Bing doesn't support SSL

TL;DR: Bing doesn't support SSL on www.bing.com and has never publicized it as a supported feature. The submitter had to manually type https://www.bing.com into the address bar to generate this 'error'.

Bing does support SSL on ssl.bing.com and publishes various links on that sub-domain, such as https://ssl.bing.com/webmaster/home/mysites

The fact that the https://www.bing.com redirects to the HTTP version should be enough to show that this a known, unsupported case on the primary domain. The behavior has been like that for years.

Wow, that's the first time I've ever seen a 0-word article get the TL;DR treatment.

Working in information security, I see this far, far too often in support tickets from employees who are unable to get to a site because our proxy is blocking misconfigured certificates. Usually we like to reach out to the owner of the site and have them update their configuration, and it gets quite frustrating when we find an unresponsive organization. Having to bypass cert checking for a site on our end is a huge security risk, and defeats the purpose of even having an SSL cert.

Companies! Make sure your certs are all in order! There's no reason to send a page to your users over HTTPS if they can't trust the certificate. Canonical has been a long-time offender of this, with many of their pages sporting a certificate signed to canonical.com but being served by ubuntu.com.

Don't forget the X09v3 alternate subject names.

https://bing.com/

Subject: CN=* .bing.com

X509v3 Subject Alternative Name: DNS:ieonline.microsoft.com, DNS:* .bing.com, DNS:* .windowssearch.com

--

https://www.bing.com/

Subject: C=US, O=Akamai Technologies, Inc., CN=a248.e.akamai.net

X509v3 Subject Alternative Name: DNS:a248.e.akamai.net, DNS:* .akamaihd.net, DNS:* .akamaihd-staging.net

We were experiencing a similar issue with a third party analytics solution where their SSL cert all of the sudden started to be delivered by Akamai as opposed to the FQDN of the company, as it was before. I am curious if Akamai is at fault here?

Sounds like something you could license to companies to use as a lead generation tool - like HubSpot's Marketing Grader http://marketing.grader.com/

Stackify created this exact thing after the last time this happened with MS Azure about 2 months ago. It's called certalert.me (http://certalert.me) and is a free service.

It's not a huge business, but it was almost trivial to setup with all the advanced monitoring & diagnostics that stackify typically does anyway.

The sad thing is that SCOM can monitor for pending certificate expiration and validity. If Microsoft dogfooded a little more, they might have seen this.

Venafi[1] has made a pretty good business out of cert management.

1. http://www.venafi.com/solutions/ssl-certificate-management/

I usually put a check for "SSL certificate expires in less than 30 days" in the NMS. There is certainly a market for network monitoring as a service and this is a useful check to have in one.

I love this one:

http://www.whynopadlock.com/

Which protocols do you support besides https? imap or pop with tls perhaps?

I have noticed that Bing is actually getting better. However, I still prefer Google for most things. Google "assumes" what you are looking for, this can be good or bad depending on what you are searching. Bing on the other hand is like the early version of Google, literal search with minimum assumption. I am glad it is there as a fallback from Google. If the Google servers go down or if they pull some crap like ban Google search from windows phone, Bing is a decent alternative.

One thing I really appreciate from Bing is catching upto Google maps. Throughout the whole Google Maps and Windows phone fiasco, I din't miss GMaps a bit, between Nokia Maps[1] and Bing Maps [2], there isn't much I missing out from not using Google maps. Infact, I would to love Google to catch up to Nokia by offering offline maps.

Another mention is their Bing Flight [3] search, similar to kayak minus their cookie/OS price manipulations. It also comes with an awesome price prediction.

Overall, Bing has some great products but if they really want to compete with Google Search, they really need to improve their algo.

[1] http://here.com [2] http://maps.bing.com [3] http://flights.bing.com

I think Google has like 90% market share in Europe, and most of the rest is taken by Yandex/Yahoo. Bing has a very tiny market share worldwide (like 2%-4%).

I didn't know that DuckDuckGo and Yahoo pass their queries onto Bing. Does anyone else have any information on that, it sounds really interesting.

The problem is that whilst being 'close' to as good as Google is a real achievement, they miss by far enough that it actually matters to most people.

Sure they might be godo enough that if they are a default, lots of people won't worry about changing, but not being as good as Google means there isn't much impetus for Google users to switch.

I think it's as simple as having chosen an awful name. Bing is physically difficult to pronounce and it evokes no meaning whatsoever.

Its so impressing how Bing manages to deliver search results as well curated as those from Google. But wait, I just remembered that is because of they rely on search results from Google. ;P

http://googleblog.blogspot.de/2011/02/microsofts-bing-uses-g...

I understand Hulu and Netflix but I have a hard time understanding why Amazon wouldn't support SSL. It does put a heavier processing load on web servers but you would think that if someone wants to encrypt their shopping traffic Amazon would be open to accommodating that.

It is not, by any means, trivial to find out what products someone is looking to buy and could be the basis of a social engineering hack.

I wished if Youtube videos were allowed under https. Currently, it just redirects to an error. If it didn't, this will put an end to ISPs throttling the Youtube streaming.

Bing's birds-eye view maps are great. Google is trying to add the same isometric views but their coverage isn't nearly as good.

I couldn't find something on google, so I decided to give it a try. Can't hurt. I wanted to find out if anyone has done a study on language confusion(the effect where Russians have a hard time getting good at Polish because they confuse Polish words with Russian ones). Still can't find it ;)

Don't want google to know everything that I'm doing. Especially when searching for porn.

comment of the day!

Australian Ebay (https://www.ebay.com.au/) has had the same problem for months, although I appear to get no response for https://www.ebay.com, so I'm not sure what their policy is on SSL access to the homepage.

I expect that Microsoft will fix Bing much more quickly.

Easy fix? What the hell?

I don't like or use Bing services but when you get as big and complex as Bing, nothing is easy, it's not like you can open your text editor, modify one line, commit and push.

There so many other variables to take into consideration, by hurrying to fix, you could face all sort of vulnerabilities / other issues.

I'm not saying this error is acceptable, I'm saying it's ridiculous to say it's and easy fix without actually knowing anything, it might or it might now.

This is not new and probably will not be fixed fast - the situation has been like that (unchanged) since at least 2011.

I think it's always been like this. Bing has never run over https as far as I can tell.

According to MS guys this is not an error, SSL is supported at https://ssl.bing.com/ which is what their tools use.