Reply
Contributor
__Fish__
Posts: 7
Registered: ‎09-21-2012
Accepted Solution

Comcast.net's web site SSL Security Certificate has expired

Your (Comcast's) web site SSL Security Certificate has expired.

 

I am unable to view your "Service Agreement" web page.

 

The URL provided to me via email BY COMCAST was:

 

http://contracts.comcast.com/redirect.aspx?email=FISH@INFIDELS.ORG&contractId=6211383 

 

Internet Explorer complains that YOUR (Comcast's) webs site SSL Security Certificate has expired and thus will not allow me to access the web page.

 

FireFox complains that YOUR (Comcast's) webs site SSL Security Certificate has expired and thus will not allow me to access the web page.

 

Chrome complains that YOUR (Comcast's) webs site SSL Security Certificate has expired and thus will not allow me to access the web page.

 

Opera complains that YOUR (Comcast's) webs site SSL Security Certificate has expired and thus will not allow me to access the web page.

 

Your web site SSL Security Certificate has expired.

 

There is nothing I can do to renew YOUR web site security certificate.

 

That is something COMCAST must do.

 

Please renew your web site SSL Security Certificate so that I may view your service agreement web page.

 

Thank you!

 

Email Expert
CCCarole
Posts: 28,883
Registered: ‎05-21-2006

Re: Comcast.net's web site SSL Security Certificate has expired

Have you tried it today?

Also- see if something is off in the date/time settings on

your computer.



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




Contributor
__Fish__
Posts: 7
Registered: ‎09-21-2012

Re: Comcast.net's web site SSL Security Certificate has expired


CCCarole wrote:

Have you tried it today?

Also- see if something is off in the date/time settings on

your computer.


1. Yes. The problem still exists.

2. Current local date/time = 9/22/2012 @ 12:34pm PST

Contributor
__Fish__
Posts: 7
Registered: ‎09-21-2012

Re: Comcast.net's web site SSL Security Certificate has expired


CCCarole wrote:

Have you tried it today?

Also- see if something is off in the date/time settings on

your computer.


1. Have YOU tried it yourself yet, Carole? Either of the below URLs reproduce the exact same problem:

 

http://contracts.comcast.com

https://contracts.comcast.com

 

2. My date/time is correct.

 

I may be new to comcast and new to this forum Carole, but I am not an Internet newbie. I've been 'online' since before there was an Internet. (Since the 1200 baud dial-up modem bulletin-board days)

 

I've been using computers for over 35+ years and have been programming on computers for 30+ years, 15+ years on big IBM mainframes (in assembler) and 15+ years on Windows (Visual C++ version 1.0 on Windows 3.1).

 

I used to design/develop operating systems. Now I'm a per/hour paid independent consultant.

 

I know all about Layer 2 networking (Ethernet packet/frame level) as well as IP and TCP and UDP and ARP and RARP and Inverse ARP, etc. I code web sites by hand.

 

I would like to believe I know what the heck I'm doing.  :smileywink:

 

I'm sorry to come down on you so hard Carole. I'm not angry or mad at you.

 

I just get tired of replies from people trying to be helpful which are in the end absolutely no help at all.

 

Especially since it's usually me that's the one providing help to others, and not the other way around.  It feels weird having the situations reversed.

 

AND it's incredibly frustrating to have an issue which is impossible for me to fix myself, and which requires someone else -- in this case another company with a lot of known red tape -- to do something in order to fix.

 

It's like pulling teeth.  :smileysad:

 

Please accept my apology for perhaps being a bit brusque.

 

Soo.....

 

Is Comcast going to renew their comcast.com SSL security certificate or not?

 

And if so, WHEN?

 

Thanks.

Gold Problem Solver
BruceW
Posts: 7,294
Registered: ‎12-03-2007

Re: Comcast.net's web site SSL Security Certificate has expired

I'm seeing the same. Firefox reports:


Alert

      contracts.comcast.com uses an invalid security certificate.
  !   The certificate expired on 5/8/2012 7:59 pm.
      (Error code: sec_error_expired_certificate)


Pretty lame.

Email Expert
CCCarole
Posts: 28,883
Registered: ‎05-21-2006

Re: Comcast.net's web site SSL Security Certificate has expired

The administrator has been notified.



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




Official Employee
ComcastEric
Posts: 573
Registered: ‎06-29-2011

Re: Comcast.net's web site SSL Security Certificate has expired

Our team is working on getting the cert updated.  Sorry for the inconvenience.

 

Eric

Contributor
__Fish__
Posts: 7
Registered: ‎09-21-2012

Re: Comcast.net's web site SSL Security Certificate has expired

[ Edited ]

 

It still doesn't work:

 

                                      http://contracts.comcast.com

 

I still get a Certificate Error.

 

I am still unable to view the Term Agreement.  The link you (Comcast) provided does not work. Your (Comcast's) "contracts.comcast.com" Security Certificate has expired.

 

I cannot view your web page until you (Comcast) first renew your Security Certificate with VeriSign. Please do so as soon as possible.

 

I have been waiting for over 2 months to view the Term Agreement I supposedly implicitly agreed to. I have not received a hardcopy (paper) version of the Term agreement like I asked for either.

 

Until such time as you provide to me a copy of the Term Agreement, I am LEGALLY under no obligation to abide by it. No one can LEGALLY enter into a contract that cannot be seen. This is a serious legal issue.

 

Please renew YOUR web site Security Certificate with VeriSign (i.e. purchase a new certificate) for "contracts.comcast.com" (or even better, change the URL for the Term Agreement to https://www.comcast.com).

 

By receiving this message you (Comcast) acknowledge YOUR responsibility in this matter.

 

Official Employee
ComcastJoe
Posts: 6,893
Registered: ‎08-11-2011

Re: Comcast.net's web site SSL Security Certificate has expired


__Fish__ wrote:

 

It still doesn't work:

 

                                      http://contracts.comcast.com

 

I still get a Certificate Error.

 

I am still unable to view the Term Agreement.  The link you (Comcast) provided does not work. Your (Comcast's) "contracts.comcast.com" Security Certificate has expired.

 

I cannot view your web page until you (Comcast) first renew your Security Certificate with VeriSign. Please do so as soon as possible.

 

I have been waiting for over 2 months to view the Term Agreement I supposedly implicitly agreed to. I have not received a hardcopy (paper) version of the Term agreement like I asked for either.

 

Until such time as you provide to me a copy of the Term Agreement, I am LEGALLY under no obligation to abide by it. No one can LEGALLY enter into a contract that cannot be seen. This is a serious legal issue.

 

Please renew YOUR web site Security Certificate with VeriSign (i.e. purchase a new certificate) for "contracts.comcast.com" (or even better, change the URL for the Term Agreement to https://www.comcast.com).

 

By receiving this message you (Comcast) acknowledge YOUR responsibility in this matter.

 


This ticket has been reopened. I will update this thread when we know more.

 

Thanks,
Joe
XfinityTV.com/Xfinity.com Support
Twitter: @XfinityTVJoe

New Visitor
blanyq
Posts: 2
Registered: ‎10-27-2012

Re: Comcast.net's web site SSL Security Certificate has expired

Is there any reason why in the world this should take more than a day to resolve??? Does Comcast truly have such little regard for proper, let alone simple, security measures to protect its customers? This is an amazingly sad commentary to have this be an open issue for over a month.

Contributor
Contributor
Op4
Posts: 11
Registered: ‎10-28-2012

Re: Comcast.net's web site SSL Security Certificate has expired

Hi,

If you run the RSA and create the CSR and send them to me, i'll have a SSL resent to you in about 20 minutes if you would like... so all you'd need to do is add the new one back via command line...
------
for the RSA
cd /etc/pki/tls/private/
openssl genrsa -out domain.com.key 2048
chmod 400 domain.com.key
-----
Now for the CSR.
cd /etc/pki/tls/certs/
openssl req -new -nodes -key /etc/pki/tls/private/domain.com.key -out domain.com.csr
------
just a thought

 

p.s. the site is still showing an SSL error

 

New Visitor
StygianAgenda
Posts: 2
Registered: ‎10-28-2012

Re: Comcast.net's web site SSL Security Certificate has expired

I'm beginning to think that I should contact Comcast's Human Resources department and apply for the job of the person in charge of taking care of website security.

 

Given that their management had already purchased the replacement certificate, it would only take me about 5 minutes to replace this certificate, whether the server is Windows, Linux, or Unix based, and it would only take that long due to the way I would need to go about importing the certificate data into the systems.

 

Regardless, this is especially disturbing to me considering that I have had several interactions with Comcast's Network Security team and have found that each and every time the assistance that I received was amatuerish.  Not only should Comcast be hiring competant systems administrators, but also certified ethical hackers that actually have a clue about the modern network security landscape.

 

It says a lot when my own network's security policy and practices exceed those of my ISP by a tremendous margin.

New Visitor
44Joe44
Posts: 1
Registered: ‎12-06-2010

Re: Comcast.net's web site SSL Security Certificate has expired

Spoiler
I have the same issue with Comcast.  The Internet Security Warning message says "The server you are connected to is using a security certificate that cannot be verified".  Comcast told me my issue of Outlook was out of date and has to be updated.  I am really dissapointed with Comcast technical support.  I asked to speak to a higher level of support but they did not transfer me.
Spoiler
Does anyone know how to get Comcast to issue a new certificate?  Mine expired on 11-26-12

 

Gold Problem Solver
BruceW
Posts: 7,294
Registered: ‎12-03-2007

Re: Comcast.net's web site SSL Security Certificate has expired


44Joe44 wrote: ... Does anyone know how to get Comcast to issue a new certificate?  Mine expired on 11-26-12

Since we won't reach 11-26-2012 for another four weeks, you might want to check your date and time settings.

New Visitor
3dprophet
Posts: 1
Registered: ‎11-19-2012

Re: Comcast.net's web site SSL Security Certificate has expired

If you visit the link in Chrome browser, you have the option to bypass the security block.

Contributor
__Fish__
Posts: 7
Registered: ‎09-21-2012

Re: Comcast.net's web site SSL Security Certificate has expired


3dprophet wrote:

If you visit the link in Chrome browser, you have the option to bypass the security block.


 

DUH!

 

You just don't get it, do you 3dprophet?

 

Just about any browser --Internet Explorer included -- will let you bypass the security warning!

 

But why would any person who takes security seriously purposely bypass a SECURITY WARNING?!

 

An expired Security Certificate is not something to be taken lightly.  It means the certificate can no longer be trusted.  That's why the warning is there, and why all browsers display the warning:

 

 

 

What about expired certificates? Is it okay to go to a website with an expired certificate?  (http://windows.microsoft.com/en-US/windows-vista/About-certificate-errors)
 

"No, an expired certificate means that the certification authority is no longer reporting on the integrity of the certificate. An expired certificate could be stolen and used by a malicious website."

 

 

Expired SSL Certificate Implications   (http://security.stackexchange.com/questions/8394/expired-ssl-certificate-implications)

 

"The communication is still encrypted, but the trust mechanism is undermined."

 

"Once the certificate has expired, the server may simply cease to bother about key privacy, since the corresponding public key is not to be used anymore. If you (as a SSL client) decide to accept an expired server certificate, you take the risk of using a public key for which the corresponding private key has simply been abandoned and scooped up by a bad guy."

 

 

 

Yes it is possible to ignore the security warning about their expired certificate and proceed to their web page anyway.

 

But we shouldn't have to.  That's the whole point.

 

We shouldn't be required to ignore Security Warnings to reach Comcast web pages.

 

And Comcast's continued indifference and disregard regarding this issue is not only insulting but deeply disturbing.

 

Contributor
__Fish__
Posts: 7
Registered: ‎09-21-2012

Re: Comcast.net's web site SSL Security Certificate has expired

ComcastJoe wrote:

This ticket has been reopened. I will update this thread when we know more.

 

Thanks,
Joe
XfinityTV.com/Xfinity.com Support
Twitter: @XfinityTVJoe



FYI: as of Jan 10, 2013 this issue appears to have finally been resolved.

 

Comcast has finally installed their new certificate and I can now reach their secure web pages without an expired certificate warning.

 

Please mark this post as the answer.

 

Thank you.

 

New Visitor
StygianAgenda
Posts: 2
Registered: ‎10-28-2012

Re: Comcast.net's web site SSL Security Certificate has expired

<sarcasm> Wow... and it only took them roughly 4 months and 3 weeks to do a 5 minute task. </sarcasm>

 

It's not so much that I even care about the certificate as much as my beef is with the level of attention to detail, or the pace at which repairs to systems such as the one at the heart of this issue.

 

No different than Comcast's expectation that we (as the customer) pay our bill with them, we (the customer) expect a high level of expertise from those maintaining the services which we pay so much for.  On an average year, I'm paying Comcast nearly $3000 for the services I subscribe to, and seeing as how I do pay so much, and I do work in IT, if I call customer support and ask that my call be escalated to an engineer, I expect compliance... immediately, or else I expect the CSR that took my call to be penalized or fired for dereliction of duty.  I expect that if I'm shelling out all this cash for a service, the service should be in perfect working order, or at the least, a notification should be put out to all users of that service that includes an ETA for the repair. 

 

With the IT team I work with  --conducting ourselves as Comcast has been known to-- would lead to job loss.  These are what we refer to as 'career making decisions'.  Things that whether handled with grace or fumbling, will absolutely affect customer / client opinions that decide how well a business does overall.  Dropping the ball too often gives the impression of being a rank amatuer that has no business working the job that they've been assigned.

 

Now, as I say, I could care less about the individual instance of an expired certificate... after all, it's not going to cause the world to end.  But, considering what a PITA the Comcast CSRs can be at times, and how a large number of those CSRs that staff the comcast customer service are either rude or too ignorant of technology to actually be of any use to anyone with a real & valid technical question or issue, it leads to this expired certificate being a much larger problem than what it would be otherwise... simply because people would rather deal with their billing online than deal with people that are clueless, rude, etc.

 

No... personally, my only real complaints with Comcast's services revolve primarily around AUP issues.  The way I see it, if a customer wants all of their ports unblocked, Comcast should simple comply.  Blocking service ports because of the risk posed by malware infected systems owned by absolutely clueless users should not be made a problem that affects the savvy amongst us that prefer to self-host our own servers and services.  The way I see it, if I can get a 30Mbit residential connection, why can I not get a 30Mbit business class connection at the same location, which happens to be in the most technologically developed part of my city?  Knowing what I know, I don't believe this to be a technical issue so much as it is a political issue or simply one of a corporate policy that is out of touch with reality.... of course, that wouldn't be the first time Comcast has done something questionable along those lines ...such as 250GB/per month caps, right as streaming services & VOIP tech were just taking off, which lead to accusations of anti-competitive practices.   

 

Otherwise, I love the services that Comcast offers, and it certainly beats dealing with AT&T, who I see as one of the worst companies in the Americas.  But at the end of the day, what does that really say?  It's kinda like saying, "well it's ok to drink like a fish... hey... at least it's not crack!"  Sorta, the lesser of two evils.  But hey... at least they aren't AT&T!

New Visitor
Frustrated999
Posts: 2
Registered: ‎02-01-2013

Re: Comcast.net's web site SSL Security Certificate has expired

I have spent hours with comcast and no results they send me to Microsoft and MS sends me to Comcast. I both a new computer with Office 2013 and am trying to set up Outlook and get security certificate error that the issued to certificate does not match the name of the ISP. a248.e.akamai.net does NOT look like Comcast and and I have no idea what to do next ....help please

Gold Problem Solver
BruceW
Posts: 7,294
Registered: ‎12-03-2007

Re: Comcast.net's web site SSL Security Certificate has expired


Frustrated999 wrote: ... I both a new computer with Office 2013 and am trying to set up Outlook and get security certificate error ...

Please see http://forums.comcast.com/t5/E-Mail-and-Xfinity-Connect-Help/Outlook-2013/m-p/1568553. Make sure you are spelling the mail server names correctly. They should be mail.comcast.net (for receiving) and smtp.comcast.net (for sending). Please post again if you still need help.

New Visitor
Frustrated999
Posts: 2
Registered: ‎02-01-2013

Re: Comcast.net's web site SSL Security Certificate has expired

Still doesn't work. I tried various settings suggested and got one of two messages depending:

1)Outlook cannot connect to your ougoing (smpt) e-mail server. Contact your ISP.; or

2) Cannot send the message verify e-mail address in your account. The server resonded with : 550 5.1.0 Authentication required.

 

e-mail address is correct as I can log into Comcast and read e-mail. I just can't get them to Outlook.

 

When I try the "automated" setup in Windows 8 I get the message that the Security Certificate does not match the name on the account. Viewing detail of the certificate it reads that the certificat was issued to: a248.e.akmai.net. This surely doesn't look like Comcast.net. the certificate was issued by: GTE Cyber Trust Global Root.

 

I could go ahead and accept the certificate and I suppose it would work, but how do I know it is a secure site?

New Visitor
blanyq
Posts: 2
Registered: ‎10-27-2012

Re: Comcast.net's web site SSL Security Certificate has expired

You should open a new thread or call tech support (good luck!) to get this resolved. The original post has nothing to do with getting Outlook working and everything to do with Comcast being incapable of updating SSL certificates to demonstrate even a modicum of rigor in how they portray the importance of security to their customers. However, I would NOT accept a certificate even if Windows/Outlook is offering to let you do so.

Email Expert
CCCarole
Posts: 28,883
Registered: ‎05-21-2006

Re: Comcast.net's web site SSL Security Certificate has expired

You posted:

"

Still doesn't work. I tried various settings suggested and got one of two messages depending:

1)Outlook cannot connect to your ougoing (smpt) e-mail server. Contact your ISP.; or

2) Cannot send the message verify e-mail address in your account. The server resonded with : 550 5.1.0 Authentication required."

 

Do you have My outgoing server (SMTP) requires authentication.enabled in Outlook?

Is SSL ON for your smtp Port and Pop Port?

Do you have SPA (secure password authentication OFF?

 

 

 



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




New Visitor
Posts: 1
Registered: ‎08-25-2009

Re: Comcast.net's web site SSL Security Certificate has expired

I am having the same problem. I got it working a few days back, but yesterday I could not send or receive messages. This is really getting frustrating. I deleted my account and added them back, but still can not connect.

Contributor
__Fish__
Posts: 7
Registered: ‎09-21-2012

Re: Comcast.net's web site SSL Security Certificate has expired


Frustrated999 wrote:

 

"I have spent hours with comcast and no results they send me to Microsoft and MS sends me to Comcast. I both a new computer with Office 2013 and am trying to set up Outlook and get security certificate error that the issued to certificate does not match the name of the ISP. a248.e.akamai.net does NOT look like Comcast and and I have no idea what to do next ....help please"


 

Please do no hijack other's threads with your own unrelated problem.

 

 

This thread (the one you hijacked) originally had to do with an expired security certificate.

 

Your issue has to do with a security certificate being served to you with an incorrect name that does not match the website you are trying to access.

 

 

The two problems are not the same.  You should not be posting in this thread.

 

 

Support personnel are unlikely to continue reading this thread since the original problem (expired certificate) has already been resolved.

 

 

Please start your own separate thread under a more appropriate title/subject/topic.

 

 

By doing so you will very likely get much better support simply as result of the support personnel who could actually help you being able to more easily "see" (find/locate) posts related to your problem (i.e. their area of expertise).