Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 7043 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Looking for assistance with a website that fails url exceptions

rfcat_vk

Hi,

I have spent most of the day being frustrated by a couple of websites. Had the same issue with one of the websites when using the UTM and cannot recall what I did to overcome the issue.

The site is my wife' favourite forum (home town). Works okay if Safari in my option but my wife says otherwise. When I implement https scanning on her firewall rule and using Firefox the site throws up errors about certificates. So Does FF connecting to Google. FF fails to accept the imported certificates. Google fixed with https exceptions.

The site in question is www.idnes.cz. The issue being when the site loads the last action is to remove formatting. If I clear the FF cache I get the first page loaded successfully but the next page fails. I have tried following the pages being loaded while watching Safari load and e=added the sites the  exception list, no joy.

my regex ^([A-Za-z0-9-.]*\)idnes\.cz stops the certificate error but not the format error. Now if I use ^([A-Za-z0-9-.]*\.cz) everything loads correctly but that is just plain stupid because there is not scanning of any cz sites. Trying to debug this using XG logs is just plain painful.

So how do I track the website that is causing the format error, any suggestions?

 

Thank you Ian



This thread was automatically locked due to age.
  • 0 in reply to rfcat_vk

    Then enjoy those cocktails with my straws :-)

  • 0 in reply to M8ey

    Hi folks, 

    I didn't have to use the straws, but strong drink was beginning to look good.

    After some guidance and hints from Sachin (thank you) i have finally been able to get FF on my MAC to talk to Google and the idnes sites without exceptions in place.

    1/. Safari worked after following the advice on installing certificates in keychains.

    2/. FF would not connect.

    3/. W10 IE was failing

    This morning while investigating the W10 issue I found the certificate was installed incorrectly and not trusted. Installed correctly and trusted no more errors for google or idnes sites. So this got me thinking further about FF on MAC installation of CAs. Installed again, still fail. Deleted all the certificates I could find and re-installed still failure. Continued hunting and found another certificate that was trusted updated trust and removed all the other attempts and bingo all now works.

     

    Summary FF is a pain to install certificate in the correct place and then find it to update trust.

    Next challenge is my wife's MAC.[:O]

    Ian

  • 0 in reply to rfcat_vk

    Hi Ian,

    After reading your response, I recall a previous instance where I imported the certificates via Keychain in my MAC book but somehow I still received the invalid certificate error with Chrome or FF (I don't remember exactly) but no error with Safari. Later I decided to import the certificate via custom web browser settings and that somehow did the trick. 

    Not sure if that is a keychain issue because only the third party browsers are not updated with a proper CA.

    Thanks,

  • 0 in reply to sachingurung

    Hi Sachin,

    I investigated FF importation of CAs, at this stage FF does not import from keychains on a MAC but does a limited import from IE on a W10 (semi automatic with the current version). So there is hope for the future of one central CA registry on a MAC.

    Ian