substantial re-arrangement of operations in response to recent worms.
>
This is quite a common mistake that SSL cert registrants make.
SSL clients are designed to recognize that but allowing the client
to continue (try any https site and replace the DNS name with IP
address and it will show the same problem).
Also, SSL certs don't offer afaik the option to provid any aliases
for this purpose.

The Valid From field indicates 7/24/2003 so is quite a recent cert.

- Michel Gallant
MVP Security


Top

Re: Why is microsoft.com using a cert issued to akamai.net? by Bill

Bill
Thu Aug 28 11:25:47 CDT 2003

everybody in this thread provide feedback to the webmaster?

http://register.microsoft.com/contactus30/feedback.asp?FU=https%3A%2F%2Fwww%2Emicrosoft%2Ecom%2F&RU=https%3A%2F%2Fwww%2Emicrosoft%2Ecom%2F&CU=https%3A%2F%2Fwww%2Emicrosoft%2Ecom%2F

"Michel Gallant" <neutron@istar.ca> wrote in message
news:ukmN58XbDHA.2684@TK2MSFTNGP11.phx.gbl...
> "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
> news:OcA$q1XbDHA.1740@TK2MSFTNGP10.phx.gbl...
> > "Lee Harvey" <leeharvey@grassyknoll.com> wrote in message
> > news:O1WduvWbDHA.2960@tk2msftngp13.phx.gbl...
> > > *agree*
> > >
> > > But, regardless of who is hosting Microsoft's website, they should
install
> > a
> > > cert issued to www.microsoft.com, rather than use one of their own.
> > >
> > > Agree?
> > >
> > > Personally, I view this as very unprofessional -- of both companies.
> >
> >
> >
> > I agree that this needs fixing, and suspect that it is a product of a
very
> > quick substantial re-arrangement of operations in response to recent
worms.
> >
> This is quite a common mistake that SSL cert registrants make.
> SSL clients are designed to recognize that but allowing the client
> to continue (try any https site and replace the DNS name with IP
> address and it will show the same problem).
> Also, SSL certs don't offer afaik the option to provid any aliases
> for this purpose.
>
> The Valid From field indicates 7/24/2003 so is quite a recent cert.
>
> - Michel Gallant
> MVP Security
>
>


Top