X
Tap here to go to the mobile version of the site.

Support Forum

you and other browsers are blocking msi.nga.mil it's an official gov site and the source of pubs like sailing directions.....why

Posted

it's the successor to the Defense mapping agency Publisher sailing directions and nautical charts among other usel tools of the maritime trace Sainling Directions can be downloaded and printed free as the are goverment publications and in the public domain. why is there site accused of being malicious??

it's the successor to the Defense mapping agency Publisher sailing directions and nautical charts among other usel tools of the maritime trace Sainling Directions can be downloaded and printed free as the are goverment publications and in the public domain. why is there site accused of being malicious??
Quote
jscher2000
  • Top 10 Contributor
7925 solutions 64672 answers

Hi creditfc8, where do you see a notification that the site is malicious??

I get a connection error for https://msi.nga.mil/ which indicates that the certificate can't be verified as legit. Specifically, when i click the "Advanced" button on the page:

msi.nga.mil uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER

Is that what you see?

I think this is a frequent issue for .mil sites because they don't use a commercial issuer that participates in the process used to determine trusted certificate issuers. So browsers have no way to confirm that it is the real site versus an impostor.

Hi creditfc8, where do you see a notification that the site is malicious?? I get a connection error for https://msi.nga.mil/ which indicates that the certificate can't be verified as legit. Specifically, when i click the "Advanced" button on the page: <blockquote>msi.nga.mil uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported. Error code: SEC_ERROR_UNKNOWN_ISSUER</blockquote> Is that what you see? I think this is a frequent issue for .mil sites because they don't use a commercial issuer that participates in the process used to determine trusted certificate issuers. So browsers have no way to confirm that it is the real site versus an impostor.
Was this helpful to you?
Quote
cor-el
  • Top 10 Contributor
  • Moderator
16700 solutions 151049 answers

Such government website use DoD certificates and you need to install these certificates yourself in Firefox to be able to access .gov websites.

See the All or TrustStore tab:

PKI CA Certificate Bundles: PKCS#7 -> DoD PKI only -> For DoD PKI Only - Version 5.x

Verify that all DoD certificates are installed properly in the Firefox Certificate Manager in the Authorities tab under "U.S. Government" and click the Edit button to verify that the root certificate(s) have a trust bit for websites set. Intermediate certificate should never have trust bits set.

  • Options/Preferences -> Privacy & Security
    Certificates: View Certificates -> Authorities
Such government website use DoD certificates and you need to install these certificates yourself in Firefox to be able to access .gov websites. See the All or TrustStore tab: *https://iase.disa.mil/pki-pke/Pages/tools.aspx PKI CA Certificate Bundles: PKCS#7 -> DoD PKI only -> For DoD PKI Only - Version 5.x Verify that all DoD certificates are installed properly in the Firefox Certificate Manager in the Authorities tab under "U.S. Government" and click the Edit button to verify that the root certificate(s) have a trust bit for websites set. Intermediate certificate should never have trust bits set. *Options/Preferences -> Privacy & Security<br>Certificates: View Certificates -> Authorities
Was this helpful to you?
Quote
Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.