[opensuse] access certificate on firefox
How do I access a certificate on firefox? (FF52.8 on Leap 42.3) I'm trying to open my electricity supplier's website and FF says energyco.co.uk uses an invalid security certificate. The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net Error code: SSL_ERROR_BAD_CERT_DOMAIN but I can't find out how to actually inspect the certificate to see what FF is complaining about. chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Op donderdag 21 juni 2018 12:58:20 CEST schreef Dave Howorth:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
Click left on the (green) lock symbol, which opens a pop-up. On the top element you see a symbol >. Click left on it and further on down the tree you can inspect the presented certificate. -- fr.gr. member openSUSE Freek de Kruijf -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 21 Jun 2018 13:14:46 +0200 Freek de Kruijf <freek@opensuse.org> wrote:
Op donderdag 21 juni 2018 12:58:20 CEST schreef Dave Howorth:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
Click left on the (green) lock symbol, which opens a pop-up. On the top element you see a symbol >. Click left on it and further on down the tree you can inspect the presented certificate.
There is no green lock symbol or any lock symbol at all, since FF has determined that the connection is NOT secure. Clicking on the > on the info, then on More Information does not show any certificates in the usual place on the Security tab, presumably because no connection is made because the certificate is deemed invalid. Pressing Help doesn't give me any useful information. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Dave Howorth <dave@howorth.org.uk> [06-21-18 07:00]:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
firefox stores configurations and other below ~/.mozilla certificates are in berkley db files called cert#.db, as cert8.db
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
what has chromium to do with looking for firefox files? confusion? ps: first google search for "firefox certificates" yields as the very first site: "How do I check my certificates on Firefox?" wonder if that might help. ps2: going to firefox help menu, then searching for "check certificates" yields: Found 1806 results for check certificates for Firefox but then firefox was installed on an opensuse system so must be something that was opensuse specific, I guess. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 21 Jun 2018 07:17:34 -0400 Patrick Shanahan <paka@opensuse.org> wrote:
* Dave Howorth <dave@howorth.org.uk> [06-21-18 07:00]:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
firefox stores configurations and other below ~/.mozilla
certificates are in berkley db files called cert#.db, as cert8.db
Thanks. According to file I have a v1.85 database and according to <http://pybsddb.sourceforge.net/ref/dumpload/utility.html> I need db_dump185 to read it. But all I seem to have installed are db_dump and db48_dump both of which produce errors. $ file cert8.db cert8.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) $ db_dump cert8.db db_dump: __db_meta_setup: cert8.db: unexpected file type or format db_dump: open: cert8.db: Invalid argument $ db48_dump cert8.db db48_dump: __db_meta_setup: cert8.db: unexpected file type or format db48_dump: open: cert8.db: Invalid argument I can't find db_dump185 for opensuse using YaST or google.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
[snark ignored] -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* Dave Howorth <dave@howorth.org.uk> [06-21-18 08:50]:
On Thu, 21 Jun 2018 07:17:34 -0400 Patrick Shanahan <paka@opensuse.org> wrote:
* Dave Howorth <dave@howorth.org.uk> [06-21-18 07:00]:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
firefox stores configurations and other below ~/.mozilla
certificates are in berkley db files called cert#.db, as cert8.db
Thanks. According to file I have a v1.85 database and according to <http://pybsddb.sourceforge.net/ref/dumpload/utility.html> I need db_dump185 to read it. But all I seem to have installed are db_dump and db48_dump both of which produce errors.
$ file cert8.db cert8.db: Berkeley DB 1.85 (Hash, version 2, native byte-order) $ db_dump cert8.db db_dump: __db_meta_setup: cert8.db: unexpected file type or format db_dump: open: cert8.db: Invalid argument $ db48_dump cert8.db db48_dump: __db_meta_setup: cert8.db: unexpected file type or format db48_dump: open: cert8.db: Invalid argument
I can't find db_dump185 for opensuse using YaST or google.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
[snark ignored]
so I guess you also ingored the other approaches which provide other meanse to check the cherts. do as you will. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri Registered Linux User #207535 @ http://linuxcounter.net Photos: http://wahoo.no-ip.org/piwigo paka @ IRCnet freenode -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, Jun 21, 2018 at 1:58 PM, Dave Howorth <dave@howorth.org.uk> wrote:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
Advanced - Add Exception - View
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 21 Jun 2018 14:18:34 +0300 Andrei Borzenkov <arvidjaar@gmail.com> wrote:
On Thu, Jun 21, 2018 at 1:58 PM, Dave Howorth <dave@howorth.org.uk> wrote:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
Advanced - Add Exception - View
Sorry, where am I starting from? What is Advanced? Note that the error message also says: "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate." if that is relevant.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dave Howorth wrote:
Note that the error message also says: "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate." if that is relevant.
I think that is very relevant - HSTS is set by the webserver and in essence dictates to the browser only to access this website via https, ie. securely. I guess it could be interpreted to mean "no user exceptions" as well. -- Per Jessen, Zürich (14.4°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 22 Jun 2018 08:39:44 +0200 Per Jessen <per@computer.org> wrote:
Dave Howorth wrote:
Note that the error message also says: "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate." if that is relevant.
I think that is very relevant - HSTS is set by the webserver and in essence dictates to the browser only to access this website via https, ie. securely. I guess it could be interpreted to mean "no user exceptions" as well.
Thanks Per. I've managed to establish that it is a certificate fault at the webserver and that FF 60 will now allow the certificate to be viewed, as does chromium. I've reported the fault to the website owners. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 21.06.2018 12:58, Dave Howorth wrote:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
Hi Dave, does Firefox also present you a button labeled "Add Exception..."? If yes, then clicking that button should show a dialog which allows to view the certificate (and then permanently or for the session grant an exception for this certificate). What I've noticed: going to http://energyco.co.uk (the insecure way), shows me a "this domain is for sale" page. So in case the above is not a typo, it seems like it's not your energy provider that owns the domain now... /Andreas -- Cahn's Axiom: When all else fails, read the instructions. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Thu, 21 Jun 2018 15:13:30 +0200 Andreas Mahel <andreas@mahel.net> wrote:
On 21.06.2018 12:58, Dave Howorth wrote:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
but I can't find out how to actually inspect the certificate to see what FF is complaining about.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
Hi Dave,
does Firefox also present you a button labeled "Add Exception..."? If yes, then clicking that button should show a dialog which allows to view the certificate (and then permanently or for the session grant an exception for this certificate).
No it doesn't unfortunately. The error message says "it is not possible to add an exception for this certificate."
What I've noticed: going to http://energyco.co.uk (the insecure way), shows me a "this domain is for sale" page. So in case the above is not a typo, it seems like it's not your energy provider that owns the domain now...
Sorry, that's not actually the name of my energy company. It's just an example domain name. Or did you mean something different? An http connection to the actual domain redirects to an https connection, which then fails as described.
/Andreas
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/21/2018 09:07 AM, Dave Howorth wrote:
No it doesn't unfortunately. The error message says "it is not possible to add an exception for this certificate."
Sorry Dave, I have no silver bullet for you, but the scary part is we have now given complete-control over to our browsers as to what it will let us look at -- even if we know the risk, know the site and are willing to say "I assume the risk of looking at this site, please let me through..." Even asking nicely no longer works. Firefox is one of the last browsers that will let you "Add an Exception" (in most cases, not yours) in case of a certificate error. I read an article lately that says all most all remaining top browsers don't even give you that option -- they just won't connect at all. -- David C. Rankin, J.D.,P.E. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2018-06-21 12:58, Dave Howorth wrote:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
which URL? Because <http://energyco.co.uk/> says: The domain name energyco.co.uk is for sale! If I try <https://energyco.co.uk/> then I get: +++---------------- Your connection is not secure The owner of energyco.co.uk has configured their website improperly. To protect your information from being stolen, Firefox has not connected to this website. Learn more… Report errors like this to help Mozilla identify and block malicious sites ----------------++- Well, as this site is a parked domain, it is not strange that the certificate doesn't match the domain. On the url box there is a an 'i' inside a circle. Clicking expands the security information. Chrome produces the exact same error: +++---------------- Your connection is not private Attackers might be trying to steal your information from energyco.co.uk (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALID Automatically send some system information and page content to Google to help detect dangerous apps and sites. Privacy policy ADVANCED Back to safety ----------------++- Click on advanced produces: +++---------------- This server could not prove that it is energyco.co.uk; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection. Proceed to energyco.co.uk (unsafe) ----------------++- And clicking on proceed produces another error: +++---------------- This site can’t be reached The webpage at https://energyco.co.uk/ might be temporarily down or it may have moved permanently to a new web address. ERR_SPDY_PROTOCOL_ERROR ----------------++- Conclusion: THAT is not your electricity provider. Or no longer is. -- Cheers / Saludos, Carlos E. R. (from 42.3 x86_64 "Malachite" at Telcontar)
Dave Howorth wrote:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Assuming your electricity supplier does not run their website under one of those names, well, that's the reason. The certificate is only valid for those names.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
That is odd. You really should see the same behaviour, regardless of which browser you're using. -- Per Jessen, Zürich (15.0°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Fri, 22 Jun 2018 08:58:18 +0200 Per Jessen <per@computer.org> wrote:
Dave Howorth wrote:
How do I access a certificate on firefox? (FF52.8 on Leap 42.3)
I'm trying to open my electricity supplier's website and FF says
energyco.co.uk uses an invalid security certificate.
The certificate is only valid for the following names: *.azurewebsites.net, *.scm.azurewebsites.net, *.azure-mobile.net, *.scm.azure-mobile.net, *.sso.azurewebsites.net
Error code: SSL_ERROR_BAD_CERT_DOMAIN
Assuming your electricity supplier does not run their website under one of those names, well, that's the reason. The certificate is only valid for those names.
chromium by contrast opens the website and shows me a certificate that looks sensible. I want to understand whether it has been fooled or ff is borked.
That is odd. You really should see the same behaviour, regardless of which browser you're using.
Yeah, that was fat finger trouble on my part. Chromium actually behaves like FF but it does let me inspect the faulty certificate. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (8)
-
Andreas Mahel -
Andrei Borzenkov -
Carlos E. R. -
Dave Howorth -
David C. Rankin -
Freek de Kruijf -
Patrick Shanahan -
Per Jessen