Page 1 of 1
SSL Certificate invalid for many websites
Posted: 4. Jun 2015, 16:56
by theblindrat
When I browse from Windows7 or Debian Linux (Kali VM) sites like twitter[dot]com are showing invalid certifcates in NAT mode.
I disconnect from the VPN and bridge mode works just fine for both Guest VMS. NAT mode continues to not work.
I have no idea how to resolve this and closest I saw was ESET SSL scans but i disabled antivirus on windows no luck and Kali Linux has no AV setup.
Thanks in advance for your help.
Re: SSL Certificate invalid for many websites
Posted: 4. Jun 2015, 17:34
by theblindrat
It seems all the sites I fail on are HSTS enabled with header "strict-transport-security: "
so like support[dot]google[dot]com/ fails
but www[dot]google[dot]com/ works
Re: SSL Certificate invalid for many websites
Posted: 5. Jun 2015, 00:40
by noteirak
Re: SSL Certificate invalid for many websites
Posted: 5. Jun 2015, 14:18
by theblindrat
1. VirtualBox version 4.3.28 r100309
2. Host - Windows 7 64bit 16GB RAM, Guest 1 Windows 7 64bit 11GB RAM, Guest 2 Linux 2.6/3.x 64bit. Both configured in NAT mode and running in a VPN
3. Logs for both attached
Re: SSL Certificate invalid for many websites
Posted: 5. Jun 2015, 16:00
by noteirak
Nothing strikes me as odd in the logs. Can you a nslookup <website-domain> on both guests with NAT & Bridged and VPN on & off for each? that means 4 results.
make sure to run ipconfig /flushdns on the windows VM before each attempt
Re: SSL Certificate invalid for many websites
Posted: 5. Jun 2015, 19:42
by theblindrat
Here is that information.
VPN on + bridged does not work -- those two left out
VPN on + NAT linux
Server: 10.x.x.x
Address: 10.x.x.x#yy
Non-authoritative answer:
Name: twitter.com
Address: 199.16.156.230
Name: twitter.com
Address: 199.16.156.198
Name: twitter.com
Address: 199.16.156.6
Name: twitter.com
Address: 199.16.156.102
VPN ON + NAT Windows 7
nslookup twitter.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: twitter.com
Addresses: 199.16.156.6
199.16.156.38
199.16.156.198
199.16.156.230
VPN OFF + NAT Windows 7
nslookup twitter.com
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: twitter.com
Addresses: 199.16.156.38
199.16.156.198
199.16.156.6
199.16.156.102
VPN OFF + NAT Linux
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: twitter.com
Address: 199.16.156.198
Name: twitter.com
Address: 199.16.156.70
Name: twitter.com
Address: 199.16.156.38
Name: twitter.com
Address: 199.16.156.6
VPN OFF + Bridged Windows
Server: google-public-dns-a.google.com
Address: 8.8.8.8
Non-authoritative answer:
Name: twitter.com
Addresses: 199.16.156.38
199.16.156.102
199.16.156.70
199.16.156.230
VPN OFF + Bridged Linux
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: twitter.com
Address: 199.16.156.70
Name: twitter.com
Address: 199.16.156.230
Name: twitter.com
Address: 199.16.156.198
Name: twitter.com
Address: 199.16.156.6
Re: SSL Certificate invalid for many websites
Posted: 9. Jun 2015, 16:54
by theblindrat
Any other ideas? It's very odd to me it only seems to be HTTP Strict Transport Security (HSTS) enabled websites.
Re: SSL Certificate invalid for many websites
Posted: 9. Jun 2015, 17:04
by noteirak
Not much to go on. Could you get the certificate of twitter per example, once on NAT and once on Bridged mode, and attach both here?
Re: SSL Certificate invalid for many websites
Posted: 9. Jun 2015, 17:17
by theblindrat
What is the best way to do that?
Re: SSL Certificate invalid for many websites
Posted: 9. Jun 2015, 17:45
by noteirak
Go on the website and in your browser address bar, you'll have certificate info. Press "View certificate" or similar, and then in the new window you should be able to save it.