Knowledge Base

WordPress: Untrusted Certificate

| By

This error message appears when you try to sign into your WordPress blog using an untrusted SSL certificate:

 

Error message — Can’t verify identity of [name of website]

Ulysses can’t verify the identity of [“name of website”]

The certificate for this server is invalid. You might be connecting to a server pretending to be [“name of website”], which could put your confidential information at risk



Overview

When you want to publish to your WordPress blog, Ulysses needs to log into your site with your username and password. To ensure a potential attacker cannot pretend to be your blog, your website needs to identify itself with a certificate. When this alert is shown, the certificate was either invalid or expired. Ulysses can only be sure it's connected to your blog when the certificate is valid. If you continue to sign in, Ulysses cannot ensure that your password cannot be accessed by an unauthorized third party, even though all communications are encrypted.

Steps to Be Taken

Most of the time, this error occurs because a server uses a certificate which has not been signed by a known certificate authority. It is possible to get a free, valid SSL certificate from services like Let’s Encrypt. If your blog is hosted by a hosting service, please contact them to set up a valid certificate. If you are hosting your blog on your own server, Let’s Encrypt will also provide you tutorials and tools for setting up a valid certificate.


WordPress: Untrusted Certificate

SSL Certificates