Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    SSL Errors

    pfBlockerNG
    3
    10
    35
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User last edited by

      Anyone else seeing this?

      Screen Shot 2020-09-05 at 09.32.22.png

      Multiple feeds with the same error, it appears they all hosted on AWS.

      1 Reply Last reply Reply Quote 0
      • Gertjan
        Gertjan last edited by

        Noop.
        What is the URL used ?
        http - see the error - or https download ?

        This is a typical server side message. The admin of the feed should review its cert settings.
        You can't do anything, just wait it out.

        No "help me" PM's please. Use the forum.

        1 Reply Last reply Reply Quote 0
        • ?
          A Former User last edited by

          These:

          https://raw.githubusercontent.com/heradhis/indonesianadblockrules/master/subscriptions/abpindo.txt
          https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
          https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
          http://theantisocialengineer.com/AntiSocial_Blacklist_Community_V1.txt
          https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt
          https://s3.amazonaws.com/lists.disconnect.me/simple_malware.txt

          From a shell just to confirm:

          curl https://raw.githubusercontent.com/heradhis/indonesianadblockrules/master/subscriptions/abpindo.txt
          curl: (60) SSL certificate problem: self signed certificate

          Not too concerned, all self signed certs. Maybe they (whoever maintains those feeds) get it together or they don't. We'll see.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by johnpoz

            You got something else going on - or they have been fixed in the last few minutes. But none of those links show self signed, and they have been valid for awhile

            example
            cert.png

            via curl
            curl.png

            You going through some proxy would be my guess. Trying to do mitm

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 3x 3100 2.4.4p3 | 1x 3100 21.05.2 | 4860 21.05.2

            1 Reply Last reply Reply Quote 0
            • ?
              A Former User last edited by A Former User

              Thank you John! I added some additional feeds last evening. I removed them and all is well. Not sure how that would have created a cert problem. Someone more knowledgable than I will immediately understand, I'm sure.

              Today is going to be hectic once the kids are up, but I will go back and isolate the problem feed and report back.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by johnpoz

                I don't see how adding a feed would have anything to do with other feeds.. You sure you were not trying to access via a proxy?

                Or were being redirected?

                Maybe trying to route your traffic thru some ultra secure -- all about your privacy vpn/proxy.. That was doing mitm on you ;) You know - for your privacy ;) heheheh

                Did you grab the info from the cert that was being listed as selfsigned? This can normally lead to a clue.. For example at work you can see that is a bluecoat created cert..

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                2440 2.4.5p1 | 3x 3100 2.4.4p3 | 1x 3100 21.05.2 | 4860 21.05.2

                ? 1 Reply Last reply Reply Quote 0
                • ?
                  A Former User @johnpoz last edited by

                  @johnpoz No, I'm sure. Added a few feeds:

                  https://blocklist.cyberthreatcoalition.org/vetted/domain.txt
                  https://urlhaus.abuse.ch/downloads/text/
                  https://zerodot1.gitlab.io/CoinBlockerLists/list.txt

                  No proxy, no vpn, no tin foil hats.

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    Those feeds are showing good for you right? That first one is on a cloudflare cert.. etc..

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    2440 2.4.5p1 | 3x 3100 2.4.4p3 | 1x 3100 21.05.2 | 4860 21.05.2

                    ? 2 Replies Last reply Reply Quote 0
                    • ?
                      A Former User @johnpoz last edited by

                      @johnpoz Yes, they did.

                      1 Reply Last reply Reply Quote 0
                      • ?
                        A Former User @johnpoz last edited by

                        @johnpoz John, I have to go. Thanks again for your help. I'll check back later in the day.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post