The internal website is for authorized IBeAM users only! It
requires a special account on the webserver. Please email the
webmaster if you need an
account.
Click here to enter the
internal website.
[First time users: Please read information below
about certificates.]
Frequently Asked Questions
Q: Why do I get a warning from my browser when I try to enter the
internal website?
A:
In order to secure your username and password (as well as the contents
of all of the in the internal website) from people who can read the
information in transit, the link transfers you to a secure (called
HTTPS) connection. In order to support secure connections, the
webserver must have a digital certificate which proves its
identity. When your web client (Internet Explorer, Netscape, etc.)
receives this certificate, it checks several things:
- Certificate website name matches actual website name
- Certificate has not expired
- Certificate signed by valid certification authority
The first check passes because the certificate was created for
www.ibeam.asu.edu. The second check passes as long as your
computer's date is correct. The third check will fail because the
certificate has been signed by our own certification authority. This
authority is not recognized by the major browsers (and never will
be). In order to get around this problem:
- Internet Explorer: Select "Yes" when the Security Alerts asks if
you want to proceed. You will not be asked again until you restart
Internet Explorer.
- Netscape: When the "New Site Certificate" dialog appears, select
"Next" twice until you are asked how long you would like to accept the
certificate. Select "Accept certificate forever" and select "Next"
two more times and finally click on the "Finish" button. You will not
be asked to verify the certificate again.
Q: Why isn't your certificate signed by a recognized
authority?
A:
Recognized authorities include companies such as
Verisign and
Thawte. These authorities charge
$125 and up per year for a certificate signed by them. The IBeAM
internal site can hardly justify such an expense for so few users.
Q: Is your site secure?
A:
Secure enough. The primary purpose of HTTPS on this server is to
prevent usernames and passwords from being stolen in transit. By
accepting a certificate from an unauthorized source, you enable secure
communication, but you cannot be absolutely sure of who you are
communicating with. So, a sufficiently motivated person could spoof
the network connection and impersonate the internal website, thereby
stealing your password. However, the casual cracker will not go to
such lengths and further security measures are not worth the effort or
expense.
| 
