co.za Domain payment SSL Errors

[bobbytb]

Some of my domains are up for renewal and as always, I make the payment online via their website. Today I am greeted with a privacy error on https://secure.coza.net.za/domSel.php



Anyone else also seeing this error on Chrome?

Im hesitant to pay on the site using my card.

 

[bobbytb]

Also, isn't it ironic that payment via EFT requires us to fax proof of payment to them, yes FAX... :crylaugh:

 

[chopsky]

Holy crap. ZACR are using a StartSSL certificate?!
General rule: Websites using StartSSL SSL certificates are NOT to be trusted.
More info: https://en.wikipedia.org/wiki/StartCom#Criticism

Secondly, the payment system is beyond a joke.
Time to move to a proper host with a post-2000 payment system.

 

[bobbytb]

Bummer. I checked from another machine today and got no warning - so proceeded to make payment. Which failed. Twice.

My domains were expiring soon - so I ended up doing an EFT eventually. Its really ancient how they manage their systems.

 

[chopsky]

Bummer. I checked from another machine today and got no warning - so proceeded to make payment. Which failed. Twice.

My domains were expiring soon - so I ended up doing an EFT eventually. Its really ancient how they manage their systems.

https://www.ssllabs.com/ssltest/analyze.html?d=secure.coza.net.za&s=206.223.136.209&latest
Their SSL is definitely not correctly setup.

http://co.za/news/2014/12-23.html
You're paying R125.40 for domain renewals I presume.
Why not move your domains elsewhere? You'll save money and time.

 

[Swa]

Also, isn't it ironic that payment via EFT requires us to fax proof of payment to them, yes FAX... :crylaugh:

Not strictly necessary last time I used it but then you have to include the domain invoice as reference. Kind of cumbersome when you're renewing multiple domains and it gets truncated by their bank and they end up renewing another domain from an old invoice. Don't know why they never instituted a customer account instead or better yet an electronic system. Guess that's never going to happen now with the new system as it will be competition for the registrars. Why not just move over at it's only getting more expensive each year and you can save over half?

 

[Thor]

Transfer your domain to domains.co.za you'll save so much money and have the ease of not having to work with legacy.

 

[bobbytb]

Been dealing with ZACR since the days of R50 domains.... time to move on.
Jeez - also didnt realize other registrars were way cheaper. Definitely need to do a bulk transfer asap!

 

[Thor]

Been dealing with ZACR since the days of R50 domains.... time to move on.
Jeez - also didnt realize other registrars were way cheaper. Definitely need to do a bulk transfer asap!

Your life will be transformed.
I moved a little over 400 domains lately. It's new world sir.

 

[bobbytb]

Funny, little did I know there was a whole world of choices out there, had it not been for the incident yesterday.

Note to self: get out from under the rock more often!

 

[MagicDude4Eva]

Holy crap. ZACR are using a StartSSL certificate?!
General rule: Websites using StartSSL SSL certificates are NOT to be trusted.
More info: https://en.wikipedia.org/wiki/StartCom#Criticism

Secondly, the payment system is beyond a joke.
Time to move to a proper host with a post-2000 payment system.

While their server is poorly managed, lets not jump the gun about StartSSL. While their ethics (and those of WoSign) are highly questionable in how they backdated certificates to work around the SHA1 deadline and how they did not disclose running on WoSign infrastructure and misled security forums - this was fully documented here: https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/edit

Since you rely on the CA to notify of certificate issues and since certain StartSSL certificates are still valid (and most browser providers will most likely not remove the root certs), it is very difficult for a cert user to determine the validity of a cert. Even SSLlabs shows the cert itself as valid.