Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Receiving bad certificate warnings when accessing craigslist from all browsers


  • Please log in to reply
14 replies to this topic

#1 12throw8outthewindow

12throw8outthewindow

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 03 November 2015 - 12:30 PM

For the past week or two, whenever I try to access an https area of sfbay craigslist (clicking my account link, clicking discussion forums category heading on main page, or the link to any of the listed forums, clicking the craigslist contact us email link, clicking the feedback link in the footer), my browser throws a warning that the security certificate is invalid. My defalt browser is FireFox, but it also happens in Chrome and IE (all three browsers are current). It does NOT happen with my phone browser (Android ICS/Dolphin). My OS is Windows 7 Ultimate, and my AV is Avast free (but this is not an Avast warning).
 
All of the routes CL provides to contact them trigger this warning, so I have not been able to contact through the site, or even access the feedback forum to see whether anyone else is experiencing this.. I have emailed abuse@craigslist.org several times, but only get canned responses. Since I am not seeing recent complaints about this all over the internet, I assume it is not happening for everyone, and is probably something on my end. However, other sites are loading normally.
 
I have numerous items for sale, and am running a business off of CL leads, so this is hugely inconvenient, but I don't override security warnings until I know what is causing them. Can anyone help me figure this out? Here is the warning language from each browser - in each case, I have clicked on the my account button, right below the sitename and post to classifieds link in the left sidebar of the main page, on sfbay craigslist. In each case, the URL bar shows https://accounts.craigslist.org/login/home (https is overstruck in Chrome)
 
________________________________________

FIREFOX
This Connection is Untrusted

You have asked Firefox to connect securely to accounts.craigslist.org, but we can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified.
What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.

accounts.craigslist.org uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is unknown.
The server might not be sending the appropriate intermediate certificates.
An additional root certificate may need to be imported.

(Error code: sec_error_unknown_issuer)

__________________________________________

INTERNET EXPLORER (11)
 
There is a problem with this website’s security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.  
   
We recommend that you close this webpage and do not continue to this website.  

Recommended iconClick here to close this webpage.
  
Not recommended iconContinue to this website (not recommended).  

More information  More information 

•If you arrived at this page by clicking a link, check the website address in the address bar to be sure that it is the address you were expecting.
•When going to a website with an address such as https://example.com, try adding the 'www' to the address, https://www.example.com.

For more information, see "Certificate Errors" in Internet Explorer Help.

 

______________________________________
 
CHROME
 
Your connection is not private

Attackers might be trying to steal your information from accounts.craigslist.org (for example, passwords, messages, or credit cards). NET::ERR_CERT_AUTHORITY_INVALID
 
Automatically report details of possible security incidents to Google. Privacy policy
 
Back to safetyHide advanced
 
This server could not prove that it is accounts.craigslist.org; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.

Proceed to accounts.craigslist.org (unsafe)
_____________________________________

 

They all seem to agree on the problem, so why am I the only one (apparently) seeing this?



BC AdBot (Login to Remove)

 


#2 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:41 PM

Posted 03 November 2015 - 12:47 PM

Hi :welcome: to BleepingComputer,

 

Visit this page https://www.geotrust.com/resources/root-certificates/ and try to import the certificate labeled Root 5 - GeoTrust Primary Certification Authority – G3

 

Check if the browser starts recognizing the certificate used by craiglist.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#3 RolandJS

RolandJS

  • Members
  • 4,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:09:41 AM

Posted 03 November 2015 - 02:32 PM

I get these all the time in FF:  FIREFOX
                                              This Connection is Untrusted...and so on

-- if I know the site is good, I click on the I Understand button and direct FF to add site to its exception listing, and I access the known-good site afterwards.


Edited by RolandJS, 03 November 2015 - 02:33 PM.

"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#4 dannyboy950

dannyboy950

  • Members
  • 1,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:port arthur tx
  • Local time:08:41 AM

Posted 03 November 2015 - 03:55 PM

I see that message sometimes for windows own programs and updates. Certificate not signed. Does not always happen but sometimes.

 

Acctually saw that a lot on my infected Vista machine.


HP 15-f009wm notebook AMD-E1-2100 APV 1Ghz Processor 8 GB memory 500 GB Hdd

Linux Mint 17.3 Rosa Cinamon


#5 12throw8outthewindow

12throw8outthewindow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 03 November 2015 - 05:58 PM

Malware Response Team, I get the same untrusted certificate warning when I go to the www.geotrust.com link.



#6 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:41 PM

Posted 03 November 2015 - 06:07 PM

Malware Response Team, I get the same untrusted certificate warning when I go to the www.geotrust.com link.

 

Make a temporary exception to access that site.


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#7 12throw8outthewindow

12throw8outthewindow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 03 November 2015 - 07:44 PM

Umm, no offense, I'm grateful for the response, but the whole point is that I'm reluctant to override exactly that same warning on CL. Ditto for GeoTrust, or even more so. Presumably, they are well-protected, but shouldn't a certificate administrator, of all entities, have current certificates? And if the problem is on my end, I'd like to understand a little more about how certificates are normally updated, and what might have caused that not to happen so that I have to do it manually this time.

 

My webhosting account was hacked a few weeks ago, and although the hackers seemed primarily interested in installing ads on my site (god knows why - they saw my traffic stats, which hardly seem to justify the trouble of hacking me), and I saw no indication that the infection spread to my computer (two different malware scans turned up nothing), I'm still feeling cautious.



#8 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:41 PM

Posted 04 November 2015 - 05:05 AM

Hi,
 
It could be a problem with the root certificate that's why I suggest to manually install but it could also be some other problem related with windows failing to update certificates.
 
Download the update list from Microsoft http://download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe and save the file to c:\temp
 
Open the Command Prompt as Administrator
 
Extract the files by typing:

rootsupd.exe /c /t:C:\temp

from c:\temp run the following 4 commands

updroots.exe authroots.sst

updroots.exe updroots.sst

updroots.exe -l roots.sst

updroots.exe -d delroots.sst

• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#9 RolandJS

RolandJS

  • Members
  • 4,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Austin TX metro area
  • Local time:09:41 AM

Posted 04 November 2015 - 05:52 AM

12throw - no offense taken by me!  :)  I only suggested the bypass for the web sites you know for sure are known-goods, bypass should only be used as a stopgap, to get work done.  The BC malware team's long-term solution is far better in the long run than my itty bitty short-term stopgap  :)


"Take care of thy backups and thy restores shall take care of thee."  -- Ben Franklin revisited.

http://collegecafe.fr.yuku.com/forums/45/Computer-Technologies/

Backup, backup, backup! -- Lady Fitzgerald (w7forums)

Clone or Image often! Backup... -- RockE (WSL)

"I heard Spock finally got colander!"  "I believe the word is Kolinahr."  "Oh."


#10 12throw8outthewindow

12throw8outthewindow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 04 November 2015 - 01:14 PM

SleepyDude, I downloaded file to temp directory, but couldn't run the first command. See screenshot.

 

ih61s0.jpg
 



#11 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:41 PM

Posted 04 November 2015 - 01:59 PM

Hi,

 

First you need to Open the Command Prompt as Administrator (Tutorial)

Then change to the temp folder, type:

cd c:\temp

Type the commands I post but make sure you have the file rootsupd inside the c:\Temp folder


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#12 12throw8outthewindow

12throw8outthewindow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 04 November 2015 - 05:59 PM

Drat this business of running things as an administrator when you're already logged in as an administrator - so annoying! However, that worked. Thanks very much. Is there any kind of analysis I can/should do to determine why the normal automatic updating didn't take, or is that just something that happens now and then?



#13 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:41 PM

Posted 05 November 2015 - 04:25 AM

Hi,

 

The problem with the certificate is now fixed?

 

I'm not sure what can cause that problem it seems sometimes windows fails to update the certificates or some corruption occurs during install!


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 


#14 12throw8outthewindow

12throw8outthewindow
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 05 November 2015 - 04:54 PM

Yes, it is fixed now - many thanks! I have never had that happen before. Well, I'll know what to do if it ever happens again.



#15 SleepyDude

SleepyDude

  • Malware Response Team
  • 2,968 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:03:41 PM

Posted 05 November 2015 - 06:17 PM

Yes, it is fixed now - many thanks! I have never had that happen before. Well, I'll know what to do if it ever happens again.

 

Good :)


• Please do not PM me asking for support. Post on the forums instead it will increases the chances of getting help for your problem by one of us.
• Posts in the Malware section that are not replied to within 4 days will be closed. PM me or a moderator to reactivate.
• Please post your final results, good or bad. We like to know! Thank you!

 
Proud graduate of GeekU and member of UNITE
___
Rui

 
 





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users