Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1014 posts

Uber Geek


# 141304 8-Mar-2014 02:11
Send private message

Getting some untrusted certificate problems on the Vodafone website in Firefox (Chrome / Chromium seem to work just fine).




View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
19282 posts

Uber Geek
Inactive user


  # 1001104 8-Mar-2014 06:54
Send private message

I use firefox and don't get that

BDFL - Memuneh
64219 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1001118 8-Mar-2014 09:00
Send private message

This is a problem that has been identified before in another thread about certificate problems, first identified with Vodafone on mobile browsers but nothing happened. The URL showing the problem is https://www.vodafone.co.nz/myvodafone 

The certificate is issued by Vodafone itself and the certification path is broken.

The full error is "www.vodafone.co.nz uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)"

My guess is Vodafone people don't see this error because either their browsers test the certificate against their own servers or the have the root cert installed in their machines.

This is what I see on Firefox: 



And here is the problem certificate:










 
 
 
 


5151 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1001121 8-Mar-2014 09:09
Send private message

freitasm: ... My guess is Vodafone people don't see this error because either their browsers test the certificate against their own servers or the have the root cert installed in their machines...

I'm on VF cable and don't get the error on Firefox.




Sideface


BDFL - Memuneh
64219 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1001122 8-Mar-2014 09:13
Send private message

I am saying employees using their internal network, not customers but it could be that the root certificate used to be installed in some PCs before. 

What OS and Firefox version are you using? Go to https://www.vodafone.co.nz/myvodafone on Firefox and even if you don't see the error page you can click the certificate information. On Chrome it shows this:

 








147 posts

Master Geek

Subscriber

  # 1001126 8-Mar-2014 09:25
Send private message

On Firefox, I just went to https://www.vodafone.co.nz and sure enough I see the untrusted connection page.

Viewing the certificate heirarchy, I saw just "www.vodafone.co.nz" but to be trusted it should show a path from a trusted root.

Now here's something a bit strange:

I did NOT add an exception, but out of curiosity went to https://www.vodafone.co.uk - that worked fine, and viewing its certificate heirarchy it shows a path from Baltimore CyberTrust Root to Vodafone (Corporate Domain 2009) to Vodafone (Corporate Services 2009) to www.vodafone.co.uk

Once I've done that, https://www.vodafone.co.nz suddenly works! The certificate heirarchy shows the same path as above (starting from Baltimore CyberTrust Root) to www.vodafone.co.nz instead of .co.uk


It appears that the .co.nz certificate is intended to have the same trusted root as the .co.uk one but something isn't set up quite right?

5151 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1001128 8-Mar-2014 09:28
Send private message

freitasm:What OS and Firefox version are you using? Go to https://www.vodafone.co.nz/myvodafone on Firefox ...

I am running 8 PCs on a VF cable connection in Wellington.
All PCs run Windows 7 Pro or Ultimate.
6 use Firefox 27 (latest) and 2 run Waterfox 26 (latest).
No certificate problems with any of them, ever.

EDIT:  I spoke too soon - one of them gives the error - it's the only one that hasn't had the user name & password entered before.




Sideface


709 posts

Ultimate Geek

Trusted
Vodafone NZ

  # 1001157 8-Mar-2014 10:10
Send private message

Interesting. Thanks for the heads up about this guys, I'll get our web techies on to this.




 
 
 
 


19282 posts

Uber Geek
Inactive user


  # 1001182 8-Mar-2014 11:02
Send private message

Jon might be the best person @Lon

47 posts

Geek


  # 1008111 18-Mar-2014 14:21
Send private message

Hi Guys,

Just noting that you still have an internal certificate coming up on this page (https://www.vodafone.co.nz/myvodafone/).

As Mauricio notes above, if you are testing it from an internal Vodafone machine, it is quite possible that your IT guys have installed that certificate, so you won't get the error, but the certificate is not validated to any trusted root authority in the 'real world', hence we are getting errors, and we have no way of knowing whether the server that we are about to give our Vodafone account username / password to is really Vodafone's.

The certificate chain that we are getting is as attached - note that the issuer is not a valid trusted root (unless you choose to install it as such yourself, but that defeats the purpose in general).



Please can you get someone on to this.

Alan.




47 posts

Geek


  # 1008248 18-Mar-2014 17:35
Send private message

Hi Guys,

Upon reflection, I am wondering if this might be specific to some configuration some of us have in our browsers?

I am thinking that, if the above was a general issue, you'd be hearing about it hundreds or thousands of times a day, and presumably that isn't happening (not for weeks on end) - hence perhaps it is more focused?

No idea what that might be, but just throwing it out there :-)

Alan.

4 posts

Wannabe Geek


  # 1008597 18-Mar-2014 23:50

The certificate chain is incomplete with two Vodafone certificates not loaded on the NZ webserver. Vodafone.co.uk has them loaded and sends to the client when requested, thus the NZ site works after browsing there as your browser now has the complete chain of certificates.

See https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.vodafone.co.nz%2Fmyvodafone 

6615 posts

Uber Geek
Inactive user


  # 1008604 19-Mar-2014 00:05
Send private message


BDFL - Memuneh
64219 posts

Uber Geek

Administrator
Trusted
Geekzone
Lifetime subscriber

  # 1008641 19-Mar-2014 07:20
Send private message

Tim, what others are saying is that the certificate does't work in all browsers because the chain is broken. Your browser might have the other certificates since you work for Vodafone (have you logged into work from this PC before? If so it's likely).

If I go to https://www.vodafone.co.nz/myvodafone on Firefox right now, from my laptop I still get the screen I posted before:







47 posts

Geek


  # 1008791 19-Mar-2014 10:27
Send private message

Hi Accidue,

accidue: The certificate chain is incomplete with two Vodafone certificates not loaded on the NZ webserver. Vodafone.co.uk has them loaded and sends to the client when requested, thus the NZ site works after browsing there as your browser now has the complete chain of certificates.

See https://www.ssllabs.com/ssltest/analyze.html?d=https%3A%2F%2Fwww.vodafone.co.nz%2Fmyvodafone 



What you say seems to be correct, but it does not appear to change the fact that the certificate as presented by www.vodafone.co.nz/myvodafone does not terminate with a trusted root certificate authority, and is therefore rejected by most (all?) modern browsers.

I agree that I can install any certificate I like in my browser, trust it, and carry on, but I'm not sure that is a solution, more of a work around that we would not wish to encourage people to do in general?

Thanks,

Alan.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29


Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41


Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26


University of Waikato launches space for esports
Posted 19-Aug-2019 20:20


D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14


Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47


Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41


Epson launches portable laser projector
Posted 12-Aug-2019 20:27


Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20


Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26


The Document Foundation announces LibreOffice 6.3
Posted 9-Aug-2019 16:57


Symantec sell enterprise security assets for US$ 10.7 billion to Broadcom
Posted 9-Aug-2019 16:43


Artificial tongue can distinguish whisky and identify counterfeits
Posted 8-Aug-2019 20:20


Toyota and Preferred Networks to develop service robots
Posted 8-Aug-2019 20:11


Vodafone introduces new Vodafone TV device
Posted 7-Aug-2019 17:16



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.