F5F Stay Refreshed Power Users Networks Unusual Insecurity When Connecting To Websites

Unusual Insecurity When Connecting To Websites

Unusual Insecurity When Connecting To Websites

H
HolyNight98
Member
Find
187
07-04-2023, 07:02 AM
#1
I'm assisting relatives dealing with a technical issue they're facing. It seems two of their computers are encountering the "Your connection is not secure" warning when accessing certain sites—one email, one healthcare portal, and another sports website. The problem appears consistent across Chrome and Safari. Other devices in the house connect normally. Their macOS is current, and they've tried reinstalling Chrome without success. They haven't tested on a different network yet. The ISP, described as local, mentioned other users reported similar problems. It seems the issue might stem from an outdated or incomplete list of trusted certificate authorities on those machines, making it hard to verify secure connections. Updating macOS could help, but I'm not sure if that resolves the core problem.
Reply
Reply
H
HolyNight98
07-04-2023, 07:02 AM #1

I'm assisting relatives dealing with a technical issue they're facing. It seems two of their computers are encountering the "Your connection is not secure" warning when accessing certain sites—one email, one healthcare portal, and another sports website. The problem appears consistent across Chrome and Safari. Other devices in the house connect normally. Their macOS is current, and they've tried reinstalling Chrome without success. They haven't tested on a different network yet. The ISP, described as local, mentioned other users reported similar problems. It seems the issue might stem from an outdated or incomplete list of trusted certificate authorities on those machines, making it hard to verify secure connections. Updating macOS could help, but I'm not sure if that resolves the core problem.

Reply
Reply
S
StoormBack
Member
Find
135
07-04-2023, 02:51 PM
#2
The ISP shouldn't be involved in the TLS handshake unless they're acting improperly. For instance, end the SSL connection and then re-encrypt and sign it using their own certificate. This would demand your PC to accept their certificate, which is a major security risk. The real problem is likely the outdated or corrupted list of trusted CA certificates on devices. An OS update should resolve this, especially if you're using a macOS version that receives regular support from Apple. If you check a website, clicking the lock icon next to the URL should reveal a dialog to view the certificate details and the reason for rejection. This isn't ideal advice—unless it's a trusted site like a baseball team’s domain. For any site requiring login info or personal data, this is highly discouraged.
Reply
Reply
S
StoormBack
07-04-2023, 02:51 PM #2

The ISP shouldn't be involved in the TLS handshake unless they're acting improperly. For instance, end the SSL connection and then re-encrypt and sign it using their own certificate. This would demand your PC to accept their certificate, which is a major security risk. The real problem is likely the outdated or corrupted list of trusted CA certificates on devices. An OS update should resolve this, especially if you're using a macOS version that receives regular support from Apple. If you check a website, clicking the lock icon next to the URL should reveal a dialog to view the certificate details and the reason for rejection. This isn't ideal advice—unless it's a trusted site like a baseball team’s domain. For any site requiring login info or personal data, this is highly discouraged.

Reply
Reply
J
JordansTardis
Junior Member
Find
5
07-05-2023, 02:08 PM
#3
Eigenvector emphasized that the ISP shouldn’t influence certificate verification. Their role is merely to relay data from your device to the target without altering it. If several users on the same ISP face certification problems, it suggests unauthorized changes are being made. Initial steps to investigate include: 1) Verify time and date across all devices—incorrect clocks can cause verification failures. 2) Examine the certificate being rejected by computers and review the error details. Possible reasons for invalid certificates: expired, mismatched domain, self-signed, or attempts to enforce lower security settings.
Reply
Reply
J
JordansTardis
07-05-2023, 02:08 PM #3

Eigenvector emphasized that the ISP shouldn’t influence certificate verification. Their role is merely to relay data from your device to the target without altering it. If several users on the same ISP face certification problems, it suggests unauthorized changes are being made. Initial steps to investigate include: 1) Verify time and date across all devices—incorrect clocks can cause verification failures. 2) Examine the certificate being rejected by computers and review the error details. Possible reasons for invalid certificates: expired, mismatched domain, self-signed, or attempts to enforce lower security settings.

Reply
Reply
V
VebbiHD
Member
Find
209
07-06-2023, 12:29 AM
#4
Review what others mention—it could connect to the recent Let's encrypt root certs expiring on September 30. Can you reach valid-isrgrootx1.letsencrypt.org and expired-r3-test.scotthelme.co.uk? As a new CA, many older systems still lack their latest root certificate.
Reply
Reply
V
VebbiHD
07-06-2023, 12:29 AM #4

Review what others mention—it could connect to the recent Let's encrypt root certs expiring on September 30. Can you reach valid-isrgrootx1.letsencrypt.org and expired-r3-test.scotthelme.co.uk? As a new CA, many older systems still lack their latest root certificate.

Reply
Reply