1

Our platform has 10.000s weekly users, but now I get from a (B2B) client that one of their subclients got the "invalid certificate" message on our platform. They attached the screenshot as proof.

Now I found this answer:

https://superuser.com/questions/1083766/how-do-i-deal-with-neterr-cert-authority-invalid-in-chrome

The thing is: I have to communicate "something" to my B2B client and their are to many layers in between so I can't ask to inspect the person itself. So I'm trying to understand the problem better.

  • Most likely this has been a corporate environment - does this mean the workplace most likely intercepts their communication?
  • How does this work? Why isn't this causing problems for all other sites on their internet/network? Like Google or Stackoverflow for that matter. Are they "whitelisting" websites?
  • There are like two B2B companies in between me and the person with the problem, so I'm not sure if this is a separate smaller Business Unit, but should this problem arise for all people within that same network or none?
  • I've had a similar situation once during 4G in a foreign country; very temporarily I had a bad certificate issue on a certificate that is still one year valid. Can this be something similar?

Notes

The platform is poules.com - the specific page is under a subdomain and is using the wildcard certificate.

Dirk Boer
  • 485
  • 1
  • 3
  • 10
  • There isn't enough information to answer. The platform and application need to be specified, and the details of the untrusted certificate. On Windows, it is possible to enable logging of certificate trust validation, which would show the details of the offending certificate. Most browsers also do this. – Greg Askew Jul 04 '19 at 10:54
  • Hi @GregAskew, because there are two B2B clients in between (and they don't want to bother their respective clients) I don't have access to the machine or the person having this issue. The certificate is the wildcard SSL on https://poules.com applied to a subdomain like https://xxxxx.poules.com – Dirk Boer Jul 04 '19 at 12:26
  • Ask the client to show exactly what certificate they received when connecting to your website. Also did you test your platform and its "SSL" configuration through any online tool that is able to detect which client can or can not connect to it depending on your certificate and CA used? – Patrick Mevzek Jul 05 '19 at 18:32

1 Answers1

3

does this mean the workplace most likely intercepts their communication

this is what I would put on top of other potential reasons. They should check who is the issuer of presented invalid certificate. As long as other 10k users don't experience issues with certificate you can be safe that your configuration is correct and client should find the issue on their end.

ERR_CERT_AUTHORITY_INVALID error indicates that the issuer of the certificate is not trusted by client. I suspect that your certificate is issued by a globally trusted CA.

There a little (but yet) chance that due to some reasons particular globally trusted CA is not trusted in their environment. This happens in envrionments with strict security and where unnecessary roots are removed from trust.

Crypt32
  • 6,639
  • 1
  • 15
  • 33