Connection to opi from company network not possible

Put support questions regarding OPI here. Examples are hardware related issues and other questions that are specific to OPI.
Post Reply
hans345
Posts: 10
Joined: Thu Sep 25, 2014 4:16 am

Connection to opi from company network not possible

Post by hans345 » Mon Oct 06, 2014 8:45 am

Hi,

I tried to connect from my work´s network to connect to the opi, but this not possible. I get the following error message:



The system returned:

(71) Protocol error (TLS code: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN)

Self-signed SSL Certificate in chain: /C=SE/ST=Skane/L=Loddekopinge/O=OpenProducts/O=./OU=./CN=ROOT CA


What can I do to solve this?


User avatar
tor
Posts: 120
Joined: Thu Aug 14, 2014 3:42 am
Contact:

Post by tor » Mon Oct 06, 2014 8:33 pm

Hi Hans345,

Could you provide more information on the environment where this happens? OS, Browser. Any proxies involved? (My guess is the last one, that you have a proxy that is unaware of our ROOT CA. :( )

Best Regards,

/Tor

hans345
Posts: 10
Joined: Thu Sep 25, 2014 4:16 am

Post by hans345 » Tue Oct 07, 2014 7:41 am

Hi Tor,

the environment:
Win 7, Firefox 24.7.0 ESR and a proxy is involved. Any more information needed?

Any more information needed?

Best Regards
hans345

User avatar
tor
Posts: 120
Joined: Thu Aug 14, 2014 3:42 am
Contact:

Post by tor » Tue Oct 07, 2014 2:17 pm

Hi again hans345,

It seems like the problem here is the proxy server being deployed at your work. Google suggests that they run squid possibly with SslBump: http://wiki.squid-cache.org/Features/SslBump

This is unfortunately nothing we can do anything about. You should also be aware that it is most likely that all traffic passing through this proxy is being decrypted and inspected for good or bad by your employer.

Sorry for not having a better answer here :(

/Tor

hans345
Posts: 10
Joined: Thu Sep 25, 2014 4:16 am

Post by hans345 » Wed Oct 08, 2014 7:16 am

Hi Tor,

thanks for the reply.

Well, I sent a mail to "our" firewall admin to see, if he can do or is willing to do something about this.

Best reagrds
hans345

tehcog
Posts: 9
Joined: Mon Sep 29, 2014 8:26 pm

Post by tehcog » Mon Oct 13, 2014 9:39 pm

Your employer is probably running Bluecoat Security, which (as Tor indicates) most likely decrypts all of you https traffic. This is their prerogative, as it is their network. However, I suggest that you do not do any banking or other transactions that require the passing of personally sensitive data for the following reasons:

As they are performing the man in the middle attack (hack), They may be storing your personal information (bank account numbers, log in identification data, etc.) on their servers, which in turn can be hacked by outsiders, abused by insiders, or even used for meta data collection on employees and held for the rare occasion when they might want to "investigate" you i.e. you want a promotion or something.

They may be outsourcing this service, which is more likely. Which implies that they actually have no control over your sensitive data, and the 3rd party could be hacked or the data intercepted while being transmitted over the interwebs. You have no idea, or control.

Yes, this is all a possibility.

Use your PERSONAL BlackPhone or possibly iPhone (not the company's) instead.

Trust no one.

Regards

Post Reply