I'm having some very odd issues with my ISP today and I'm wondering if anyone here can shed some insight on how this is even possible.
Going to https facebook.com, google.com, bing.com, yahoo.com, ebay.com (all major sites) results in the following error:
[text]www.google.com uses an invalid security certificate.
The certificate is only valid for the following names:
*.suddenlink.net , suddenlink.net
(Error code: ssl_error_bad_cert_domain)[/text]
It appears my ISP is returning their own certificate for specific websites! My thoughts are they are installing monitoring software of some sort and someone dropped the ball and configured it incorrectly causing this to happen, but that's just a hunch.
Further, going to the non-ssl versions of these sites causes the following error:
[text]The connection to www.facebook.com was interrupted.
Error 101 (net::ERR_CONNECTION_RESET): The connection was reset.[/text]
I called them and they stated they received numerous calls regarding this today. What's up with this?
Strange SSL Issues today...
Moderator: General Moderators
Re: Strange SSL Issues today...
Sounds like they've added a proxy or cache. What IP addresses do those problematic domain names resolve to?
Re: Strange SSL Issues today...
[text]host https://facebook.com
https://facebook.com has address 66.152.109.104
host https://google.com
https://google.com has address 66.152.109.104[/text]
[text]http://facebook.com
http://facebook.com has address 69.16.143.104
host http://google.com
http://google.com has address 66.152.109.104[/text]
https://facebook.com has address 66.152.109.104
host https://google.com
https://google.com has address 66.152.109.104[/text]
[text]http://facebook.com
http://facebook.com has address 69.16.143.104
host http://google.com
http://google.com has address 66.152.109.104[/text]
Re: Strange SSL Issues today...
Yeah, that's stupid. Their DNS servers are doing Bad Things by resolving everything to their own servers which then, presumably, fetch the real content for you. Maybe they've set you up with a parental filter? If you call them up then tell them about the DNS problem and that should get you further (elevate if you have to).
On your end you can change the DNS servers you're using, either in the OS in your router/modem settings. OpenDNS has a free service but when they started redirecting missing domain names to their search portal (eg, trying to go to http://www.nonexistantdomainname.com would send you to their search page for "www.nonexistanddomainname.com") I moved to Google's public DNS.
On your end you can change the DNS servers you're using, either in the OS in your router/modem settings. OpenDNS has a free service but when they started redirecting missing domain names to their search portal (eg, trying to go to http://www.nonexistantdomainname.com would send you to their search page for "www.nonexistanddomainname.com") I moved to Google's public DNS.
Re: Strange SSL Issues today...
Yeah I configured my firewall to use public dns servers instead of the ISP's. Not sure what the ISP is trying to do but that is certainly shady.