PDA

View Full Version : Comodo: Are they dumb or what?



NewsArchive
12-11-2011, 08:07 AM
Today I registered, sorry attempted to register a certificate for another
three years vis Lindersoft. Comodo claims I placed my isp url as my website
and require docos to prove I own that site. I have written back with
documents from Net Registry showing I own my site but they will not accept
that even though I have told them the error is theirs. I need to re-register
without paying any more money. How do I do that?
Thanks
Nev

NewsArchive
12-11-2011, 08:07 AM
Hi Nev,

> Today I registered, sorry attempted to register a certificate for another
> three years vis Lindersoft. Comodo claims I placed my isp url as my
> website and require docos to prove I own that site. I have written back
> with documents from Net Registry showing I own my site but they will not
> accept that even though I have told them the error is theirs. I need to
> re-register without paying any more money. How do I do that?

I would suggest to open a ticket with Comodo and tell them that they made a
mistake.

Or contact Comodo directly via phone:

http://www.instantssl.com/ssl-certificate-corporate/ssl-certificate-contact.html

Please keep us posted.

Friedrich

NewsArchive
12-11-2011, 08:08 AM
BTW, are you using your @westnet.com.au email address? As I understand it,
westnet.com.au is an ISP and not your own "web address".

I might be wrong, but perhaps they did a generic Whois look up and your
@westnet.com.au email address resolved to your ISP IP and not to your own
web server. That seems to be the problem here.

Friedrich

NewsArchive
12-11-2011, 08:08 AM
Similar to this (but again, I might be wrong)

You make use of an yada@westnet.com.au email address and this resolves to
your ISP's IP:

https://support.comodo.com/index.php?_m=knowledgebase&_a=viewarticle&kbarticleid=423&nav=0,28

The validation process stops immediately because your (company) name and the
name retrieved from the WHOIS database do not match.

Friedrich

NewsArchive
12-11-2011, 08:08 AM
Thanks Friedrich
That appears to be what they do. They assume that the isp part of your email
address is owned by you instead of actually asking for the site url you wish
to be registered. I have many websites and all admin email addresses are
redirected back to the one common for delivery.
I had already told them they had made an error and now waiting for a
response.
Nev

NewsArchive
12-11-2011, 08:09 AM
Hi Nev,

> Thanks Friedrich
> That appears to be what they do. They assume that the isp part of your
> email address is owned by you instead of actually asking for the site url
> you wish to be registered. I have many websites and all admin email
> addresses are redirected back to the one common for delivery.
> I had already told them they had made an error and now waiting for a
> response.

All WebTrust agencies have to follow the very same strict identity
validation rules. So this is not a Comodo "issue" per-se.

Three years ago you wrote this:

> Last wednesday I started the validation process. Sent the Bank Statement,
> Phone Bill and both accepted. They asked for validation of the webite that
> hosts my email. Three times I advised them that I did not own that site
> but it was my ISP. It was as though someone there does not understand
> English. In desperation I submitted a whois of my main website with my
> email addy on that. Now I am on their 'contact' list whatever that means.
> That was last Friday my time, Thursday USA time. It is now Monday
> Australian time. Does anyone know whether they work 24/7 to satisfy
> clients needs or they 9-5 like banks 5 days a week. And how long do they
> take to issue the certificate?
> If I treated my clients like they treat theirs, I would be out of
> business.

So you hade the same problem in the past. But the rules are VERY strict
now. After all the certificate desasters this year, I don't think that they
(or any other WebTrust) will issue a certificate if the email address can't
be verified via the WHOIS database.

Friedrich

NewsArchive
12-11-2011, 08:09 AM
http://www.lindersoft.com/forums/showthread.php?t=11290

Friedrich

NewsArchive
12-11-2011, 08:09 AM
REMINDER: To help the validation process go smoothly, use an Email address
at a domain that is owned by YOU or YOUR company. Comodo will look at the
WHOIS of the domain you use on the order page so make sure any WhoisGuard or
Privacy options have been disabled. You can re-apply any privacy settings
once Comodo verified domain ownership. If you would like to check the WHOIS
of your domain, you can use:

http://whois.pairnic.com/

Do not use a free email address like Hotmail, Gmail or an email address
provided by your ISP.

Friedrich

NewsArchive
12-11-2011, 08:10 AM
Hi Neville
Yeah, they are THE WEAKEST LINK!
Their Web ordering page requires a company name. I used to do business with a name of Singular Vision Software. Since I'm now retired, and I've moved from California to Texas, it's no longer a "legal" company name. But it is still in use on my website. But, in order to submit my order, I had to use a company name. They complained my domain registrant name didn't match my company name. So I go to GoDaddy and change it to Singular Vision Software. Then, since I don't have business documents with that name, it became a hassle. They suggested I convert to a certificate using my personal identity... Ok, did that. Then they complained my website registration via whois didn't match my personal information... Ok, I had to go back to GoDaddy to change my registrant information again. THEN they complained because I was using a gmail email address. So I had to create an email address for my certificate to use via my domain, which then caused all kinds of problems because of the spam filters my Web host users... A major pain in the butt! Next, after 3 emails to them, I finally get a link to collect my certificate files. Now it becomes interesting. I click on the link in Windows 7 64-bit Internet Explorer. I don't get any messages. It just seems to hang there. I close IE. Since I have SetupBuilder installed in my virtual machine and that's where I will actually need my certificate, I open it and go to Internet Explorer there. I pull up the email and click the link. I get a yellow bar prompt from some Microsoft certificate installer program. I authorize that program to do whatever... Error... I contact Comodo and ask them what to do. They tell me my certificate has already been collected and installed... Really? So how do I get to it? They tell me I have to export it... but they don't tell me how to do that... So somehow I have to find out where in the hell the certificate is, probably in IE 64-bit and export it and move the files to IE in my virtual machine... And do whatever else with them to use them in SetupBuilder. What a royal pain in the butt!


Ben E. Brady

NewsArchive
12-12-2011, 01:28 AM
Hi Ben,

>
> What a royal pain in the butt!
>

Well, to be fair, this all has absolutely nothing to do with Comodo. All
WebTrust "agencies" have to follow the very same strict identity
verification process now. And this is a good thing. I don't want to give
Iranian hackers control over my system. VeriSign issued certificates to
"Mickey Mouse", Comodo issued fraudulent login.skype.com, login.yahoo.com,
mail.google.com and www.google.com certificates. Then there was a fiasco
with stolen mozilla.org certificates. And the huge problems with
GloballSign and DigiNotar. Argh!

As a result, Microsoft (in cooperation with the WebTrusts) improved the
underlying identity verification guidlines. Can you imagine what would
happen if Comodo (or another WebTrust) issued again a fraudulent
certificate? Yes, that company would be history (see DigiNotar). And
remember, this is a multi-million dollar per week business!

We are an official Comodo partner and we had to request a new certificate.
Yes, we had to go through the very same strict verification process. They
verified our documents, they checked our WHOIS entries and they gave us a
call. A code signing certificate is an identity certificate so you will
have to prove to Comodo that you are who you say you are.

Friedrich

NewsArchive
12-12-2011, 01:29 AM
I guess Comodo didn't realize they were talking to _THE_ Ben Brady!

FWIW Ben, I had to go through the same hassles, and didn't like it any
more than you did. Like Friedrich, though, I recognize that it's a
necessary evil, even for _THE_ Mike Hanson. <g>

BTW, I recently got an SSL Certificate from GoDaddy (only because it
was cheaper than Comodo's). It was MUCH easier than the Code Signing
Certificate from Comodo. However, I was told by the GoDaddy rep that
getting the Code Signing one from them would be much more difficult.
I'm not sure why there's a difference between the two.

Mike Hanson
www.boxsoft.net

NewsArchive
12-12-2011, 01:30 AM
Hi Mike,

> I guess Comodo didn't realize they were talking to _THE_ Ben Brady!
>
> FWIW Ben, I had to go through the same hassles, and didn't like it any
> more than you did. Like Friedrich, though, I recognize that it's a
> necessary evil, even for _THE_ Mike Hanson. <g>

<G>

Well, when they started the Lindersoft identity verification process, I told
them: "Hey, what are you doing? We are Lindersoft, an official Comodo
Partner. I don't want to go through this nightmare process. We are
LINDERSOFT, the most coolest and trusted company in the world. So there is
really no need to do any background check." <g>

And they said: "Yes, Sir. I know that you are a well known official Comodo
Partner. But that does not make any difference. You have to go through
this process."

IMO, that's the correct way. I trust Comodo.

Friedrich

NewsArchive
12-12-2011, 01:31 AM
Hi Friedrich

So who controls the Web pages where you submit your order for the certificates? If Linder Software has any control over them, then some user-friendly instructions would make the process go much smoother. An explanation as to what the purchaser will need up front, BEFORE moving forward with the purchase would be helpful indeed. And then on page 5, instructions as to how to export the certificate from IE would be helpful as well.

Ben E. Brady

NewsArchive
12-12-2011, 01:31 AM
Hi Ben,

You submit your order for the certificates at the Comodo site. They would
never ever let any 3rd-party handle this.

Friedrich

NewsArchive
12-12-2011, 01:31 AM
Hi Ben,

By the way, I have to admit that I also had to consult our own forum threads
with regard to code-sign certificates and Jane's PDF (before and during the
ordering process) to make sure that I did it right.

Friedrich

NewsArchive
12-12-2011, 01:32 AM
Hi Friedrich,

I just found out about Jane's .PDF file. I just downloaded it to my phone so I can read it.
Thanks!

Ben E. Brady

NewsArchive
12-12-2011, 01:32 AM
Have you checked out Jane Fleming's document? I've bought a
certificate 2 times now, and was very glad to have it available during
the purchase. I must have looked at it 20 times while on that order
page.

http://beachbunnysoftware.com/webinar/CodeSign.pdf

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve

NewsArchive
12-12-2011, 01:33 AM
That would be handy. However, I don't notice that many other signing
authorities advertise these hassles up front. The first one to do so
would probably see a big drop in their business. <g>

Mike Hanson
www.boxsoft.net

NewsArchive
12-12-2011, 01:34 AM
Now they want to phone me to verify something but they want to phone only my
old phone number from 3 years ago, not the current one listed on the
application. The old one is disconnected! I'm waiting for the call.
Nev

NewsArchive
12-12-2011, 01:34 AM
Hi Neville
You have to make sure your domain contact information matches your contact information on your application. ICANN requires you to make sure your domain registration information is made up to date every year. If it's not, you can lose your domain.

Ben E. Brady

NewsArchive
12-12-2011, 01:34 AM
Do not have a problem there Ben. All sites are automatically re-registered
as they fall due and updated by me on changes in particulars..
Nev

NewsArchive
12-12-2011, 01:35 AM
Hi Neville

So how did they get a telephone number for you that is incorrect?
Did you use your previously registered certificate account?

Ben E. Brady

NewsArchive
12-12-2011, 01:35 AM
Hi Neville,

> Today I registered, sorry attempted to register a certificate for another
> three years vis Lindersoft. Comodo claims I placed my isp url as my website
> and require docos to prove I own that site. I have written back with
> documents from Net Registry showing I own my site but they will not accept
> that even though I have told them the error is theirs. I need to re-register
> without paying any more money. How do I do that?

I have a website for my company name and an email account there that I use.
I have a cell phone registered with my company so I can show them billing
information for the phone and they can call me to verify.

It's a PITA but if you handle this before you need to register then it goes
ok.

They will do all kinds of weird things. One year they dug up some
information about Icetips on some weird website that had the information all
wrong and then they attempted to use THAT instead of my information despite
me telling them multiple times that this was wrong. You also never get a
response from the same person twice. Personally I think it's all
computers<g>

Best regards,

--
ArnĂ³r Baldvinsson - Icetips Alta LLC
Port Angeles, Washington
www.icetips.com - www.buildautomator.com - www.altawebworks.com
Icetips product subscriptions at http://www.icetips.com/subscribe.php
https://twitter.com/#!/Icetips -
https://www.facebook.com/pages/Icetips-Alta-LLC/177947342793

NewsArchive
12-12-2011, 01:36 AM
I have been approved after 'the' phone call (sounds like Mumbai Calling) and
now the problem is that it will not let me save the key. When I attempt to
let it install it throws up a message about not deleting the original or was
it previously installed or is this the same pc on which the application was
made. No it has not been deleted, Yes it is the same pc and No how can it be
installed if I am now just at the installation stage. I have the original
generated pfk along with the .pem on the local drive. Where is the usual
spot to have the certificate installed on IE?

Thanks
Nev
..

NewsArchive
12-12-2011, 01:37 AM
What browser? O/S?

Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve

NewsArchive
12-12-2011, 01:38 AM
IE7 on XP Pro Jeff. Just found it on the Internet Options form.
Nev

NewsArchive
12-12-2011, 01:38 AM
STill will not install. Placed a ticket with Comodo.
Nev

NewsArchive
12-14-2011, 02:22 AM
After 28 emails and 2 phone calls I now have my certificate.
Nev

NewsArchive
12-14-2011, 02:22 AM
Just think, in 3 years, you get to do it all over again! The World Cup of
certificate buying! <g>

Russell B. Eggen
www.radfusion.com