The site does have a valid certificate (*.steem.io). It is possible that your antivirus program is not interpreting the certificate correctly. It could be using an old cert parser that doesn't do SAN, so it just reads the first field for DNS name and ignores the second.
The site does have a valid certificate (*.steem.io). It is possible that your antivirus program is not interpreting the certificate correctly. It could be using an old cert parser that doesn't do SAN, so it just reads the first field for DNS name and ignores the second.
But super excited for SMT-don't take it the wrong way :)
It seems that the current certificate is for
steem.io
and notsmt.steem.io
.As I'm not too versed in that area, I'm not sure if it's actually needed to have a certificate for each subdomain.
But what I can say is that my antivirus is not showing that error, even though it checks the websites for me as well.
And antivirus programs are known to often times show false positives.
Regardless, interesting find and it should def. be handled soon.
From what I read each subdomain needs at min a wildcard certificate
https://serverfault.com/questions/566426/does-each-subdomain-need-its-own-ssl-certificate