Invalid certificate for the forum?


(Chuckles) #1

If I attempt to use SSL to connect to this site ( https://community.smartthings.com/ ), Firefox responds with the following:

community.smartthings.com uses an invalid security certificate.
The certificate is only valid for the following names: forum.choiceofgames.com, choiceofgames.com
(Error code: ssl_error_bad_cert_domain)


(Chrisf) #2

I am seeing the same thing.

They have a wildcard SSL, which is active on shop.smartthings.com. So they just need to get something cleared up with whoever hosts their forums.


(Fred Chavez) #3

This has been happening for the last week. IE will let you bypass the cert error but Firefox does not. It is complying with the site’s specs.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

I figured after a few days this would get sorted out. This happens on every PC in the house but oddly, not on the phones.

Anyone else see this happening or do I have something crazy going on?


#4

It has been happening to me in Chrome on my Android phone, but not Chrome on the PC browsers.
Sometimes it works on the phone, but it is only about 1 out of 3 attempts. It has only been happening to me for about the past week.


(Bruce Robertson) #5

I had the same thing, but the issue seems to be resolved as of yesterday.

https://support.comodo.com/index.php?/Knowledgebase/Article/View/1019/0/untrusted-certificate-error-on-android

I was reading this since Comodo PositiveSSL seemed to be the cert issuer.


(Ray) #6

I have this issue on my Android not just this site but many others.


(Sam Saffron) #7

What version of Android is this? What browser are you using?


(Daniel Consuegra) #8

I’m on Android 5.0.1 on a Tab S and Chrome on the latest stable version… and I have those errors… but not on Windows nor MacOS…


(Benji) #9

Can someone actually post a screen shot of the full error they are getting please.


(Daniel Consuegra) #10


(Benji) #11

Thank you, when it does that, can you click on the red padlock and you should have a details link, click on that then click on ‘View certificate’ and finally go to the ‘Certification Path’ tab.

Can you grab a screen shot of that please.


(Daniel Consuegra) #12

This you mean?


(Benji) #13

Looking more for the full chain to see where it’s breaking down but just noticed that Chrome on Android, lemmie just check how to do it on Android.


(Benji) #14

Okay, kinda the same, see the drop down arrow near the top next to ‘community.smartthings.com’ on that same ‘Certificate Viewer’ page, click that and take a screen shot.

Thanks for your help.


(Daniel Consuegra) #15

No prob! I may not be a programmer, but I do try to act as a good guinea pig… lol!


(Benji) #16

Okay, so it looks like it’s breaking down between the intermediate cert and the root cert, if you tap on the "COMODO RSA Domain Validation Secure Server CA’, what does that page look like?


(Daniel Consuegra) #17


(Benji) #18

Okay, that seems to match the serial / fingerprint of the intermediate certificate I’ve got so either the root certificate is not being sent with the rest of the chain or it’s corrupted somehow.

Given that people are only experiencing this on certain browsers/systems, what’s weird is that it works fine on my Android 6 phone with Chrome. I’m guessing the site isn’t supplying the root certificate and some devices don’t already have it in their Trusted Certificates store on their device.

Without having a device where I get this error, it’s harder to diagnose further but thank you for the help @danielccm!

@discourse @codinghorror is this something you need to correct or SmartThings staff?


(Daniel Consuegra) #19

@Benji if you tell me what else to do, I’ll gladly do it! I’m sure we can diagnose it completely…


(Benji) #20

I like your enthusiasm! Unfortunately it gets a lot more convoluted for little extra gain and ultimately, we can’t fix the error.

Well, you might be able if it is what I think it is but telling people to install certificates into their trusted certificate store would be dead against ethics and having people listen to that kind of advice from strangers is a sure fire way to get their devices horribly compromised, so let’s not :smiley:

If anyone tells you to “just add this certificate into your trusted certificate store”, politely tell them to go and pound sand.