how to reject server certificates automatically

gilgamesh99

gilgamesh99 last edited by

Hello.
On almost every site I browse, I got a warning pop-up telling me that there are some certificate errors.
Typically it seems to be coming from facebook: "The certificate for "*.facebook.com" is signed by the unknown Certificate Authority..." etc

I usually click on "Remember my choice for this certificate" and then "Reject".

The problem is that the choice is not remembered: every time I have to reject it again.

Is it possible to automatically reject all the *.facebook.com certificates?

Thx a lot.

Deleted User

Deleted User last edited by

Opera checks certificates against its Windows Certificate Store.
You cant reject SSL to facebook.com globally.

Deleted User

Deleted User last edited by

You should not get such warnings!

Othewrise you are hacked. Or your internet provider wants to crack your secure connection if you are in a country with less privacy and humans rights.

gilgamesh99

gilgamesh99 last edited by

Ok, but why the "Remember my choice for this certificate" does not work?

gilgamesh99

gilgamesh99 last edited by admin

Actually the real question should be "why the webpage is trying to connect to facebook?".
Even if I go to https://forums.opera.com/category/11/opera-for-windows I get the same warning.
This means that in way or another opera forum page is linked with facebook.
Isn't it possible to block these connections?

linuxmint7

linuxmint7 last edited by

This means that in way or another opera forum page is linked with facebook.

Like pretty much most of the web.

What about all those 'Like' buttons or the 'follow us on Facebook' buttons that are plastered all around the internet ?.

gilgamesh99

gilgamesh99 last edited by

That's true but thing is these popup warnings are a bit more annoying then the "like" buttons on the web pages... :=)

I really don't understand why the remember flag is not working.
I consider it a bug.

Deleted User

Deleted User last edited by

The certificate for "*.facebook.com" is signed by the unknown Certificate Authority..."

Which Unknown Certificate Authority is shown in case of such popups/unknow certs?

Facebook.com server certifcate is signed by following CAs:
DigiCert High Assurance CA-3
DigiCert High Assurance EV Root CA

Download DIgicerts CA certificates from https://www.digicert.com/digicert-root-certificates.htm these Certificates and add them to certificate store of your OS/Opera.

Beware: all other warnings about certificates may come from injected ads/malware/cracked SSL connections.

gilgamesh99

gilgamesh99 last edited by

The popup reports the following:

Holder: *.facebook.com, Facebook, Inc.
Issuer: 10.249.6.201, Blue Coat SG9000 Series
Expires: 13/04/2015 13.00.00 GMT

Encryption protocol
256 bit AES (RSA/SHA).

I believe 10.249.6.201 to be the proxy server/firewall of my company.
Blue Coat is indeed a web proxy manufacturer.
Additional info: Facebook is blocked.

It seems that the proxy makes Opera believe the certificate to be issued by itself, hence Opera of course does not recognize it.

Can I store this proxy's certificate in Opera?

Deleted User

Deleted User last edited by

Yes, your company connection to facebook is blocked/scanned by a internal proxy/security hardware.
Contact your company's administrator for this issue.

gilgamesh99

gilgamesh99 last edited by

Thx but, once again, my original question remains: why Opera does not remember the choice of rejecting the certificates?
I don't want to view Facebook pages, I'd want to get rid of these annoying pop-ups.

Deleted User

Deleted User last edited by

I think you use Opera 12?

If you get a popup about unknow certificate

• select Tab security
• Remember my choice
• Hit Reject button

Now this certificate is rejected forever.

Opera Preferences -> Advanced -> Security
Manage Certificates...
Tab Rejected shows all rejected ones by user.
Tab Approved shows all allowed ones by user.

gilgamesh99

gilgamesh99 last edited by

Yes, 12.17.
Looking in Opera Preferences -> Advanced -> Security
Manage Certificates...

I have a lot of *.facebook.com rejected certificates: around 60 or 70!

Is it possible that every time a somehow different certificate is issued? (even when being on the same page).

Deleted User

Deleted User last edited by

Looking in Opera Preferences -> Advanced -> Security
Manage Certificates...
I have a lot of *.facebook.com rejected certificates: around 60 or 70!

Now you know Opera has rejected by user interaction such bad certificates.

Is it possible that every time a somehow different certificate is issued? (even when being on the same page).

Yes, your company's security software appliance may cause such problems.