The organization that employs me is a bit small, perhaps 275 employees by the end of this year. We are a not-for-profit medicare provider for a small region in the state of Kentucky. My staff is a total of five -- three service desk folk, and two infrastructure folk.
Most of the employees here use a data entry system based in a hosted Citrix system provided by a much larger organization (a well-recognized name in the medical data field, but who shall remain nameless) based in another state on the eastern seaboard.
They are migrating their website to a new URL, and a month ago informed me that the "old" URL would stop functioning soon and that my users needed to change their bookmarks and links. By itself, that's a fair ask and something that my team would certainly handle.
Except, their new URL has a broken SSL certificate. When I visit the new URL, the browser warns that the certificate FQDN does not match the URL that was entered. Now, as an IT "guy", I get what is broken and I understand that it's probably just an oversight on their part. A glaring oversight that should've been caught on their very first attempt to use the site, but whatever.
I send them a note: "Hey, your cert is b0rked. I really can't migrate users to a broken SSL site until you get that fixed. Lemme know when you're done."
Nothing. For three weeks. I finally sent another note at the beginning of this week, after noticing they still haven't fixed it, saying something akin to (but not verbatim of course): "Hey, uh, so this is still just as broken today as it was three weeks ago. Any ETA on this so that we can get moving?"
The response I get, distilled into one sentence: "What browser are you using?"
Wait, what the fuck question is that? I reply back, with the obvious: "No, you dolt. This isn't a browser error, this is YOUR CERTIFICATE IS BROKEN. Go fix your shit."
They want a screen capture, in IE, because they think it's a ??? browser issue ???.
Now I'm angry. I send them a screencap in IE8, IE9, IE10, the IE11 beta, from Chrome, from FireFox, from Opera, from Mozilla, from Safari, and even took a screencap from my android phone on the AT&T network -- all of them showing the certificate failure.
Their response,distilled into yet another single sentence: "Oh, yeah just like CONTINUE and it will be fine."
This is a system that houses personally identifiable health information, which is absolutely under the strict guidelines specifically outlined in HIPAA law. Our only source of income is federal and state funding for Medicare. And your'e telling me that I should teach 200 of my users to IGNORE A CERTIFICATE FAILURE that specifically says "THIS ISN"T THE WEBSITE YOU THINK IT IS", and click Continue, and it will be fine?!?
WHAT.
THE.
FUCK.
I sent back the note simply saying "No, I will not accept that solution. You will fix your SSL certificate for your website, or my legal team will talk to your legal team about breach of contract."
It's a damned SSL cert, I just bought a wildcard cert for my company's domain name for $700 for five years. Quit being cheapasses and FIX YOUR SHIT.
</rant>
Most of the employees here use a data entry system based in a hosted Citrix system provided by a much larger organization (a well-recognized name in the medical data field, but who shall remain nameless) based in another state on the eastern seaboard.
They are migrating their website to a new URL, and a month ago informed me that the "old" URL would stop functioning soon and that my users needed to change their bookmarks and links. By itself, that's a fair ask and something that my team would certainly handle.
Except, their new URL has a broken SSL certificate. When I visit the new URL, the browser warns that the certificate FQDN does not match the URL that was entered. Now, as an IT "guy", I get what is broken and I understand that it's probably just an oversight on their part. A glaring oversight that should've been caught on their very first attempt to use the site, but whatever.
I send them a note: "Hey, your cert is b0rked. I really can't migrate users to a broken SSL site until you get that fixed. Lemme know when you're done."
Nothing. For three weeks. I finally sent another note at the beginning of this week, after noticing they still haven't fixed it, saying something akin to (but not verbatim of course): "Hey, uh, so this is still just as broken today as it was three weeks ago. Any ETA on this so that we can get moving?"
The response I get, distilled into one sentence: "What browser are you using?"
Wait, what the fuck question is that? I reply back, with the obvious: "No, you dolt. This isn't a browser error, this is YOUR CERTIFICATE IS BROKEN. Go fix your shit."
They want a screen capture, in IE, because they think it's a ??? browser issue ???.
Now I'm angry. I send them a screencap in IE8, IE9, IE10, the IE11 beta, from Chrome, from FireFox, from Opera, from Mozilla, from Safari, and even took a screencap from my android phone on the AT&T network -- all of them showing the certificate failure.
Their response,distilled into yet another single sentence: "Oh, yeah just like CONTINUE and it will be fine."
This is a system that houses personally identifiable health information, which is absolutely under the strict guidelines specifically outlined in HIPAA law. Our only source of income is federal and state funding for Medicare. And your'e telling me that I should teach 200 of my users to IGNORE A CERTIFICATE FAILURE that specifically says "THIS ISN"T THE WEBSITE YOU THINK IT IS", and click Continue, and it will be fine?!?
WHAT.
THE.
FUCK.
I sent back the note simply saying "No, I will not accept that solution. You will fix your SSL certificate for your website, or my legal team will talk to your legal team about breach of contract."
It's a damned SSL cert, I just bought a wildcard cert for my company's domain name for $700 for five years. Quit being cheapasses and FIX YOUR SHIT.
</rant>
