01-26-2019 10:45 AM
i found that my PA cert for ssl decryption is under other people in chrome not in trusted root on one of computers.
still i am able to access websites where ssl decryption is enabled
any thoughts?
01-27-2019 03:36 AM
There are now more than one problems that lead to your situation:
01-27-2019 11:29 AM
@MP18 wrote:does this refer to websites where i do not get cert warning and there is no option for me to click on proceed ??
This one applies to website that show everything a little scrambled which is because the main page can load but css and javascripts, that are required for the website to show properly, cannot load as you don't see a cert warning for these other domains.
@MP18 wrote:Do you refer here connecting again when ssl decryption is enabled?
Exactly
01-26-2019 12:45 PM
Are you able to access any website? Does a cert warning show up or does it work as expected? Or are just the websites working where you already ignored the cert warning?
01-26-2019 04:18 PM
i tested some websites i can not access at all tried few times they all have below message
i get error message
privacy error
your connection is not private
cert had warning it shows for example
issue to linkedin.com
issued by 10.1.20.1 -----------PA cert
Attackers might be trying to steal your information from www.linkedin.com (for example, passwords, messages, or credit cards). Learn more
then website which opens up it also has cert warning not secure
issued to bmo,com
issued by 10.1.20.1
but webpage opens up with scrambled characters.
why some web sites does not open at all and some open up with not proper displays?
01-27-2019 03:36 AM
There are now more than one problems that lead to your situation:
01-27-2019 10:00 AM
Thanks for reply back
For
2>Websites that partly work is probably because you ignore the cert warning for the main page, but because javascript, css, images, ... are pulled from other domains you can't see the cert warning and so cannot ignore it and the connection fails.
For above I tested for e.g website bmo.ca i get warning
This server could not prove that it is www1.bmo.com; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
Proceed to ww w1.bmo.com (unsafe)
for this website i ignore the warning for main page and proceed so this works fine.
This part i got it.
When you say but because javascript, css, images, ... are pulled from other domains you can't see the cert warning and so cannot ignore it and the connection fails
does this refer to websites where i do not get cert warning and there is no option for me to click on proceed ??
3>for
when you connect again to such a website and the HSTS entry did not time out, then as described in HSTS RFC the browser is not allowed to give you a possibility to ignore the warning --> rhe connection fails completely
Do you refer here connecting again when ssl decryption is enabled?
01-27-2019 11:29 AM
@MP18 wrote:does this refer to websites where i do not get cert warning and there is no option for me to click on proceed ??
This one applies to website that show everything a little scrambled which is because the main page can load but css and javascripts, that are required for the website to show properly, cannot load as you don't see a cert warning for these other domains.
@MP18 wrote:Do you refer here connecting again when ssl decryption is enabled?
Exactly
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
