X
Nhấn vào đây để đến phiên bản di động của trang web.

Diễn đàn trợ giúp

Peelregion.ca website not secure ?

Được đăng

When I use Firefox 57 on my Yosemite Mac I get a message that https://peelregion.ca site is not secure. But if I use my Firefox on Lg phone it doesn't provide any error.

https://www.ssllabs.com website gives a rating of "F" for the site which is a Brampton city web site. Can anyone verify if the site is truly unsecure?

When I use Firefox 57 on my Yosemite Mac I get a message that https://peelregion.ca site is not secure. But if I use my Firefox on Lg phone it doesn't provide any error. https://www.ssllabs.com website gives a rating of "F" for the site which is a Brampton city web site. Can anyone verify if the site is truly unsecure?

Chi tiết hệ thống bổ sung

Ứng dụng

  • Chuỗi đại diện người dùng: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:57.0) Gecko/20100101 Firefox/57.0

Thông tin chi tiết

FredMcD
  • Top 10 Contributor
4270 giải pháp 59896 câu trả lời
Được đăng
I had no problem with the link. What is the exact message you are getting? There is security software like Avast, Kaspersky, BitDefender and ESET that intercept secure connections and send their own certificate. https://support.mozilla.org/en-US/kb/firefox-cant-load-websites-other-browsers-can https://support.mozilla.org/en-US/kb/firefox-and-other-browsers-cant-load-websites https://support.mozilla.org/en-US/kb/secure-connection-failed-error-message https://support.mozilla.org/en-US/kb/connection-untrusted-error-message http://kb.mozillazine.org/Error_loading_websites https://www.bing.com/search?q=web+site+access+denied
jscher2000
  • Top 10 Contributor
8793 giải pháp 71930 câu trả lời
Được đăng

Hi mace2, you asked:

Can anyone verify if the site is truly unsecure?

What Firefox is saying is that it cannot verify that the server responding to your request is the server you requested or whether it is an impostor because it cannot verify the SSL certificate.

Based on the SSL Labs report, the server definitely needs to be updated.

Most importantly for your purposes, it does not send the "intermediate" certificate. This means that unless Firefox has received that certificate from another server (another Thawte/Symantec customer), it cannot connect the site's certificate with a trusted issuer; the chain of trust is broken. This is hard to work around because it's really a matter of luck whether your Firefox has seen that certificate before; there's no obvious way to know where you can get it.

Hi mace2, you asked: <blockquote>Can anyone verify if the site is truly unsecure? </blockquote> What Firefox is saying is that it cannot verify that the server responding to your request is the server you requested or whether it is an impostor because it cannot verify the SSL certificate. Based on the SSL Labs report, the server definitely needs to be updated. Most importantly for your purposes, it does not send the "intermediate" certificate. This means that unless Firefox has received that certificate from another server (another Thawte/Symantec customer), it cannot connect the site's certificate with a trusted issuer; the chain of trust is broken. This is hard to work around because it's really a matter of luck whether your Firefox has seen that certificate before; there's no obvious way to know where you can get it.
cor-el
  • Top 10 Contributor
  • Moderator
17578 giải pháp 159013 câu trả lời
Được đăng

You will need this intermediate certificate:

  • thawte EV SSL CA - G3

right-click and "save link as" -> thawte_EV_SSL_CA-G3.crt

You can import the certificate under the Authorities tab in the Certificate Manager.

  • Options/Preferences -> Privacy & Security -> Certificates: View Certificates

Do not set any trust bits when prompted.

You will need this intermediate certificate: *thawte EV SSL CA - G3 right-click and "save link as" -> thawte_EV_SSL_CA-G3.crt *http://ti.symcb.com/ti.crt You can import the certificate under the Authorities tab in the Certificate Manager. *Options/Preferences -> Privacy & Security -> Certificates: View Certificates Do not set any trust bits when prompted.

Người tạo câu hỏi

thanks. but since SSL labs reports shows a "F" grade I am reluctant to add any certificate.

Is your Firefox also missing that intermediate certificate? FreMcd had no problem and my Android firefox also did not have a problem.

thanks. but since SSL labs reports shows a "F" grade I am reluctant to add any certificate. Is your Firefox also missing that intermediate certificate? FreMcd had no problem and my Android firefox also did not have a problem.
cor-el
  • Top 10 Contributor
  • Moderator
17578 giải pháp 159013 câu trả lời
Được đăng

The server only send its own certificate and not the intermediate certificate from Thawte. There is nothing against adding a intermediate certificate manually to be able to visit a website. Making an exception in Firefox is much worse because you choose to trust a certificate that can't be chained to a builtin root certificate. If you import the intermediate certificate manually then Firefox will use it to build the correct certificate chain. Otherwise you would have to be lucky to stumble across a server that sends this specific intermediate certificate. Note that the link I posted is present in the report on the Qualys SSL Labs website.

The server only send its own certificate and not the intermediate certificate from Thawte. There is nothing against adding a intermediate certificate manually to be able to visit a website. Making an exception in Firefox is much worse because you choose to trust a certificate that can't be chained to a builtin root certificate. If you import the intermediate certificate manually then Firefox will use it to build the correct certificate chain. Otherwise you would have to be lucky to stumble across a server that sends this specific intermediate certificate. Note that the link I posted is present in the report on the [https://www.ssllabs.com Qualys SSL Labs] website.

Người tạo câu hỏi

How can I determine the server Firefox is using to verify the website?

How can I determine the server Firefox is using to verify the website?
jscher2000
  • Top 10 Contributor
8793 giải pháp 71930 câu trả lời
Được đăng

Hi mace2, Firefox has some built-in root certificates. Any time a website presents a certificate, Firefox will check whether it was signed with one of those trusted certificates. If not, then the site needs to also supply one or more intermediate certificates to connect the site certificate with the trusted root. This server is not doing that.

Firefox ALSO will check whether a site's certificate has been revoked, but that is a separate process. The first check is simply checking that there is a complete chain of trust. That's what's failing.

cor-el gave you a method to obtain and install the missing intermediate certificate from its issuer. That will compensate for the site's failure to send it to Firefox.

Hi mace2, Firefox has some built-in root certificates. Any time a website presents a certificate, Firefox will check whether it was signed with one of those trusted certificates. If not, then the site needs to also supply one or more intermediate certificates to connect the site certificate with the trusted root. This server is not doing that. ''Firefox ALSO will check whether a site's certificate has been revoked, but that is a separate process. The first check is simply checking that there is a complete chain of trust. That's what's failing.'' cor-el gave you a method to obtain and install the missing intermediate certificate from its issuer. That will compensate for the site's failure to send it to Firefox.

Người tạo câu hỏi

Hi jscher2000. thanks. I am aware how the certificates are used but I do not understand why on my Mac OS firefox it was missing but on my Android phone the certificate was present. FredMcD confirmed his firefox was able to get to the site without any problem.

Why is the intermittent certificate missing from my Yosemite Mac certificate?

Hi jscher2000. thanks. I am aware how the certificates are used but I do not understand why on my Mac OS firefox it was missing but on my Android phone the certificate was present. FredMcD confirmed his firefox was able to get to the site without any problem. Why is the intermittent certificate missing from my Yosemite Mac certificate?
jscher2000
  • Top 10 Contributor
8793 giải pháp 71930 câu trả lời
Được đăng

The only reason you would have the intermediate certificate would be if your Firefox previously visited a different site that had a certificate from the same issuer. Thawte is a major issuer of certificates, so it's not surprising that you had it on at least one browser.

Note: if you ever use Firefox's Refresh feature or delete the cert8.db file manually, then you would lose all the accumulated intermediate certificates and be starting out from scratch.

The only reason you would have the intermediate certificate would be if your Firefox previously visited a different site that had a certificate from the same issuer. Thawte is a major issuer of certificates, so it's not surprising that you had it on at least one browser. Note: if you ever use Firefox's Refresh feature or delete the cert8.db file manually, then you would lose all the accumulated intermediate certificates and be starting out from scratch.

Người tạo câu hỏi

The reason I think it may be something else is about a week ago I went to the same site without getting the error message that the site is not secure.

A possibility could be the cert might of been removed.

The reason I think it may be something else is about a week ago I went to the same site without getting the error message that the site is not secure. A possibility could be the cert might of been removed.
cor-el
  • Top 10 Contributor
  • Moderator
17578 giải pháp 159013 câu trả lời
Được đăng

With a bare Firefox and a new profile you will always get a certificate error if the website isn't sending a complete certificate chain. It can only work if you have at least once visited a website (server) that sends this specific intermediate certificate and Firefox has stored it. Not sure if Firefox will still do this in Private Browsing mode.

With a bare Firefox and a new profile you will always get a certificate error if the website isn't sending a complete certificate chain. It can only work if you have at least once visited a website (server) that sends this specific intermediate certificate and Firefox has stored it. Not sure if Firefox will still do this in Private Browsing mode.

Người tạo câu hỏi

Tell me if I'm incorrect.

The website https://www.peelregion.ca tells my browser where to find the cert? If that is true If I can't find the correct cert or intermittent It is the website www.peelregion.ca fault.

Tell me if I'm incorrect. The website https://www.peelregion.ca tells my browser where to find the cert? If that is true If I can't find the correct cert or intermittent It is the website www.peelregion.ca fault.
jscher2000
  • Top 10 Contributor
8793 giải pháp 71930 câu trả lời
Được đăng

Câu trả lời hữu ích

Yes, a server is supposed to send its own certificate AND it is supposed to send any intermediate certificates necessary to connect its certificate with a trusted "root" certificate.

Yes, a server is supposed to send its own certificate AND it is supposed to send any intermediate certificates necessary to connect its certificate with a trusted "root" certificate.

Người tạo câu hỏi

Its interesting to note that my android phone after performing an update to Firefox now also gets the site is not secure error message.

This suggests that it was getting the correct certificate from https://peelregion.ca and then it stopped.

Its interesting to note that my android phone after performing an update to Firefox now also gets the site is not secure error message. This suggests that it was getting the correct certificate from https://peelregion.ca and then it stopped.
jscher2000
  • Top 10 Contributor
8793 giải pháp 71930 câu trả lời
Được đăng

mace2 said

Its interesting to note that my android phone after performing an update to Firefox now also gets the site is not secure error message.

This suggests that it was getting the correct certificate from https://peelregion.ca and then it stopped.

Or that your Firefox had received it from a different site, so it didn't need it from peelregion.ca (this is how I was able to visit the site even though it is not sending that certificate).

''mace2 [[#answer-1060669|said]]'' <blockquote> Its interesting to note that my android phone after performing an update to Firefox now also gets the site is not secure error message. <br><br>This suggests that it was getting the correct certificate from https://peelregion.ca and then it stopped. </blockquote> Or that your Firefox had received it from a different site, so it didn't need it from peelregion''.''ca (this is how I was able to visit the site even though it is not sending that certificate).
cor-el
  • Top 10 Contributor
  • Moderator
17578 giải pháp 159013 câu trả lời
Được đăng

Your phone didn't get the certificate from peelregion.ca, but already had this intermediate certificate from a visit to another website that did send a full certificate chain.

In this specific case the missing intermediate certificate can be downloaded via this link I posted above from a Symantec server.

If you install the certificate in the Certificate Manager then Firefox can use it and you won't see the error. This is the same as visiting a website that includes the certificate in the send certificate chain, only you need to install the certificate manually.

Your phone didn't get the certificate from peelregion''.''ca, but already had this intermediate certificate from a visit to another website that did send a full certificate chain. In this specific case the missing intermediate certificate can be downloaded via this link I posted above from a Symantec server. *http://ti.symcb.com/ti.crt If you install the certificate in the Certificate Manager then Firefox can use it and you won't see the error. This is the same as visiting a website that includes the certificate in the send certificate chain, only you need to install the certificate manually.

Người tạo câu hỏi

How can I view the certificate store on an Android specifically Lolipop

How can I view the certificate store on an Android specifically Lolipop
Shadow110 1072 giải pháp 14836 câu trả lời
Được đăng

I was just there am in Canada so used url as know site. It is secure for me though Firefox has blocked some tracking stuff. As the Shield came out beside the Information Icon. Certificate is valid.

I was just there am in Canada so used url as know site. It is secure for me though Firefox has blocked some tracking stuff. As the Shield came out beside the Information Icon. Certificate is valid.

Người tạo câu hỏi

Concerning the response from FredMcD and PLshadow. I called Peelregion.ca today 31-Jan-2018 and they informed me they have no HTTPS.

You 2 should of received an error.

Concerning the response from FredMcD and PLshadow. I called Peelregion.ca today 31-Jan-2018 and they informed me they have '''no HTTPS'''. You 2 should of received an error.