Tagged: connection network security
October 6, 2014 at 10:45 #598
I tried to connect from my work´s network to connect to the opi, but this not possible. I get the following error message:
The system returned: (71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN) Self-signed SSL Certificate in chain: /C=SE/ST=Skane/L=Loddekopinge/O=OpenProducts/O=./OU=./CN=ROOT CA
What can I do to solve this?
October 6, 2014 at 22:33 #605
Could you provide more information on the environment where this happens? OS, Browser. Any proxies involved? (My guess is the last one, that you have a proxy that is unaware of our ROOT CA. 🙁 )
October 7, 2014 at 09:41 #612
Win 7, Firefox 24.7.0 ESR and a proxy is involved. Any more information needed?
Any more information needed?
October 7, 2014 at 16:17 #613
Hi again hans345,
It seems like the problem here is the proxy server being deployed at your work. Google suggests that they run squid possibly with SslBump: http://wiki.squid-cache.org/Features/SslBump
This is unfortunately nothing we can do anything about. You should also be aware that it is most likely that all traffic passing through this proxy is being decrypted and inspected for good or bad by your employer.
Sorry for not having a better answer here 🙁
October 8, 2014 at 09:16 #616
thanks for the reply.
Well, I sent a mail to “our” firewall admin to see, if he can do or is willing to do something about this.
October 13, 2014 at 23:39 #620
Your employer is probably running Bluecoat Security, which (as Tor indicates) most likely decrypts all of you https traffic. This is their prerogative, as it is their network. However, I suggest that you do not do any banking or other transactions that require the passing of personally sensitive data for the following reasons:
As they are performing the man in the middle attack (hack), They may be storing your personal information (bank account numbers, log in identification data, etc.) on their servers, which in turn can be hacked by outsiders, abused by insiders, or even used for meta data collection on employees and held for the rare occasion when they might want to “investigate” you i.e. you want a promotion or something.
They may be outsourcing this service, which is more likely. Which implies that they actually have no control over your sensitive data, and the 3rd party could be hacked or the data intercepted while being transmitted over the interwebs. You have no idea, or control.
Yes, this is all a possibility.
Use your PERSONAL BlackPhone or possibly iPhone (not the company’s) instead.
Trust no one.
You must be logged in to reply to this topic.