NethServer Version: 7.5 Module: Proxy and Webfilter
Hi to all,
I tried to open the site de.pons.com and get a certificate error. It’s published to urlfilterdb.com, without proxy it’s published to pons.com. I’ts not filtered, after clicking more often at the yes or the no button I can use the the site.
I added the domain (de.pons.com) to domains without proxy, but it doesn’t change anything.
Has somebody another idea? Can somebody confirm this behavior?
Edit: Tested with leo, it’s the same problem and the same certificate:
Thanks for your answer. The output of your command is:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 4065765234379907969 (0x386c7ff07758e381)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate Authority - G2
Validity
Not Before: Nov 20 15:56:00 2017 GMT
Not After : Jan 15 09:31:42 2020 GMT
Subject: OU=Domain Control Validated, CN=*.pons.com
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:cc:7a:0c:e8:fc:23:83:0c:c5:70:05:82:3e:58:
ef:2c:6d:43:b9:8c:e8:cb:21:37:6f:a7:4a:a4:27:
10:a0:05:b2:2a:e0:80:41:88:93:b6:6c:18:99:7c:
b6:4e:e4:b7:a6:38:84:91:81:d0:d4:0c:ca:07:be:
d1:f4:79:a8:13:35:73:ed:37:fa:22:32:73:df:00:
b7:b0:fa:5c:f4:84:00:3e:33:04:90:89:84:a2:95:
d5:83:b8:d9:3e:ef:e4:79:a0:a8:8c:b7:4f:e1:4a:
b7:7a:8d:ae:ba:d4:e4:84:f4:31:7c:79:65:ce:75:
7a:7b:2e:15:2d:f0:b0:3f:c8:26:c5:bb:9b:17:f8:
15:63:4e:9f:45:38:e2:8c:c4:25:f6:80:d3:8a:b2:
2b:a0:e1:d2:13:49:1c:24:06:8d:25:19:30:ae:ad:
92:1c:38:2c:81:9b:b2:74:a1:a7:c4:f6:dd:49:01:
5d:21:2c:a8:06:99:e6:a8:46:ee:d7:b5:61:1b:f8:
49:b3:bc:9e:ea:af:00:16:a7:f8:89:2b:a2:0b:93:
2a:87:d2:33:01:30:5d:30:d9:fa:14:6c:11:65:d9:
b3:c0:92:68:bf:d3:6f:22:2f:7d:91:3d:fa:36:31:
08:01:54:07:49:7f:ff:8f:96:a0:32:e9:0a:aa:59:
c9:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
Full Name:
URI:http://crl.godaddy.com/gdig2s1-790.crl
X509v3 Certificate Policies:
Policy: 2.16.840.1.114413.1.7.23.1
CPS: http://certificates.godaddy.com/repository/
Policy: 2.23.140.1.2.1
Authority Information Access:
OCSP - URI:http://ocsp.godaddy.com/
CA Issuers - URI:http://certificates.godaddy.com/repository/gdig2.crt
X509v3 Authority Key Identifier:
keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE
X509v3 Subject Alternative Name:
DNS:*.pons.com, DNS:pons.com
X509v3 Subject Key Identifier:
93:0D:14:12:5D:7E:08:A2:B2:CC:50:46:83:99:A1:A3:EF:0A:72:3C
Signature Algorithm: sha256WithRSAEncryption
13:f6:cd:cb:32:72:d9:a5:2a:ea:f7:db:50:a9:d5:1e:46:c1:
7a:06:7c:e0:e9:4c:6e:f1:a4:70:35:99:f4:ce:9b:50:5f:c4:
76:8f:40:8b:d7:8a:64:df:02:71:f0:8f:90:97:2f:2c:a7:aa:
f5:03:17:27:3f:49:c1:cb:28:5e:a7:bd:bf:c0:a3:d8:ed:89:
05:73:f6:33:b0:96:ca:ad:17:00:68:6e:30:90:1f:4c:34:ec:
7b:a7:b5:57:7d:29:fd:db:96:16:bb:8f:0a:77:9a:48:35:71:
9e:3e:47:7f:21:42:eb:52:df:fe:3f:5e:02:17:15:34:64:c0:
71:d1:ee:0f:2d:90:69:38:ae:a0:35:a1:f2:06:7e:7b:3b:7a:
33:a2:c0:c9:0f:11:b8:82:a3:8f:d6:9d:9a:1c:8f:b4:a5:e6:
c6:5d:8a:7c:c3:40:b4:93:7c:0f:5b:ff:cc:c4:d9:27:b4:52:
21:e4:85:64:52:69:86:d2:9d:87:f1:26:61:bd:3e:ba:31:9b:
4d:22:6d:c0:37:c7:2c:ee:72:93:cc:7e:b8:ba:31:dd:9a:af:
78:8e:15:12:88:35:86:ba:02:81:ee:a3:8c:a7:01:c2:6d:b4:
9c:3e:82:be:68:2d:25:a7:ce:b4:0f:79:65:72:4b:03:aa:bd:
05:ba:4d:5d
I configured the proxy in manual mode and if I click at the lock at the site I get the right one, only by opening the site or clicking somewhere the error message comes with the wrong certificate.
Edit: disable the adv category works, but it would be nice if you can use the sites without the ads and without clicking more times at a certificate warning. We can’t work at the transparent mode, because a banking site we need don’t work in transparent mode.
