Invalid Certificate Prompt When Browsing a Site


Ascii2

Recommended Posts

This posting is to report a bug.

I receive an Invalid Certificate dialog box on Maxthon 5.2.4.3000 when trying to view some websites.  My system time and date are correct.

I use Maxthon v5.2.4.3000 on Windows XP Professional with Service Pack 3.

Three example websites are:

The issue may be reproduced by visiting one of the example websites for the first time during the browsing session.  When that happens, the following dialog box is presented:  [Cannot post picture in forum; I receive forum message " The page you are trying to access is not available for your account. "]

I have copied the text from Maxthon Security information for the example webpages and display them below.

For "https://vivaldi.net/":

https://vivaldi.net
View requests in Network Panel
Connection
Protocol
TLS 1.2
Key exchange
ECDHE_ECDSA
Key exchange group
X25519
Cipher
CHACHA20_POLY1305
Certificate
Subject
ssl509072.cloudflaressl.com
SAN
ssl509072.cloudflaressl.com
*.vivaldi.net
vivaldi.net
Valid from
Fri, 27 Apr 2018 00:00:00 GMT
Valid until
Sat, 03 Nov 2018 23:59:59 GMT
Issuer
COMODO ECC Domain Validation Secure Server CA 2
Open full certificate details


For "https://easylist.to/":

https://easylist.to
View requests in Network Panel
Connection
Protocol
TLS 1.2
Key exchange
ECDHE_ECDSA
Key exchange group
X25519
Cipher
CHACHA20_POLY1305
Certificate
Subject
sni191559.cloudflaressl.com
SAN
sni191559.cloudflaressl.com
*.all-cardealers.com
Show more (95 total)
Valid from
Wed, 19 Sep 2018 00:00:00 GMT
Valid until
Thu, 28 Mar 2019 23:59:59 GMT
Issuer
COMODO ECC Domain Validation Secure Server CA 2
Open full certificate details


For "https://www.cloudflare.com/":

https://www.cloudflare.com
View requests in Network Panel
Connection
Protocol
TLS 1.2
Key exchange
ECDHE_ECDSA
Key exchange group
X25519
Cipher
CHACHA20_POLY1305
Certificate
Subject
cloudflare.com
SAN
cloudflare.com
www.cloudflare.com
Valid from
Fri, 28 Oct 2016 00:00:00 GMT
Valid until
Fri, 02 Nov 2018 12:00:00 GMT
Issuer
DigiCert ECC Extended Validation Server CA
Open full certificate details


I notice that the Maxthon 5 provided Security information appears quite similar.

Maxthon v5.2.4.3000 has a button in the site Security information area and is labeled "Open full certificate details", but the button does not do anything (this may be another bug).

I did find what I believe to be the same issue referenced in an older Maxthon Community Forums thread; it is located:

The older thread appeared to reference the issue but did not actually appear resolved.  Instead, user BugSir006 stated that:  " The issue of incorrect unsafe warning when accessing Gmail(under some special scenes) has been fixed in 5.1.3.200.".  The problem referenced in these threads may be different than the one fixed.

Link to comment
Share on other sites

 no issue with any of these sites, but you say "when that happens" so I guess the bug is not consistent ?

41 minutes ago, Ascii2 said:

The issue may be reproduced by visiting one of the example websites for the first time during the browsing session.  When that happens, the following dialog box is presented:  [Cannot post picture in forum; I receive forum message " The page you are trying to access is not available for your account. "]

 

 

 

sigmax2.png

Link to comment
Share on other sites

11 minutes ago, -ody- said:

 no issue with any of these sites, but you say "when that happens" so I guess the bug is not consistent ?

 

The bug would be consistent.  If you cannot reproduce the bug there may be another variable.  Perhaps things are handled differently for Windows NT5.x series operating systems than on Windows NT 6.x series operating systems.

EDIT: I have tried to reproduce the issue in a Windows 7 with Service Pack 1 virtual machine on the three example sites.  The problem only manifested on the https://vivaldi.net/ instance.

I do not know if it matters, but I have done all testing on the portable version.

Link to comment
Share on other sites

2 hours ago, Ascii2 said:

This posting is to report a bug.

I receive an Invalid Certificate dialog box on Maxthon 5.2.4.3000 when trying to view some websites.  My system time and date are correct.

I use Maxthon v5.2.4.3000 on Windows XP Professional with Service Pack 3.

Three example websites are:

The issue may be reproduced by visiting one of the example websites for the first time during the browsing session.  When that happens, the following dialog box is presented:  [Cannot post picture in forum; I receive forum message " The page you are trying to access is not available for your account. "]

I have copied the text from Maxthon Security information for the example webpages and display them below.

For "https://vivaldi.net/":


https://vivaldi.net
View requests in Network Panel
Connection
Protocol
TLS 1.2
Key exchange
ECDHE_ECDSA
Key exchange group
X25519
Cipher
CHACHA20_POLY1305
Certificate
Subject
ssl509072.cloudflaressl.com
SAN
ssl509072.cloudflaressl.com
*.vivaldi.net
vivaldi.net
Valid from
Fri, 27 Apr 2018 00:00:00 GMT
Valid until
Sat, 03 Nov 2018 23:59:59 GMT
Issuer
COMODO ECC Domain Validation Secure Server CA 2
Open full certificate details


For "https://easylist.to/":


https://easylist.to
View requests in Network Panel
Connection
Protocol
TLS 1.2
Key exchange
ECDHE_ECDSA
Key exchange group
X25519
Cipher
CHACHA20_POLY1305
Certificate
Subject
sni191559.cloudflaressl.com
SAN
sni191559.cloudflaressl.com
*.all-cardealers.com
Show more (95 total)
Valid from
Wed, 19 Sep 2018 00:00:00 GMT
Valid until
Thu, 28 Mar 2019 23:59:59 GMT
Issuer
COMODO ECC Domain Validation Secure Server CA 2
Open full certificate details


For "https://www.cloudflare.com/":


https://www.cloudflare.com
View requests in Network Panel
Connection
Protocol
TLS 1.2
Key exchange
ECDHE_ECDSA
Key exchange group
X25519
Cipher
CHACHA20_POLY1305
Certificate
Subject
cloudflare.com
SAN
cloudflare.com
www.cloudflare.com
Valid from
Fri, 28 Oct 2016 00:00:00 GMT
Valid until
Fri, 02 Nov 2018 12:00:00 GMT
Issuer
DigiCert ECC Extended Validation Server CA
Open full certificate details


I notice that the Maxthon 5 provided Security information appears quite similar.

Maxthon v5.2.4.3000 has a button in the site Security information area and is labeled "Open full certificate details", but the button does not do anything (this may be another bug).

I did find what I believe to be the same issue referenced in an older Maxthon Community Forums thread; it is located:

The older thread appeared to reference the issue but did not actually appear resolved.  Instead, user BugSir006 stated that:  " The issue of incorrect unsafe warning when accessing Gmail(under some special scenes) has been fixed in 5.1.3.200.".  The problem referenced in these threads may be different than the one fixed.

Hi Ascii2,

Because your XP system hasn't installed the latest root certificate.

Link to comment
Share on other sites

  • 2 weeks later...
On 9/30/2018 at 1:53 AM, BugSir006 said:

Hi Ascii2,

Because your XP system hasn't installed the latest root certificate.

Hello, BugSir006. Sorry for the late response.

I have installed the latest available root certificates (through September 2018) on the Windows XP with Service Pack 3 instance, but it does not resolve the problem.  I do notice that the certificates reference "ECC", which I believe to be Elliptic Curve Cryptography, something not implemented on Windows XP with Service Pack 3.  These certificates also cannot be imported normally nor function if they added by adding information to Windows Registry.  I suppose that one would have to hope that someday an update adding Elliptic Curve Cryptography to the operating system.

After testing after the root certificate update, I noticed that I was able to access less test websites than before the root certificate update.  The root certificate update adds certificates and removes others; I believe it likely that one or some the the deleted certificates were used by some of the sites (perhaps as alternate certificates).

My understanding is that websites may have one or multiple certificates if it uses certificates.  I have observed that web browsers present only information for one certificate.  It would seem that only one certificate is used to certify a website.  Is this truly the case?  Also, how do web servers and clients (browsers) come to an agreement as to which certificate or certificates to use?  Is the process to determine which certificate or certificates to use the same regardless of browser?

 

Link to comment
Share on other sites

9 hours ago, BugSir006 said:

Bug confirmed.

I have tried updating the root certificates on Windows 7 and the problem reported in this thread no longer manifested.  On Windows XP, the operating system's certificate management does not handle ECC certificates, which appear to be what the tests sites are using.  I believe that you were right that this had to do with the root certificates.  This would seem to be a website design issue.

Link to comment
Share on other sites

10 hours ago, Ascii2 said:

I have tried updating the root certificates on Windows 7 and the problem reported in this thread no longer manifested.  On Windows XP, the operating system's certificate management does not handle ECC certificates, which appear to be what the tests sites are using.  I believe that you were right that this had to do with the root certificates.  This would seem to be a website design issue.

Yes, the developer checked out this issue again, it is related to the XP system.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.