Amazon.in SSL Issue

Partho Sarathi

22 Nov, 2019 · 2 minutes read

This morning when I tried to shop some products on Amazon.in I received the following SSL error:-

Your connection is not private
Attackers might be trying to steal your information from amazon.in (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_COMMON_NAME_INVALID

So, I took a look at the certificate and found it to be for the domain *.cy.peg.a2z.cominstead of amazon.in.

Taking a look at the certificate chain, it seems that this certificate was issued by Amazon.

The domain a2z.comis also owned by Amazon Technologies, Inc.

Which is the same as the domain Amazon.in

So, everything looks okay here.

If I manually go to the Privacy Pageof Amazon.in, it is serving the correct SSL certificates:-

With a much shorter certificate chain.

I also checked the domain on SSL Shopperto make sure that this isn’t something on my end.

If I ignore the certificate error, I am able to go to the https://amazon.inpage which now serves the correct certificate. Most likely, this is a deployment error and not a hack. I wonder how Amazon is serving multiple certificates for the same domain.

Update:The error is with the host amazon.in. The www version of the domain is working fine. So, use www.amazon.into be safe.

The cleanest blogging platform


2024 © Maxotek. All rights reserved.