SSL Certificate invalid for many websites

[theblindrat]

When I browse from Windows7 or Debian Linux (Kali VM) sites like twitter[dot]com are showing invalid certifcates in NAT mode.

I disconnect from the VPN and bridge mode works just fine for both Guest VMS. NAT mode continues to not work.

I have no idea how to resolve this and closest I saw was ESET SSL scans but i disabled antivirus on windows no luck and Kali Linux has no AV setup.

Thanks in advance for your help.

[theblindrat]

It seems all the sites I fail on are HSTS enabled with header "strict-transport-security: "

so like support[dot]google[dot]com/ fails
but www[dot]google[dot]com/ works

[noteirak]

Please read Minimum information needed for assistance.

[theblindrat]

1. VirtualBox version 4.3.28 r100309
2. Host - Windows 7 64bit 16GB RAM, Guest 1 Windows 7 64bit 11GB RAM, Guest 2 Linux 2.6/3.x 64bit. Both configured in NAT mode and running in a VPN
3. Logs for both attached

[noteirak]

Nothing strikes me as odd in the logs. Can you a nslookup <website-domain> on both guests with NAT & Bridged and VPN on & off for each? that means 4 results.
make sure to run ipconfig /flushdns on the windows VM before each attempt

[theblindrat]

Here is that information.

VPN on + bridged does not work -- those two left out

VPN on + NAT linux
Server: 10.x.x.x
Address: 10.x.x.x#yy

Non-authoritative answer:
Name: twitter.com
Address: 199.16.156.230
Name: twitter.com
Address: 199.16.156.198
Name: twitter.com
Address: 199.16.156.6
Name: twitter.com
Address: 199.16.156.102


VPN ON + NAT Windows 7
nslookup twitter.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: twitter.com
Addresses: 199.16.156.6
199.16.156.38
199.16.156.198
199.16.156.230

VPN OFF + NAT Windows 7
nslookup twitter.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: twitter.com
Addresses: 199.16.156.38
199.16.156.198
199.16.156.6
199.16.156.102


VPN OFF + NAT Linux
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: twitter.com
Address: 199.16.156.198
Name: twitter.com
Address: 199.16.156.70
Name: twitter.com
Address: 199.16.156.38
Name: twitter.com
Address: 199.16.156.6

VPN OFF + Bridged Windows
Server: google-public-dns-a.google.com
Address: 8.8.8.8

Non-authoritative answer:
Name: twitter.com
Addresses: 199.16.156.38
199.16.156.102
199.16.156.70
199.16.156.230


VPN OFF + Bridged Linux
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: twitter.com
Address: 199.16.156.70
Name: twitter.com
Address: 199.16.156.230
Name: twitter.com
Address: 199.16.156.198
Name: twitter.com
Address: 199.16.156.6

[theblindrat]

Any other ideas? It's very odd to me it only seems to be HTTP Strict Transport Security (HSTS) enabled websites.

[noteirak]

Not much to go on. Could you get the certificate of twitter per example, once on NAT and once on Bridged mode, and attach both here?

[theblindrat]

What is the best way to do that?

[noteirak]

Go on the website and in your browser address bar, you'll have certificate info. Press "View certificate" or similar, and then in the new window you should be able to save it.