how to reject server certificates automatically

  • Hello.
    On almost every site I browse, I got a warning pop-up telling me that there are some certificate errors.
    Typically it seems to be coming from facebook: "The certificate for "*.facebook.com" is signed by the unknown Certificate Authority..." etc

    I usually click on "Remember my choice for this certificate" and then "Reject".

    The problem is that the choice is not remembered: every time I have to reject it again.

    Is it possible to automatically reject all the *.facebook.com certificates?

    Thx a lot.

  • Opera checks certificates against its Windows Certificate Store.
    You cant reject SSL to facebook.com globally.

  • You should not get such warnings!

    Othewrise you are hacked. Or your internet provider wants to crack your secure connection if you are in a country with less privacy and humans rights.

  • Ok, but why the "Remember my choice for this certificate" does not work?

  • Actually the real question should be "why the webpage is trying to connect to facebook?".
    Even if I go to https://forums.opera.com/category/11/opera-for-windows I get the same warning.
    This means that in way or another opera forum page is linked with facebook.
    Isn't it possible to block these connections?

  • This means that in way or another opera forum page is linked with facebook.

    Like pretty much most of the web.

    What about all those 'Like' buttons or the 'follow us on Facebook' buttons that are plastered all around the internet ?.

  • That's true but thing is these popup warnings are a bit more annoying then the "like" buttons on the web pages... :=)

    I really don't understand why the remember flag is not working.
    I consider it a bug.

  • The certificate for "*.facebook.com" is signed by the unknown Certificate Authority..."

    Which Unknown Certificate Authority is shown in case of such popups/unknow certs?

    Facebook.com server certifcate is signed by following CAs:
    DigiCert High Assurance CA-3
    DigiCert High Assurance EV Root CA

    Download DIgicerts CA certificates from https://www.digicert.com/digicert-root-certificates.htm these Certificates and add them to certificate store of your OS/Opera.

    Beware: all other warnings about certificates may come from injected ads/malware/cracked SSL connections.

  • The popup reports the following:

    Holder: *.facebook.com, Facebook, Inc.
    Issuer: 10.249.6.201, Blue Coat SG9000 Series
    Expires: 13/04/2015 13.00.00 GMT

    Encryption protocol
    256 bit AES (RSA/SHA).

    I believe 10.249.6.201 to be the proxy server/firewall of my company.
    Blue Coat is indeed a web proxy manufacturer.
    Additional info: Facebook is blocked.

    It seems that the proxy makes Opera believe the certificate to be issued by itself, hence Opera of course does not recognize it.

    Can I store this proxy's certificate in Opera?

  • Yes, your company connection to facebook is blocked/scanned by a internal proxy/security hardware.
    Contact your company's administrator for this issue.

  • Thx but, once again, my original question remains: why Opera does not remember the choice of rejecting the certificates?
    I don't want to view Facebook pages, I'd want to get rid of these annoying pop-ups.

  • I think you use Opera 12?

    If you get a popup about unknow certificate

    • select Tab security
    • check [x] Remember my choice
    • Hit Reject button

    Now this certificate is rejected forever.

    Opera Preferences -> Advanced -> Security
    Manage Certificates...
    Tab Rejected shows all rejected ones by user.
    Tab Approved shows all allowed ones by user.

  • Yes, 12.17.
    Looking in Opera Preferences -> Advanced -> Security
    Manage Certificates...

    I have a lot of *.facebook.com rejected certificates: around 60 or 70!

    Is it possible that every time a somehow different certificate is issued? (even when being on the same page).

  • Looking in Opera Preferences -> Advanced -> Security
    Manage Certificates...
    I have a lot of *.facebook.com rejected certificates: around 60 or 70!

    Now you know Opera has rejected by user interaction such bad certificates.

    Is it possible that every time a somehow different certificate is issued? (even when being on the same page).

    Yes, your company's security software appliance may cause such problems.

Log in to reply
 

Looks like your connection to Opera forums was lost, please wait while we try to reconnect.