Products > Networking & Wireless

Being blocked suddenly from uncert'd https sites.

<< < (4/6) > >>

janoc:

--- Quote from: peteb2 on December 22, 2021, 08:33:51 am ---
I think this is exactly what has happened. I've been dealing with the company security guru in IT whose replies to my rants have been very abstract. He obviously doesn't understand how i have always worked & what i actually do. He's more involved with the office staff that i assume email all day & type data into databases or spreadsheets etc & then go home who spend more time on the company's IntraNet doing mediocre social communication crap. Not the engineering i do...

I will ask him about Let's Encrypt & see what he says (or feigns it's nothing & then suddenly it works again)... interesting!

--- End quote ---

If that is what happened then you have a much bigger problem at your company than you think - because you are using woefully outdated browsers. This root certificate has been updated in Firefox over a year ago, long before the offending certificate has actually expired in September.

Digilent's certificate is fine but if your browser has outdated/expired root certificates then it won't be able to validate the Digilent's cert and you will get an error.

mfro:
Something we often see is perimeter firewalls breaking up the https stream to be able to introspect the contents for malware.
Your browser will then be presented a replacement certificate (often self-signed) from the firewall instead. If your organisation doesn't properly implement a CA (and properly distributes its certificate chain to the clients), you'll see this errors. Easily spotted by inspection of the certificate.

SiliconWizard:
Yeah, Firefox now prevents from downloading anything if the link is not https (but you can still bypass it.) Whatever it is. Like PDF files.
Fun thing is, many sites all over the world still contain many links that are not https. Including Wikipedia. If, instead of a warning that you can bypass, suddenly all access to non-https stuff was blocked, you'd break probably 90% of the web.

janoc:

--- Quote from: mfro on December 22, 2021, 04:56:46 pm ---Something we often see is perimeter firewalls breaking up the https stream to be able to introspect the contents for malware.
Your browser will then be presented a replacement certificate (often self-signed) from the firewall instead. If your organisation doesn't properly implement a CA (and properly distributes its certificate chain to the clients), you'll see this errors. Easily spotted by inspection of the certificate.

--- End quote ---

True but then you would get this error on every https site and not http (unecrypted one). I.e. exactly the opposite of what the OP is complaining about ...

E.g. Fortinet's Fortiguard does exactly this but they have a whitelist of sites where this man-in-the-middle attack is not performed - e.g. some banking sites and such. So you don't get always a broken encryption. But again, this is not what the OP is complaining about.

janoc:

--- Quote from: SiliconWizard on December 22, 2021, 05:31:30 pm ---Yeah, Firefox now prevents from downloading anything if the link is not https (but you can still bypass it.) Whatever it is. Like PDF files.
Fun thing is, many sites all over the world still contain many links that are not https. Including Wikipedia. If, instead of a warning that you can bypass, suddenly all access to non-https stuff was blocked, you'd break probably 90% of the web.

--- End quote ---

That's not quite true unless you turn on a non-default setting "Https only mode".

Navigation

[0] Message Index

[#] Next page

[*] Previous page

There was an error while thanking
Thanking...
Go to full version