NET::ERR_CERT_AUTHORITY_INVALID
-
Applied these advices https://www.facebook.com/notes/protect-the-graph/upgrades-to-facebooks-link-security/2015650322008442/ ?
edit : and you're using Chrome so for example https://www.thesslstore.com/blog/clear-hsts-settings-chrome-firefox/
-
even if I use safari or any other browser i face the same error.
IMP: if I switch from the network connection(pfsense bypassed) immediately I am able to access all these websites.
So I feel this is an issue with pfsense -
@yogeesh said in NET::ERR_CERT_AUTHORITY_INVALID:
So I feel this is an issue with pfsense
I agree.
Do you agree with this : a detail : your pfSense and mine are the same. The only difference is : your settings and mine.
Do what do you think : "Install pfSense, and no more facebook.com for your network members". Do you think pfSense would last long ?So, what so different with your setup ?
-
So your running through proxy? Your running through VPN..
Out of the box pfsense would have zero to do with your connection..It just routes and nats it, all outbound connections are allowed. I take if you were trying to filter with e2guardian, your running proxy.. Disable that! Does it now work?
Running pfsense here, and zero issues with accessing facebook.
-
@Gertjan Don't know might be
How to verify the setting? -
You posted this :
@yogeesh said in NET::ERR_CERT_AUTHORITY_INVALID:
Re: Unofficial E2guardian package for pfSense
Do you know what E2guardian is ?
@johnpoz said in NET::ERR_CERT_AUTHORITY_INVALID:
Running pfsense here, and zero issues with accessing facebook.
Yeah. Lucky you.
And that's why I want to know why @yogeesh has issues with this.
( because I'm gonna sell this knowledge as a huge feature ) -
@Gertjan said in NET::ERR_CERT_AUTHORITY_INVALID:
E2guardian is ?
No I don't have any idea about E2guardian
-
Well why are you asking about it then???
You started this thread with
Re: Unofficial E2guardian package for pfSense
Look under your package manager - what do you show installed? If you have a proxy setup, disable it!
Your in the cache/proxy section - so you have proxy installed... If you have no idea how to run one or troubleshoot one.. Then you should disable it!
-
@johnpoz said in NET::ERR_CERT_AUTHORITY_INVALID:
your package manager
Nice catch !!
It could be, for example, a pfBlockerNG case, set up with the 'click on all the feeds cause it's free'. That would block facebook for sure, redirected to a pfBlockerNG notification web page, so the wrong cert is being returned and the browser start to yell about HSTS issues. -
Yeah that could be it... But his pic didn't include the address he was going to.. It could be redirection to the 10.10.10.10 address pfblocker uses by default.
Oh wait it does just show facebook.com - stupid chrome hiding actual urls!
Picture is so small can barely see anything anyway ;)
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
-
Show your package manger installed - this page.
Show all the packages you have installed.
-
@johnpoz said in NET::ERR_CERT_AUTHORITY_INVALID:
stupid chrome hiding actual urls!
That address bar is the best pishing detection tool possible, it will never lie to you, so Google decide to hide it .... Makes me wonder.
Anyway ....@johnpoz said in NET::ERR_CERT_AUTHORITY_INVALID:
Picture is so small can barely see anything anyway ;)
It's a generic picture we all see. Doesn't contain any useful information except for the error code and the four letter word HSTS. I guess @yogeesh will find out very soon that the only information we have are his words.
Quiet unreadable for use.I already suggested to use pfSense without any changes in the settings, which include of course packages (none should be used / installed).
The answer was :@yogeesh said in NET::ERR_CERT_AUTHORITY_INVALID:
I don't know whether its vanilla or not
I guess it's time to ask if there is actually a pilot on that plain
@yogeesh don't worry, the case will get resolved. It will take some time, though.
-
-
Well if you have no packages installed... Then pfsense would not be interfering with any traffic, it just routes/nats it...
Do you have anything setup in port forwards.. Show us your port forwards, and show us your lan rules please.
-
Oh.
That's a formal reply !
That removes many possible issues.Can you tell us what DNS servers you are using ?
Do you use the DNS Resolver - and did you chance something in it's settings ?
At the bottom of the ServicesDNS ResolverGeneral Settings page, do you have any overrides :
Can you resolve www.facebook.com using this :
edit : also : Your are using the DHCP Server for your LAN ?
Any settings have been chaged there ?
At the bottom of the page Status > DHCP Leases, all the devices from your LAN(s) are listed ?On the PC on your LAN, what are the IP settings ?
Typeipconfig /alllto see the gateway, DNS and IP
The gateway and DNS should be the IP of pfSense. By default, 192.168.1.1 the device IP would be something like 192.168.1.101 where 101 can by any number except 0, 1 and 255.
-
Great questions! All would be good info, maybe someone redirecting facebook.com - I was thinking a port forward to a proxy or something
-
@johnpoz said in NET::ERR_CERT_AUTHORITY_INVALID:
proxy or something
Might as well forget about the proxy.
He was just posting 'some where'.It all started here : https://forum.netgate.com/topic/113757/unofficial-e2guardian-package-for-pfsense/1189 post number 1189 using an ancient e2guardian thread. That thread mentions for sure the words "facebook" and "error" and "pfSense" and Google isn't always your friend (they made Chrome, so .... ).
edit @yogeesh : on a windows PC, can you check this file :
C:\Windows\System32\drivers\etc\hosts?
Does it contains "facebook" entries ?
Every possible PC using any OS has this file.
Linux/FreBSD devices have this file here :/etc/hosts -
So should prob remove that stuff from his thread, and move this to general area
edit: edited and moved.
-
