Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
K
K
Konstantin2021-06-10 22:51:48
Information Security
Konstantin, 2021-06-10 22:51:48

Firefox shows some HTTPS sites as untrusted. ISP MITM attack?

Hello.
In the last 1-2 weeks, I began to notice in the Firefox browser that after opening different https sites, a message appears stating that the certificate is not trusted, because. it may be self-signed and the publisher cannot be verified. Something like this. After a while (5-10 minutes), the site via https starts working correctly.

An hour ago I opened the link https://2cyr.com/decode/?lang=ru and found the same thing. I decided to save the certificate and the chain for interest, to compare later.
After 5 minutes, the site started working and also saved the certificate and the chain.
To my surprise, the root publisher "DST Root CA X3" was missing in the chain in the non-working version.

In a non-working version:
5ko.fr -> R3

In a working version:
5ko.fr -> R3 -> DST Root CA X3

Can you please tell me what it might look like?
mitm attack?

The file " 5ko-fr.pem " is the same in both versions:

But " 5ko-fr-chain.pem " is different
Not working "5ko-fr-chain.pem":

-----BEGIN CERTIFICATE-----
MIIGATCCBOmgAwIBAgISA2Anq4tExdvgda+grrP82i49MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTA1MTgwOTQ2MjVaFw0yMTA4MTYwOTQ2MjVaMBExDzANBgNVBAMTBjVrby5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkoiN+9bfyzZcoWJSGxkVxsaKzvN0gs9LwpioY+dmbupW5PE4LBEQ8j6fqIoPQleFzHgZ9aWubjCBoGpSPtLB1E4/P6zRbFLx2i7CGUw1SPm6LdmY5KSQdqfmVj6JUMteUnNnZVR50+m/2Vvk5w7k88CSn+846MU4yOpdmRS07Colrb6Wxo4JdKr/chm8zl+iRyKWM5qRo0dkTeLjHyOWL/JsHFwptuCPa2ItLhayJ3CQQi83V97hJl9HpHqKCiBEt2lacLwGWN+okK443MjUBJJIUaJ19QzdY72xmQIwKK2Fb4QD2q38oAkKXdEg+is2GfvxxREtigLFAz7j4sfy0CAwEAAaOCAzAwggMsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU0Lc9UVS9MCeyh9s4RJKlYVeatwEwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wgf4GA1UdEQSB9jCB84IIMmN5ci5jb22CBjVrby5mcoIJYWNjZW50LmJnghViYWNrdXAuZHItdG9vbGJveC5jb22CCWJyLjVrby5mcoITZ2FsbGVyaWVzLmFjY2VudC5iZ4IIbS41a28uZnKCDG5vdGFtbWVudC5mcoIQb2ZmaWNlLmFjY2VudC5iZ4IJdGwuNWtvLmZygg13d3cuYWNjZW50LmJnghl3d3cuYmFja3VwLmRyLXRvb2xib3guY29tgg93d3cuY2FudGVub3QuZnKCFHd3dy5vZmZpY2UuYWNjZW50LmJngg13d3cudGwuNWtvLmZyggh6LjVrby5mcjBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AJQgvB6O1Y1siHMfgosiLA3R2k1ebE+UPWHbTi9YTaLCAAABeX8VfccAAAQDAEcwRQIhALf6dN78Fngqyrpd2mx8T2se2JkBAeiG2qQjnGq7E28yAiA4yaeBCnJQS2AfliIUGLbtpArzUA+aZOjnKqgp2HPfSAB3AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABeX8VfgEAAAQDAEgwRgIhAN4ytkFqUqNQ5yCNoKx9uCrH02u7X5iOLRZ4+CUlkD5aAiEAtpiTxgOu7eygh+vxqieLp5Zg9DpbvD/dh52nxELyYoQwDQYJKoZIhvcNAQELBQADggEBAK17TTuQQ+0aR4zBhLgiN9no1dokFnVkVFmQtBoz4l94caMNh/28GVIrfJ+46Squkda+HhHKowaym7gMWGjB/luT7HyrYjVEt/XrbYPdsfTtIcglGm1oS4cct1H5eBOCrh/HlH/qJ3lOQ9kNRZCqUcKpGGqkoWC8eQpjnBWa9DQkowY3jzYLWm02Rnv1ckZFPK5K6sRNTDGmeCEcKIfLTcy6N1eXZ5yJc0hqbiXJMpo5cc3pHRtFT5wAWH0R/nd/GkNLsEHM3Dl6yE0KCD8JwlxDZNAkJ924fFR7WOC6FCalJYUj7fjiHmnMhb8RlPRmR6agyBT/tROEt/X5aObUPI8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
-----END CERTIFICATE-----


Working "5ko-fr-chain.pem":
-----BEGIN CERTIFICATE-----
MIIGATCCBOmgAwIBAgISA2Anq4tExdvgda+grrP82i49MA0GCSqGSIb3DQEBCwUAMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJSMzAeFw0yMTA1MTgwOTQ2MjVaFw0yMTA4MTYwOTQ2MjVaMBExDzANBgNVBAMTBjVrby5mcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANkoiN+9bfyzZcoWJSGxkVxsaKzvN0gs9LwpioY+dmbupW5PE4LBEQ8j6fqIoPQleFzHgZ9aWubjCBoGpSPtLB1E4/P6zRbFLx2i7CGUw1SPm6LdmY5KSQdqfmVj6JUMteUnNnZVR50+m/2Vvk5w7k88CSn+846MU4yOpdmRS07Colrb6Wxo4JdKr/chm8zl+iRyKWM5qRo0dkTeLjHyOWL/JsHFwptuCPa2ItLhayJ3CQQi83V97hJl9HpHqKCiBEt2lacLwGWN+okK443MjUBJJIUaJ19QzdY72xmQIwKK2Fb4QD2q38oAkKXdEg+is2GfvxxREtigLFAz7j4sfy0CAwEAAaOCAzAwggMsMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQU0Lc9UVS9MCeyh9s4RJKlYVeatwEwHwYDVR0jBBgwFoAUFC6zF7dYVsuuUAlA5h+vnYsUwsYwVQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vcjMuby5sZW5jci5vcmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9yMy5pLmxlbmNyLm9yZy8wgf4GA1UdEQSB9jCB84IIMmN5ci5jb22CBjVrby5mcoIJYWNjZW50LmJnghViYWNrdXAuZHItdG9vbGJveC5jb22CCWJyLjVrby5mcoITZ2FsbGVyaWVzLmFjY2VudC5iZ4IIbS41a28uZnKCDG5vdGFtbWVudC5mcoIQb2ZmaWNlLmFjY2VudC5iZ4IJdGwuNWtvLmZygg13d3cuYWNjZW50LmJnghl3d3cuYmFja3VwLmRyLXRvb2xib3guY29tgg93d3cuY2FudGVub3QuZnKCFHd3dy5vZmZpY2UuYWNjZW50LmJngg13d3cudGwuNWtvLmZyggh6LjVrby5mcjBMBgNVHSAERTBDMAgGBmeBDAECATA3BgsrBgEEAYLfEwEBATAoMCYGCCsGAQUFBwIBFhpodHRwOi8vY3BzLmxldHNlbmNyeXB0Lm9yZzCCAQUGCisGAQQB1nkCBAIEgfYEgfMA8QB2AJQgvB6O1Y1siHMfgosiLA3R2k1ebE+UPWHbTi9YTaLCAAABeX8VfccAAAQDAEcwRQIhALf6dN78Fngqyrpd2mx8T2se2JkBAeiG2qQjnGq7E28yAiA4yaeBCnJQS2AfliIUGLbtpArzUA+aZOjnKqgp2HPfSAB3AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABeX8VfgEAAAQDAEgwRgIhAN4ytkFqUqNQ5yCNoKx9uCrH02u7X5iOLRZ4+CUlkD5aAiEAtpiTxgOu7eygh+vxqieLp5Zg9DpbvD/dh52nxELyYoQwDQYJKoZIhvcNAQELBQADggEBAK17TTuQQ+0aR4zBhLgiN9no1dokFnVkVFmQtBoz4l94caMNh/28GVIrfJ+46Squkda+HhHKowaym7gMWGjB/luT7HyrYjVEt/XrbYPdsfTtIcglGm1oS4cct1H5eBOCrh/HlH/qJ3lOQ9kNRZCqUcKpGGqkoWC8eQpjnBWa9DQkowY3jzYLWm02Rnv1ckZFPK5K6sRNTDGmeCEcKIfLTcy6N1eXZ5yJc0hqbiXJMpo5cc3pHRtFT5wAWH0R/nd/GkNLsEHM3Dl6yE0KCD8JwlxDZNAkJ924fFR7WOC6FCalJYUj7fjiHmnMhb8RlPRmR6agyBT/tROEt/X5aObUPI8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFowMjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMTAlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLsjVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKpTm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnBU840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel/xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1RoYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kHejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfLqjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9pO5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2TwUdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
-----END CERTIFICATE-----

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
K
Konstantin, 2021-06-11
@webmaster

Solution: Problem with OCSP request.
host ocsp server: r3.o.lencr.org
The problem is reproduced in the following two cases:
1) If you block the dns request with the permission of the host r3.o.lencr.org (in this case, the connection to the local ip dns server 192.168.1.1 on port 53 )
2) If you block the connection to the host r3.o.lencr.org on port 80

Report
G
galaxy, 2021-06-10
@galaxy

Because of the cross-signature, most likely - https://letsencrypt.org/certificates/
UPD: however, I'm probably wrong, it has nothing to do with it

Report
M
Mrkliner, 2021-06-10
@Mrkliner

If you don’t want to bother and you have two browsers, then open it not in firefox, but in another. This is the easiest. Or remove the "Only HTTPS" setting in firefox, and that's it

Report
V
Vladimir Dubrovin, 2021-06-11
@z3apa3a

Most likely, you do not trust the ISRG Root X1 / ISRG Root X2 certificates, update the system list of root certificates, or manually set the Let's encrypt root certificates to trusted root certificates.
DST Root CA X3 is expiring in September, so it is no longer used for new certificates.

Similar questions
Y
Yan Aleksandrov2019-06-01 14:31:40
How to securely implement auction confirmation? 0Reply
S
Salavat Sitdikov2015-01-15 10:29:58
Bug bounty in Neteller? 1Reply
4
4mobile2019-06-06 16:36:40
In wordpress, a left folder with files appears in the root folder. Where to look for a hole? 1Reply
F
foma4932017-01-14 16:41:44
Why doesn't Tor Browser change the last node on exit? 0Reply
S
Stanislav2019-06-08 16:59:03
Simple, understandable, interesting sources of information? 5Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question