Accessing Cricklewood Electronics website

[AJSmith625]

I have been trying for the last few days to access Cricklewood Electronics website but all I get is the caption (Site cannot provide a secure connection). Has any one else had this problem?

Alan

[Station X]

It works fine for me using Microsoft Edge.

https://www.cricklewoodelectronics.com/

[GrimJosef]

It's working OK for me (Windows 10, Firefox, Virgin Media).

Cheers,

GJ

[Nuvistor]

The certificate appears to have been renewed on the 20/4/18, is it since then you have had problems? Try deleting web cache data etc and try again or try a different browser.

[AJSmith625]

Thanks for your replies folks. The problem is at my end. Have just tried a later computer which is what I should have done in the first place and all is ok. This 8 year old Samsung using XP is getting a bit long in the tooth now. As you said Frank this seems to have happened since 20/4/18, but I will try your suggestions. I do have this later computer, a HP with Win 7 to fall back on, which was donated to me by a close friend who now uses a tablet. Just not got round to setting it up to my preferences.
Thanks again Alan.

[AJSmith625]

Thanks again to Frank/Nuvistor. I have just installed Opera and now Cricklewood is coming through loud & clear once again. I don't want to pension off this Samsung mini laptop just yet, even though its 8 years old as its so convenient for carrying around, and I am not a great lover of touch screens as used on tablets today.

Thanks again Alan.

[ThePillenwerfer]

I recently had similar problems on different web-sites and up-dating my browser, Slimjet in my case, fixed it.

[dsergeant]

Quote:

Originally Posted by Nuvistor

The certificate appears to have been renewed on the 20/4/18, is it since then you have had problems? Try deleting web cache data etc and try again or try a different browser.

When I look it says renewed 24/2/18 and expires 24/5/18, presumably a cheap 'lets encrypt' certificate that only lasts 3 months. But yes, everything in order here, even the latest TLS1.2 encryption. Palemoon browser.

Dave

[Nuvistor]

Just checked and for me it’s saying 22/2/18 and 23/5/18 so something’s changed since this morning, perhaps others have had problems and they have reverted back to their old cert. The cert supplier is also different from this morning.

[AJSmith625]

Well would you believe it. Just checked Cricklewood on my old browser Chrome and there it is once again as bold as brass. Something very strange going on I think.

Alan.

[julie_m]

Some ancient software can't handle a technology called Server Name Indication.

Back in the early days, there was only HTTP, with everything -- your request for a web page, perhaps including some responses to form fields, and its contents coming back to you -- being sent in the clear. Which was a problem for things like credit card transactions, since there is no way to know who is listening. To provide improved security, HTTPS was created; by using an existing protocol called the Secure Socket Layer -- which basically creates a virtual two-way connection between two machines, everything travelling in either direction being encrypted; but as far as your software is concerned, all it sees is a way to send zeros and ones to a certain machine and a stream of zeros and ones coming from that same machine. The SSL library just takes care of everything for you. They made it exactly as easy to use as creating traditional unsecured socket connections. And they gave all this away, free, in Source Code form so you can check out the Internal Workings, because they would rather people were using great software than anyone was forced to use inferior software for want of cash. (Although not everyone who implemented the software was so noble-spirited.)

Just encrypting isn't enough, though. The transparent nature means anyone could spoof both parties; convincing Alice that she is speaking to Bob while being able to decrypt everything she says, then re-encrypting it to send on to Bob and so persuading Bob that he is listening to Alice. You need proof of who you're really talking to. This is done using a document signed with somebody's secret key. Anybody with that person's public key can decrypt it. But here the object is not to maintain secrecy, but to prove that someone is who they said they are (because that key is secret).

Now, the decision was made in the design of HTTPS to encrypt everything including the name of the server being requested. This means you can only use one certificate per IP address (which is always sent in the clear). If there were multiple certificates, the server wouldn't know which one to use until it had already used it! This became a problem. The only way around it at first was to use multiple IP addresses on a server. But then IP addresses began getting scarce (the replacement for IPV4, known as IPV6 and reckoned to have enough space to give every grain of sand in the Sahara desert a unique address, is a complete dog's breakfast that even Microsoft don't want to touch if they can avoid it).

Then a vulnerability in the SSL protocol was discovered. Something the mathematicians who designed it had believed impossible turned out just to be very difficult indeed, giving would-be eavesdroppers a short-cut to decrypting data. And so SSL became TLS -- Transport Layer Security. A replacement for SSL that had been brewing awhile, but remained in its shadow. Crucially this time, having seen what happened in the past, the designers thought to allow for the encrypted packets to carry the name of the destination server in the clear. It's got to be looked up on a public nameserver anyway, so it's not secret. Web servers around the world dropped support for old-style SSL. Many of them had already supported new-style TLS anyway. And so today, it is possible to run multiple virtual hosts with different certificates, all on the same IP address; because you know the requests coming in will have the server name in the clear. In fact, it's not only possible, but no harder than running multiple HTTP virtual hosts on port 80. You just create entries in your configuration for the HTTPS hosts on port 443, following the same syntax but also including the path to the all-important certificate associated with the domain name. TLS takes care of the encrypted connection from end to end, and SNI lets the server know what name it was being called by so it knows which certificate to use to prove who it is.

This is why older operating systems, and client applications such as web browsers, might be unable to access secure web sites today.

[AJSmith625]

Thank you Julie for the detailed explanation there. I do realise I am running an old operating system on an old laptop by todays standards and that things have to change to keep up with security issues. I just think it would be nice if some of these websites would flash up a message like Freeview does when a retune is required, to let some of us less savvy computer users know when a change is about to take place which may affect some and not others. OK to be fair some of them do give warnings but it is usually just the large companies as far as I can see.

Alan.

[Radiocruncher]

I had problems last year and had to phone an order through. I explained that I couldn’t get on their site and they asked if I was on btinternet. I said I was and they said that was the issue. I think from memory that I had to clear my cache and restart the router.

Regards

Graham

[AJSmith625]

Hello Graham, I am also on BT. I did try clearing my browsing history which is something I do every few weeks, but I did not think of re-booting the router. As I said above everything has seemed to have gone back to normal so its fingers crossed.

Alan.