Re: Can't connect to torproject.org
On 11/04/2021 11:25, Celejar wrote:
I feel silly for not being able to figure this out.
I can't connect to torproject.org via either Firefox or Chromium. The
browsers object that HSTS is in place and they don't recognize the
site's certificate (SEC_ERROR_UNKNOWN_ISSUER). There's no opportunity
offered to add an exception.
I've seen these threads:
https://support.mozilla.org/en-US/questions/1201504
https://superuser.com/questions/1066863/how-can-i-add-a-certificate-exception-for-an-hsts-protected-site-in-firefox
https://support.mozilla.org/en-US/questions/942924
But I don't see any good suggestions for fixing this in my case. I have
a pretty standard Debian installation, with standard certificates
installed, and no customization to my local certificate infrastructure.
I'm connecting via Verizon FioS, with no proxy in use (on my end, at
least).
There seems to be to issues:
- The certificate issuer is invalid
- Since the site uses HSTS[0], the browser does not allow the user to
override the certificate problem.
[0]https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
HSTS doesn't really seem to be problem. It just tells the browser that
https is to be used at all times. If there's a certificate error, that
means that TLS is being used.
The real question is then why is the issuer considered invalid. I can
access the site normally and it uses a Let's Encrypt certificate, which
should be trusted, and should be used by many other sites.
What happens when you try to access https://letsencrypt.org/, which is
signed by the same CA?
--
Persistence in one opinion has never been considered a merit in political
leaders.
-- Marcus Tullius Cicero, "Ad familiares", 1st century BC
Eduardo M KALINOWSKI
eduardo@kalinowski.com.br
Reply to: