Jump to content

Two sites won't load


Pentode

Recommended Posts

When going to Wires UK the site doesn't load, I get 'Protocol filtering error' asking me to import Root Certificate, this is only on a couple of sites otherwise everything else is fine, just these two particular sites. The actual address bar does not show the target address, just the Google link.

I've tried two operating systems, Win 7  x64bit  and XP x32bit, both have latest Nod 32 AV installed. I've also tried the usual tricks disabling SSL, enabling  and rebooting etc. as shown on Nod 32 help pages.... makes no difference, also tried adding an exception rule. If I disable Nod32 these two will still not load, I forgot what the 2nd site was but wasn't really important.

For some strange reason I don't get the error message any more, on XP 32bit the page is just blank with about:config in the address bar. When I get time I'll make a clone and remove NOD32 to see if that helps.... the site had used to work before NOD32 was updated.

Be grateful if anyone could throw some light on this problem.

 

Dave

Link to comment
Share on other sites

  • Administrators

What browser did you use? Did you also try opening IE on Windows 7? If you mean the website https://www.wires.co.uk/, it uses an EV certificate which means its not filtered / scanned by default by ESET so disabling SSL filtering should have no effect on it. Did you also try disabling protocol filtering?

Link to comment
Share on other sites

36 minutes ago, Marcos said:

website https://www.wires.co.uk/, it uses an EV certificate

Same here. No problem accessing it in IE11 or FireFox on Win 10. Did notice the site uses a flakey Comodo multi-domain EV certificate. If the browser is Chrome, maybe the multi-domain thing is what it is objecting to.

Link to comment
Share on other sites

Thank you Marcos and itman, I'm using Firefox 46.0.1. Yes it's the same on Internet Explorer, also same on a Acer laptop again using Nod32 with Win 7 32bit starter pack.

I did try switching Protocol filtering that made no difference, the site was working prior to updating the program I'm pretty sure of that..... maybe I'll clone a drive then try it without Nod32 and then to a re-install.

Be glad if you could confirm disabling Nod that it doesn't leave anything running like filtering and so on. Thought it strange because all any other pages seem pretty responsive loading. Clicking the cache triangle that opens Ok, but that's only Google as I understand.

Should I manage solve it I'll post back, thanks for trying.

 

Dave

 

Link to comment
Share on other sites

  • Administrators

On Windows 7 you should be able to use the latest version of Firefox 66.0.5. Is there any reason why you haven't upgraded yet? If disabling protocol filtering doesn't make any difference, then ESET should not be involved and even uninstalling it should not make the issue go away.

Link to comment
Share on other sites

Per FireFox trouble shooting FAQ:

Quote

The error occurs on one particular site only

In case you get this problem on one particular site only, this type of error generally indicates that the web server is not configured properly.

Missing intermediate certificate

On a site with a missing intermediate certificate you will see the following error description after you click on Advanced on the error page:

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

The website's certificate might not have been issued by a trusted certificate authority itself and no complete certificate chain to a trusted authority was provided either (a so-called "intermediate certificate" is missing).

You can test if a site is properly configured by entering a website's address into a third-party tool like SSL Labs' test page. If it is returning the result "Chain issues: Incomplete", a proper intermediate certificate is missing. You should contact the owner of the website you're having troubles accessing to inform them of that problem.

https://support.mozilla.org/en-US/kb/error-codes-secure-websites

Now refer to the below screen shot. It appears to me your FireFox's Authorities certificate store doesn't contain the proper certificate chain relationship; i.e. Certificate Hierarchy, for this web site. Like @Marcos posted previously, upgrade to the latest version of FireFox. I strongly suspect by doing so, this problem will be resolved.

Eset_Wires.thumb.png.6aea8fb1c4f94bce387cf853a2ac2c62.png

 

Edited by itman
Link to comment
Share on other sites

It also appears to me that FireFox is showing the incorrect certificate hierarchy for this web site. That's not surprising given the recent mess Mozilla created by letting their own certificate expire. Anyway, below is a screen shot of IE's certificate hierarchy for this web site. Note that the Sectigo RSA Intermediate root certificate chains to a different root CA store certificate. Note that IE11 uses the Windows root CA certificate store.

Eset_IE_Wires.thumb.png.0902005edb2e4dfa93a473f23f5555ab.png

 

Link to comment
Share on other sites

Yikes! Comodo, aka UserTrust, is now Sertigo: https://sectigo.com/blog/sectigo-begins-issuing-certificates-on-new-sectigo-branded-root .

Appears to me that Mozilla hasn't gotten around to updating FireFox's Authorities CA store as it should have. This is one reason why I still use IE11 as my browser.

-EDIT- IE11 uses the root CA store certificate "friendly name" for the issuer in its Certificate Hierarchy display. The root cert. was actually issued by USERTrust and is the same one stored in FireFox's Authorities CA store.

Edited by itman
Link to comment
Share on other sites

Wow, thanks itman that saves me a lot of messing around, as I understand no matter what I do I'd be landing back on square one, thanks to other contributors too.

I would have had no idea since I couldn't get to see the certificate.... at least I don't think I could, so this means I'll have to 'stick it' or review some other browser. 

Dave

 

Link to comment
Share on other sites

3 hours ago, Pentode said:

I would have had no idea since I couldn't get to see the certificate.... at least I don't think I could, so this means I'll have to 'stick it' or review some other browser. 

As far as not being able to access the web site in either Win XP or Win 7 in IE11, the following comments.

Win XP has not been supported by Microsoft for some time. As such, we can assume that its Windows root CA store certificates likewise haven't been updated. Hence, the certificate errors reported trying to access the web site.

As far as Win 7 goes, have you been performing regular Win Updating on the device? Even if you were, I always had issues with my Windows root CA store certificates being updated properly on Win 7. Hence again, a possible reason for the certificate errors reported trying to access the web site.

Edited by itman
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...