SSL Certificate Check
-
mgs5 last edited by
Hi, i'm trying to setup a computer that loads using Opera 42 browser a webpage at startup. It has all outbound traffic blocked in Firewall and I manually add exceptions. The webpage that tries to load give me a Server Certificate invalid (although it has a valid certificate). My guess is that the Opera browser does a check and because the firewall blocks the request, i get that message.
Can anyone please help me out with information pointing to the mechanism Opera uses to check a website's certificate?
I found something about sitecheck2.opera.com should I whitelist the IP behind that?
Or if I can turn off the Certificate check somehow... or add an exception. I find the new Opera browser incredibly .... how to put it properly... "lame" i guess...?... Could not find anything in Settings or opera://flags ...
anyway, thanks everybody. Happy New Year
-
mbaluta last edited by
When the browser checks the certificate of the webpage it usually needs to connect with Certificate Authority to check if the certificate was not revoked. It is also possible that the browser must update it's database of Certificate Authorities, but I'm not sure how it works. I think it would be best if you first disabled firewall, then captured all the traffic with Wireshark and then figure out which hosts you should add to the firewall.
-
mgs5 last edited by
Thank you, that is actually a professional approach, i must do that. In the mean time I found an opera://flags#allow-insecure-localhost flag, but I'm not sure it works for sites other than your localhost.
At the moment I successfully tested with the --ignore-certificate-error argument for path\launcher.exe of Opera.
Even with the wireshark approach, my fear is that there may be more than 1 CA contacted by the browser before it loads the webpage, which would mean more holes in the firewall as number of pages with different CA gather. (or just my thought on this).
Anyway thanks for your help.
All the best! -
-
shelluser last edited by
Keep in mind that Opera relies on the Windows certificate store. So if for some reason you didn't apply official Windows updates that could influence all this (I know Microsoft pushed some certificate updates out in the past 6 - 9 months).
