I have had several hundred visitors and there have been two or three that have reported to get the "This website is insecure" warnings. The latest reported the same result in both the latest version of Firefox (57) and IE. I've tested on several browsers and OS's; including the same config of (win7 and FF57) the last report I have and didn't see issue. The only thing I can figure is the user's computer perhaps has malware that has overwritten their root certs. Does that make sense? Any other possibilities here?
Related
Recently I have had a rather disturbing issue. Seemingly at random I get err_cert_authority_invalid errors from various websites which goes away after about 15 minutes. This is particularly bad for me because one of them is discordapp.com and the discord application suffers the same problem shutting down my ability to use discord at all. The nvidia driver site also had the same problem. I tried this on Chrome, Firefox, and Edge and got the same issue with all three browsers. As far as I know the only cause for this error is when a certificate is signed by an untrusted authority.
Upon examining the certificate data, this is what I discovered:
During the issue
Issuer: Cisco
Issued to: discord.com
Expiry: duration of the cert is only about five days but the current date is always within that five day range
After the issue passes
Issuer: COMODO
Issued to: ssl764977.cloudflaressl.com
Expiry: From May 2020 to End of November 2020
As far as I can tell, they aren't self-signed because issuer and issued-to are different. The expiration date has not passed. The only conclusion is that the issuer isn't trusted. Sadly I don't remember the before/after for the nvidia site (when it happens again, I'll get screenshots).
I was concerned that I may have a virus so I made sure that wasn't the case by doing a full reformat of my computer (it was due for one anyway). The issue still arises. Furthermore, I tried using my laptop and it doesn't experience this issue, although I only tried my laptop for a short time so maybe this intermittent problem just didn't trigger. The only thing I can think of that can be causing this is a Windows security update, but then you would think my google fu would find evidence of others experiencing the same problem right now, which it doesn't. Although there are countless similar issues from various times over decades. How can I discover the source of this problem in an effort to fix it? The problem is occurring a couple of times each day now.
For reference:
Windows 10 x64 build 1909 (No updates required)
Chrome 86.0.4240.111
Firefox 82.0
Microsoft Edge 44.18362.449.0
I have included screenshots of the traceroutes and certs here
Edit 1: Changed causes for error to only the one the comments suggested was the problem.
Edit 2: Included link with screenshots
I think I found the cuplrit. It is my workplace VPN, I forgot to disable it because it just sits hidden in my system tray and it was wreaking havoc with my DNS lookups.
PhpStorm version 2017.2.3:
I am suddenly getting notifications such as the screenshot below, and they're persistent:
I believe (as you may be able to gather from the image), that what is happening is that PhpStorm is trying to connect to the http://www.viridor.co.uk domain and then is being presented with an untrusted certificate from the (https) domain varient.
I keep telling PhpStorm to reject this certificate. I don't want it saved. But PhpStorm keeps bringing up this notice.
What I've tried:
I have read through the settings menu to see if I can find a way of sorting this but have not found anything suitable:
What I'd like to achieve:
Why does PhpStorm reject the certificate, can we edit these rejection criterias? this is the first time I've seen this and I'm sure PhpStorm has been checking a multitude of links from various project sites I work on. (please see below some certificate diagnostics)
How can I get PhpStorm to remember my rejection for this certificate?
If not, how can I turn off PhpStorm checking URLs outside the project scope (hopefully for just this project rather than all projects)?
Extra info:
I have run the url (viridor.co.uk) through the Qualys SSLTest and it came back
This server's certificate chain is incomplete. Grade capped to B.
source.
I would like to think that this certificates problems are the direct cause of this issue, but now I'd like to know how I can solve this issue.
I have a site running with an SSL certificate from Comodo/InstantSSL which should have 99% compatibility.
In my testing everything seems to work fine, however I've had some users send me screenshots of browser warnings about the security of my site:
Security warnings have been seen on IE 11 and Chrome 52 so the certificate should be valid.
The site is https://sololet.com
Can anyone tell me how I can debug this situation and find the problem, as like I said, it works fine for me on iPhone, iPad, Safari on MAC.
Thanks
I had such an issue with mobile clients (also a commodo certificate).
For (at least) Android clients you need to use a full-chain-certificate that includes your root- and intermediate certificate besides your domain certificate. This is also the result of a ssl-sitecheck at https://www.ssllabs.com/ssltest/analyze.html?viaform=on&d=sololet.com
You should have received both files from commodo or your respective reseller.
Combine all 3 files into one and use that file as certificate in your vhost configuration.
Combine like:
YOUR-CERT
ROOT-CERT
INTERMEDIATE-CERT
That solved our issue.
recently, I ordered a SSL certificate for my website. Prior to that, everything worked fine for me, the website was fast and I had no issue. Since the certificate has been installed by OVH... Well... Things changed... The issue is that not everybody has the same behaviour as me. When I go on "https://www.areaprog.com/" with different browsers, here is what I get:
Chrome:
"Your connection is not private
Attackers might be trying to steal your information from
www.areaprog.com (for example, passwords, messages or credit cards).
NET::ERR_CERT_COMMON_NAME_INVALID"
Firefox:
"This connection is untrusted
You have asked Firefox to connect securely to www.areaprog.com, but we
can't confirm that your connection is secure.
Technical details:
www.areaprog.com uses an invalid security certificate.
The certificate is only valid for ssl2.ovh.net
(Error code: ssl_error_bad_cert_domain)"
Internet explorer:
"The security certificate presented by this website was issued for a
different website's address.
Security certificate problems may indicate an attempt to fool you or
intercept any data you send to the server."
I asked to OVH and everything is fine for them and apparently, it is also the case for other people out there (I asked around to see if I was the only one), but other people also experiences the same issue...
Moreover, Firebug keeps on saying:
"This site makes use of a SHA-1 Certificate; it's recommended you use
certificates with signature algorithms that use hash functions
stronger than SHA-1"
Besides, for people who are experiencing this issue, well, the site is extremely slow. For me, a simple page takes more than 20 seconds to load...
Does some of you have the same issue than me and does someone have an idea of what to say to OVH who keeps telling me that everything is OK?
Thanks a lot
I have started looking into testing our site with BrowserStack.
However, I'm having issues with live-testing (as opposed to automated testing with Selenium, which mostly works fine) a site we're developing as we're serving it with a self-signed certificate.
Manually approving the certificate doesn't bother me as much as the fact that some Ajax request are failing (at least on IE10) due to security issues and this makes it impossible to actually manually test the site.
An acceptable solution would be to somehow add our self-signed cert. into the list of trusted root CAs. However, I haven't found out how to upload files into the BrowserStack test environment (not sure if that's even possible, really).
Any ideas ?
I contacted BrowserStack about this issue, and their formal response is:
"We currently do not support installing client certificates on the remote machines. However, this is on our list, and we’ll keep you posted."
Hopefully this issues will be resolved soon and I'll post a different answer here.
April 2021 update:
BrowserStack has shipped a toggle to trust self-signed certs.
It is available on iOS and Android devices for now.
When it happens, open the "Network" tab, and open in a new tab the request which is failing. If it is "just" a certificate issue, you would then be able to bypass the warning. Then, your request should work correctly.
When the "Cannot Verify Server Identity" dialogue pops up, click details, then 'Trust'. This will work if all calls are to the same domain as the website.