dongleauth.info and www.dongleauth.info point to different servers

Question

dongleauth.info and www.dongleauth.info point to different servers

Closed this issue 6 years ago · 4 comments

https://dongleauth.info/ leads to a certificate error, because it points to https://www.nitrokey.com/. It should probably lead to the same server as https://www.dongleauth.info/.

$ nslookup www.dongleauth.info
Non-authoritative answer:
www.dongleauth.info     canonical name = nitrokey.github.io.
Name:   nitrokey.github.io
Address: 185.199.108.153
Name:   nitrokey.github.io
Address: 185.199.109.153
Name:   nitrokey.github.io
Address: 185.199.110.153
Name:   nitrokey.github.io
Address: 185.199.111.153

$ nslookup dongleauth.info    
Name:   dongleauth.info
Address: 185.231.124.190

$ nslookup www.nitrokey.com
Name:   www.nitrokey.com
Address: 185.231.124.190

Answer 1 · 2018-10-22T19:01:16.000Z

Missing hostnames/SANs on the SSL certificate are causing web browser security errors.

The www.dongleauth.info name is HTTP redirecting to dongleauth.info which is making it worse.

This server could not prove that it is dongleauth.info;
its security certificate is from nitrokey.com.
This may be caused by a misconfiguration or an attacker intercepting your connection.
NET::ERR_CERT_COMMON_NAME_INVALID

SSL test for dongleauth.info

SSL test for www.dongleauth.info

Answer 2 · 2018-10-26T06:33:56.000Z

Hmm, so is it expected that dongleauth.info redirects to www.nitrokey.com in the first place? Where can I get the list of websites and whether they support U2F?

Answer 3 · 2018-10-26T09:00:42.000Z

That is quite embarrassing, I am really sorry. I reverted it and will fix this issue asap.

Answer 4 · 2018-10-29T07:58:29.000Z

Thanks for letting us know and I am very sorry for the following problems! Should be fixed now.