NET::ERR_CERT_AUTHORITY_INVALID
-
Well if you have no packages installed... Then pfsense would not be interfering with any traffic, it just routes/nats it...
Do you have anything setup in port forwards.. Show us your port forwards, and show us your lan rules please.
-
Oh.
That's a formal reply !
That removes many possible issues.Can you tell us what DNS servers you are using ?
Do you use the DNS Resolver - and did you chance something in it's settings ?
At the bottom of the ServicesDNS ResolverGeneral Settings page, do you have any overrides :
Can you resolve www.facebook.com using this :
edit : also : Your are using the DHCP Server for your LAN ?
Any settings have been chaged there ?
At the bottom of the page Status > DHCP Leases, all the devices from your LAN(s) are listed ?On the PC on your LAN, what are the IP settings ?
Typeipconfig /alllto see the gateway, DNS and IP
The gateway and DNS should be the IP of pfSense. By default, 192.168.1.1 the device IP would be something like 192.168.1.101 where 101 can by any number except 0, 1 and 255.
-
Great questions! All would be good info, maybe someone redirecting facebook.com - I was thinking a port forward to a proxy or something
-
@johnpoz said in NET::ERR_CERT_AUTHORITY_INVALID:
proxy or something
Might as well forget about the proxy.
He was just posting 'some where'.It all started here : https://forum.netgate.com/topic/113757/unofficial-e2guardian-package-for-pfsense/1189 post number 1189 using an ancient e2guardian thread. That thread mentions for sure the words "facebook" and "error" and "pfSense" and Google isn't always your friend (they made Chrome, so .... ).
edit @yogeesh : on a windows PC, can you check this file :
C:\Windows\System32\drivers\etc\hosts?
Does it contains "facebook" entries ?
Every possible PC using any OS has this file.
Linux/FreBSD devices have this file here :/etc/hosts -
So should prob remove that stuff from his thread, and move this to general area
edit: edited and moved.
-
-
;; QUESTION SECTION: ;106.61.112.146.in-addr.arpa. IN PTR ;; ANSWER SECTION: 106.61.112.146.in-addr.arpa. 3600 IN PTR hit-adult.opendns.com.looks like being blocked as adult in opendns!
Would explain why when not using pfsense works, because not using opendns..
-
@johnpoz said in NET::ERR_CERT_AUTHORITY_INVALID:
adult in opendns!
So, DNS isn't being done by pfSense, but relayed to opendns.
Using default pfSense settings would probably have solved the issue right away.I have an account with OpenDNS, so I tested. Activated the "adult" level.
I visited https://www.facebook.com and ..................
Case closed ^^
-
Yup closed - finally!
Is it really an adult-hit for facebook, or is a timewaster hit? The ptr on that IP returned say adult hit.. hehehehe
-
Exact.
I somehow remembered that DNS IP - I've been playing with OpenDNS, as they offer a useful service for home type installation with 'clients' that are kids that need be be checked upon.
When I saw the setting 'High' blocking social media, I decided to test it myself.But all this isn't a pfSense issue.
It's just OpenDNS, installed, activated by the admin of pfSense, doing what it is told to do.And black holing sites like facebook is triggering the MITM/HSTS browser protection.
-
To be honest there are actually very few actual pfsense issues.. Most are layer 8 issues.. misconfig. Which this is for sure. Configuration set without understand what that could mean, and how to troubleshoot it.. Only reason this took so long is lack of information.
-
I didn't understand
help me -
Ok,
First do this : https://docs.netgate.com/pfsense/en/latest/backup/configuration-backup-and-restore.html
Then do this : https://docs.netgate.com/pfsense/en/latest/config/factory-defaults.htmlLast step : use this https://docs.netgate.com/pfsense/en/latest/book/interfaces/ipv4-wan-types.html to activate your Internet access.
Do not change anything else. Not now, not later.
You'll be safe.
You'll be having access to the internet, facebook.com included. -
Thank you for reply
i will try this and update you on this. -
@yogeesh said in NET::ERR_CERT_AUTHORITY_INVALID:
eel we have certificate error in pfsense firewall
And to fix NET::ERR_CERT_AUTHORITY_INVALID error try the below given fixes one by one:
• Reload the Pages
• And clear the cache and cookies of Opera browser
• Allocate the DNS settings
• Try to clear the computer’s SSL state
• You can use the free SSL check tool like Qualys SSL Labs, to run an SSL Server Test.
• Check if you are running an antivirus then disable the third party antivirus.
Hope the steps given works for you to fix NET::ERR_CERT_AUTHORITY_INVALID error.
