My Malware protection is blocking SBO

Status
Not open for further replies.
Justin_NSA

Justin_NSA

.
Jul 7, 2004
8,402
Hunter 30T Cheney, KS
Started tonight. Anyone else seeing something like this?

Suspicious page blocked for your protection

Sailboat Owners Forums

World's leading forum for owners of popular production sailboats.
forums.sailboatowners.com
Your connection to this web page is not safe due to an expired security certificate.
Web pages must renew their certificates to stay current, and outdated security certificates represent a risk for your data.
 
Davidasailor26

Davidasailor26

.
May 17, 2004
5,080
Beneteau Oceanis 37 Havre de Grace
Yes, it looks like the certificate used to encrypt web traffic has expired. They do that every year or so and sometimes renewals get hung up. I’m sure @Dave will be on it soon.

In the meantime there’s not really any risk if you want to keep browsing, it’s just a nuisance to deal with the warnings. It’s still encrypting traffic; browsers just complain if the certs go past their expiration date.
 
Brian D

Brian D

.
Feb 17, 2006
5,274
Lancer 27PS MCB Camp Pendleton KF6BL
As did I. Bypassed the warning and accepted the risks. It is OK to do that.
 
Leeward Rail

Leeward Rail

.
Mar 20, 2015
3,095
C&C 30 Mk1 Winnipeg
Any decent web browser today would block access due to the Certificate having expired or being issued by an unknown certificate authority.

In this case it shows the certificate being issued by an unknown certificate authority

Country: Czech Republic
State: Brno
Organization: AVG
Organizational unit: software development
Common name: AVG untrusted CA

This error happens when the certificate is self-signed or otherwise issued by a non official signing authority.

Being a website that is world facing, they should really pay for a certificate that is official.

I just accepted the cert.
 
Last edited:
D

Dave

Forum Admin, Gen II
Staff member
Feb 1, 2023
66
The certificates do have an expiration time and date. It appears that the SBO certificate did expire, however, the site remains secure. Sometimes there is a slight time lag between the expiration and renewal and it takes time for the renewal to propagate through out the internet.

After logging on and getting the warning, I logged out and logged in again, the warning did not reappear. I will investigate further to make certain we are on auto-renew.
 
  • Like
Likes: Crazy Dave Condon
Davidasailor26

Davidasailor26

.
May 17, 2004
5,080
Beneteau Oceanis 37 Havre de Grace
Leeward Rail said:
Any decent web browser today would block access due to the Certificate having expired or being issued by an unknown certificate authority.

In this case it shows the certificate being issued by an unknown certificate authority

Country: Czech Republic
State: Brno
Organization: AVG
Organizational unit: software development
Common name: AVG untrusted CA

This error happens when the certificate is self-signed or otherwise issued by a non official signing authority.

Being a website that is world facing, they should really pay for a certificate that is official.

I just accepted the cert.
Click to expand
What you're seeing isn't the SBO cert at all. Sounds like you have AVG antivirus on your computer or somewhere on your network. Some antiviruses inspect encrypted traffic to check it for viruses, then re-encrypt it with their own certificate.
 
Tally Ho

Tally Ho

.
Jan 7, 2011
4,789
Oday 322 East Chicago, IN
Davidasailor26 said:
What you're seeing isn't the SBO cert at all. Sounds like you have AVG antivirus on your computer or somewhere on your network. Some antiviruses inspect encrypted traffic to check it for viruses, then re-encrypt it with their own certificate.
Click to expand
An awful lot of people reporting issues on the same day to believe is not something on the SBO site.

But it is working on my iPad now without getting the error page.


Greg
 
Leeward Rail

Leeward Rail

.
Mar 20, 2015
3,095
C&C 30 Mk1 Winnipeg
Davidasailor26 said:
Sounds like you have AVG antivirus on your computer or somewhere on your network. Some antiviruses inspect encrypted traffic to check it for viruses, then re-encrypt it with their own certificate.
Click to expand
Which is strange...
I don't have an antivirus on my phone that I use to access the site, or on my internal network. Occasionally I use my Linux laptop and it also lacks antivirus.

If it was a locally generated certificate, I would assume all websites would get blocked with an error, not just SBO ?

I wonder if my ISP has something going on... Hmm.

Update:. Still showing an AVG cert, but this time is it being considered trusted.

Looks like my ISP is doing something with encryption on their end, like what you say a locally running antivirus does.
 
Last edited:
Davidasailor26

Davidasailor26

.
May 17, 2004
5,080
Beneteau Oceanis 37 Havre de Grace
Leeward Rail said:
Which is strange...
I don't have an antivirus on my phone that I use to access the site, or on my internal network. Occasionally I use my Linux laptop and it also lacks antivirus.

If it was a locally generated certificate, I would assume all websites would get blocked with an error, not just SBO ?

I wonder if my ISP has something going on... Hmm.

Update:. Still showing an AVG cert, but this time is it being considered trusted.

Looks like my ISP is doing something with encryption on their end, like what you say a locally running antivirus does.
Click to expand
Interesting. Here’s my guess - whatever is doing the traffic inspection re-encrypts all traffic with an AVG cert. It would be possible for that device/software to tell whether the original traffic with SBO is using a good certificate. If it is then it re-encrypts with a certificate that your browser trusts. If there’s a problem with the encryption to the site (like what happened when the SBO cert expired) then the device/software re-encrypts with a deliberately untrusted certificate. That way the user gets an error telling them something is wrong with the site’s encryption, though the exact reason/error message won’t be precisely right.

Anytime you get certificate errors you can tell what’s really going on by checking that site’s address at SSL Server Test (Powered by Qualys SSL Labs). That’s a handy tool that will tell you the exact certificate being used by the site, without any re-encrypting middle-men. When SBO’s certificate expired SSLLabs showed it having a Sectigo certificate that expired on 10 March. Now it shows a new Sectigo certificate good for another 11 months.
 
  • Like
  • Helpful
Likes: Leeward Rail and jssailem
D

Dave

Forum Admin, Gen II
Staff member
Feb 1, 2023
66
After a series of late (for me) night emails and texts the issue was resolved. The security certificate was not set to auto-renew and we were told the certificate was set to expire next week. For some reason the certificate expired last night. Once we discovered this, the certificate was renewed. As @Davidasailor26 noted, the certificate is good until February 7, 2024. To the best of our knowledge the site was safe for the few hours the certificate was invalid, there were no data breaches or monkey business with the site. We apologize for the inconvenience caused by the expired certificate.

We are looking into other options for the certificate to avoid future interruptions in service.

I'll leave this thread open for a while to allow for additional comments and will close it later today as it has served its purpose.

Thank you for your patience.
 
  • Helpful
Likes: Justin_NSA, Leeward Rail and Davidasailor26
Davidasailor26

Davidasailor26

.
May 17, 2004
5,080
Beneteau Oceanis 37 Havre de Grace
Dave said:
After a series of late (for me) night emails and texts the issue was resolved.
Click to expand
Darn certificates and their 00:00 UTC expiration. Be glad you don’t live in Europe.:snooze:


Dave said:
To the best of our knowledge the site was safe for the few hours the certificate was invalid, there were no data breaches or monkey business with the site.
Click to expand
I’d just add that expired certificates generally don’t open up sites to any monkey business. They prevent users’ browsers from fully trusting the connection, but everything is still encrypted, and all of the backend data protections are unaffected.
 
  • Like
Likes: Leeward Rail
Brian D

Brian D

.
Feb 17, 2006
5,274
Lancer 27PS MCB Camp Pendleton KF6BL
Davidasailor26 said:
What you're seeing isn't the SBO cert at all. Sounds like you have AVG antivirus on your computer or somewhere on your network. Some antiviruses inspect encrypted traffic to check it for viruses, then re-encrypt it with their own certificate.
Click to expand
I have to take exception to this. Nothing between the sender and receiver should have the capability to "decrypt then encrypt" data. That violates privacy rules. Now if one is in a country that monitors you data then there is nothing one can do about this. However, if this is being done in THIS COUNTRY, then we have to do something about it. Encryption keys are encrypted between sender and receiver, and (hopefully) no one else.

The certificate certifies that the site in question is safe. Has nothing to do with encryption.

JMHO
 
  • Like
Likes: jssailem
Status
Not open for further replies.

Top Bottom