Connection to opi from company network not possible

Home Forums User Contributions OPI Support Connection to opi from company network not possible

This topic contains 5 replies, has 3 voices, and was last updated by  tehcog 3 years ago.

  • Author
    Posts
  • #598

    hans345
    Participant

    Hi,

    I tried to connect from my work´s network to connect to the opi, but this not possible. I get the following error message:

    
    The system returned:
    
        (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)
    
        Self-signed SSL Certificate in chain: /C=SE/ST=Skane/L=Loddekopinge/O=OpenProducts/O=./OU=./CN=ROOT CA
    

    What can I do to solve this?

  • #605
    Tor Krill
    Tor Krill
    Keymaster

    Hi Hans345,

    Could you provide more information on the environment where this happens? OS, Browser. Any proxies involved? (My guess is the last one, that you have a proxy that is unaware of our ROOT CA. 🙁 )

    Best Regards,

    /Tor

  • #612

    hans345
    Participant

    Hi Tor,

    the environment:
    Win 7, Firefox 24.7.0 ESR and a proxy is involved. Any more information needed?

    Any more information needed?

    Best Regards
    hans345

  • #613
    Tor Krill
    Tor Krill
    Keymaster

    Hi again hans345,

    It seems like the problem here is the proxy server being deployed at your work. Google suggests that they run squid possibly with SslBump: http://wiki.squid-cache.org/Features/SslBump

    This is unfortunately nothing we can do anything about. You should also be aware that it is most likely that all traffic passing through this proxy is being decrypted and inspected for good or bad by your employer.

    Sorry for not having a better answer here 🙁

    /Tor

  • #616

    hans345
    Participant

    Hi Tor,

    thanks for the reply.

    Well, I sent a mail to “our” firewall admin to see, if he can do or is willing to do something about this.

    Best reagrds
    hans345

    • #620

      tehcog
      Participant

      Your employer is probably running Bluecoat Security, which (as Tor indicates) most likely decrypts all of you https traffic. This is their prerogative, as it is their network. However, I suggest that you do not do any banking or other transactions that require the passing of personally sensitive data for the following reasons:

      As they are performing the man in the middle attack (hack), They may be storing your personal information (bank account numbers, log in identification data, etc.) on their servers, which in turn can be hacked by outsiders, abused by insiders, or even used for meta data collection on employees and held for the rare occasion when they might want to “investigate” you i.e. you want a promotion or something.

      They may be outsourcing this service, which is more likely. Which implies that they actually have no control over your sensitive data, and the 3rd party could be hacked or the data intercepted while being transmitted over the interwebs. You have no idea, or control.

      Yes, this is all a possibility.

      Use your PERSONAL BlackPhone or possibly iPhone (not the company’s) instead.

      Trust no one.

      Regards

You must be logged in to reply to this topic.

Posted in