Your certificates are bad. MD5(!) collision-heaven root and unpinned sub cert for subject ww2.futureware.com instead of financialcryptography.
Might want to look in to that. Throws errors in all the major browsers. Tested on 3 systems on 3 different connections, so it's unlikely to be mitm.
Please moderate this comment and fix your certs, don't publish it. I don't want any credit or attribution. Just do away with that MD5-shit and bad subject name so I can use TLS with confidence on your site.
Posted by Anonymous at May 7, 2015 04:30 PMModerate this comment too:
I used the comment form because ten minutes of searching gave me no "contact us" or any other way to easily contact the maintainers of the blog or domain. Maybe you should add one, unobtrusively, right below banner "This site is secured (WITH MD5 SIGS!!!) by CACert.org"!
Posted by Anonymous at May 7, 2015 04:32 PMHey, you're right, there is an MD5 collision-heaven root in the cert.
If you can explain how to do an MITM on the root, I'd be grateful ;-)
The main issue here is that browsers want to expunge MD5 completely from their software suite. Which is a good thing. CAcert hasn't caught up :(
The business about the www2.futureware.com is that the cert is a SNA or SubjectAltName cert, which means it lists a whole bunch of shared sites in one cert. This normally goes away when the browser accepts the root. TLS/SNI would be better, I know.
Posted by Iang at May 8, 2015 11:47 AM