Hi, Jeremy noted: #Testing in a browser (Firefox) for https://juniper.net/ results in this: # #juniper.net uses an invalid security certificate. #The certificate is not trusted because no issuer chain was provided. #(Error code: sec_error_unknown_issuer) There are issues with more than just the cert. A more extensive analysis can be seen at: https://www.ssllabs.com/ssltest/analyze.html?d=juniper.net [FWIW, the SSL Labs tester is a tool I've previously recommended to folks in the higher ed community, e.g., as part of "SSL/TLS Certificiates: Giving Your Use of Server Certificates a Hard Look," http://pages.uoregon.edu/joe/hardlook/hard-look.pdf and most recently in "Networking in These Crazy Days: Stay Calm, Get Secure, Get Involved," http://pages.uoregon.edu/joe/merit-networking/merit-networking.pdf at slide 104. If you haven't checked your own site and critical sites you rely on, it can be eye opening to do so.] Regards, Joe
I wasn't aware of this site/tool; this could have saved me a lot of pain some years ago. Huge thumbs up -- thanks for the tip, Joe! -- | Jeremy Chadwick jdc@koitsu.org | | UNIX Systems Administrator http://jdc.koitsu.org/ | | Making life hard for others since 1977. PGP 4BD6C0CB | On Sat, Jan 04, 2014 at 12:31:27PM -0800, Joe St Sauver wrote:
Hi,
Jeremy noted:
#Testing in a browser (Firefox) for https://juniper.net/ results in this: # #juniper.net uses an invalid security certificate. #The certificate is not trusted because no issuer chain was provided. #(Error code: sec_error_unknown_issuer)
There are issues with more than just the cert. A more extensive analysis can be seen at:
https://www.ssllabs.com/ssltest/analyze.html?d=juniper.net
[FWIW, the SSL Labs tester is a tool I've previously recommended to folks in the higher ed community, e.g., as part of "SSL/TLS Certificiates: Giving Your Use of Server Certificates a Hard Look," http://pages.uoregon.edu/joe/hardlook/hard-look.pdf and most recently in "Networking in These Crazy Days: Stay Calm, Get Secure, Get Involved," http://pages.uoregon.edu/joe/merit-networking/merit-networking.pdf at slide 104. If you haven't checked your own site and critical sites you rely on, it can be eye opening to do so.]
Regards,
Joe
Right they made this mistake with that particular URL only. I emailed a contact there. I'm sure it will be fixed shortly. All other url variants redirect to the https://www pattern which has a proper CA On Saturday, January 4, 2014, Joe St Sauver wrote:
Hi,
Jeremy noted:
#Testing in a browser (Firefox) for https://juniper.net/ results in this: # #juniper.net uses an invalid security certificate. #The certificate is not trusted because no issuer chain was provided. #(Error code: sec_error_unknown_issuer)
There are issues with more than just the cert. A more extensive analysis can be seen at:
https://www.ssllabs.com/ssltest/analyze.html?d=juniper.net
[FWIW, the SSL Labs tester is a tool I've previously recommended to folks in the higher ed community, e.g., as part of "SSL/TLS Certificiates: Giving Your Use of Server Certificates a Hard Look," http://pages.uoregon.edu/joe/hardlook/hard-look.pdf and most recently in "Networking in These Crazy Days: Stay Calm, Get Secure, Get Involved," http://pages.uoregon.edu/joe/merit-networking/merit-networking.pdf at slide 104. If you haven't checked your own site and critical sites you rely on, it can be eye opening to do so.]
Regards,
Joe _______________________________________________ Outages mailing list Outages@outages.org <javascript:;> https://puck.nether.net/mailman/listinfo/outages
-- Sent from Mobile
I think this is a separate issue from the 404 error though. I can't load ANY of the variants, SSL or not, using a mobile device connected to the same network where I can successfully load the site using a desktop system. On Sat, Jan 04, 2014 at 03:26:03PM -0800, Conrad Heiney wrote:
Right they made this mistake with that particular URL only. I emailed a contact there. I'm sure it will be fixed shortly. All other url variants redirect to the https://www pattern which has a proper CA
On Saturday, January 4, 2014, Joe St Sauver wrote:
Hi,
Jeremy noted:
#Testing in a browser (Firefox) for https://juniper.net/ results in this: # #juniper.net uses an invalid security certificate. #The certificate is not trusted because no issuer chain was provided. #(Error code: sec_error_unknown_issuer)
There are issues with more than just the cert. A more extensive analysis can be seen at:
https://www.ssllabs.com/ssltest/analyze.html?d=juniper.net
[FWIW, the SSL Labs tester is a tool I've previously recommended to folks in the higher ed community, e.g., as part of "SSL/TLS Certificiates: Giving Your Use of Server Certificates a Hard Look," http://pages.uoregon.edu/joe/hardlook/hard-look.pdf and most recently in "Networking in These Crazy Days: Stay Calm, Get Secure, Get Involved," http://pages.uoregon.edu/joe/merit-networking/merit-networking.pdf at slide 104. If you haven't checked your own site and critical sites you rely on, it can be eye opening to do so.]
Regards,
Joe
Hah yeah you're quite right Chuck. Works fine on my laptop but then when I switch to my phone (on the same wifi network) I get the 404. Must be attempting to redirect to a non-existent mobile version of http://juniper.net? Brad On 5 January 2014 12:37, Chuck Anderson <cra@wpi.edu> wrote:
I think this is a separate issue from the 404 error though. I can't load ANY of the variants, SSL or not, using a mobile device connected to the same network where I can successfully load the site using a desktop system.
On Sat, Jan 04, 2014 at 03:26:03PM -0800, Conrad Heiney wrote:
Right they made this mistake with that particular URL only. I emailed a contact there. I'm sure it will be fixed shortly. All other url variants redirect to the https://www pattern which has a proper CA
On Saturday, January 4, 2014, Joe St Sauver wrote:
Hi,
Jeremy noted:
#Testing in a browser (Firefox) for https://juniper.net/ results in this: # #juniper.net uses an invalid security certificate. #The certificate is not trusted because no issuer chain was provided. #(Error code: sec_error_unknown_issuer)
There are issues with more than just the cert. A more extensive analysis can be seen at:
https://www.ssllabs.com/ssltest/analyze.html?d=juniper.net
[FWIW, the SSL Labs tester is a tool I've previously recommended to folks in the higher ed community, e.g., as part of "SSL/TLS Certificiates: Giving Your Use of Server Certificates a Hard Look," http://pages.uoregon.edu/joe/hardlook/hard-look.pdf and most recently in "Networking in These Crazy Days: Stay Calm, Get Secure, Get Involved," http://pages.uoregon.edu/joe/merit-networking/merit-networking.pdf at slide 104. If you haven't checked your own site and critical sites you rely on, it can be eye opening to do so.]
Regards,
Joe
Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
It is working from my iPhone on AT&T uverse in Alabama. Redirects to mobile site. On Jan 4, 2014, at 17:45, Brad Cowie <brad@gizmoguy.net.nz> wrote:
Hah yeah you're quite right Chuck.
Works fine on my laptop but then when I switch to my phone (on the same wifi network) I get the 404.
Must be attempting to redirect to a non-existent mobile version of http://juniper.net?
Brad
On 5 January 2014 12:37, Chuck Anderson <cra@wpi.edu> wrote:
I think this is a separate issue from the 404 error though. I can't load ANY of the variants, SSL or not, using a mobile device connected to the same network where I can successfully load the site using a desktop system.
On Sat, Jan 04, 2014 at 03:26:03PM -0800, Conrad Heiney wrote:
Right they made this mistake with that particular URL only. I emailed a contact there. I'm sure it will be fixed shortly. All other url variants redirect to the https://www pattern which has a proper CA
On Saturday, January 4, 2014, Joe St Sauver wrote:
Hi,
Jeremy noted:
#Testing in a browser (Firefox) for https://juniper.net/ results in this: # #juniper.net uses an invalid security certificate. #The certificate is not trusted because no issuer chain was provided. #(Error code: sec_error_unknown_issuer)
There are issues with more than just the cert. A more extensive analysis can be seen at:
https://www.ssllabs.com/ssltest/analyze.html?d=juniper.net
[FWIW, the SSL Labs tester is a tool I've previously recommended to folks in the higher ed community, e.g., as part of "SSL/TLS Certificiates: Giving Your Use of Server Certificates a Hard Look," http://pages.uoregon.edu/joe/hardlook/hard-look.pdf and most recently in "Networking in These Crazy Days: Stay Calm, Get Secure, Get Involved," http://pages.uoregon.edu/joe/merit-networking/merit-networking.pdf at slide 104. If you haven't checked your own site and critical sites you rely on, it can be eye opening to do so.]
Regards,
Joe
Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
_______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Juniper shared with me a few minutes ago that "one of the web servers filesystem went into a read-only, so we have removed that server from the cluster." That resolved the HTTPv6 around 9:45 pm Central and http://www.juniper.net now loads without issue on smartphones. The cert issue from smartphones when visiting https://juniper.net remains. That issue has probably been there for a long time. Frank From: Frank Bulk [mailto:frnkblk@iname.com] Sent: Saturday, January 04, 2014 9:30 PM To: 'Brad Cowie'; outages@outages.org Subject: RE: [outages] juniper.net 404 When testing from my Galaxy S III, I get a certificate error loading https://juniper.net, and a 404 when going to http://www.juniper.net. Does anyone have a mobile phone on IPv6, to see if they can see if they have a 404 with the v4 and v6 version of http://www.juniper.net? Frank From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Brad Cowie Sent: Saturday, January 04, 2014 5:45 PM To: outages@outages.org <mailto:outages@outages.org> Subject: Re: [outages] juniper.net 404 Hah yeah you're quite right Chuck. Works fine on my laptop but then when I switch to my phone (on the same wifi network) I get the 404. Must be attempting to redirect to a non-existent mobile version of http://juniper.net? Brad On 5 January 2014 12:37, Chuck Anderson <cra@wpi.edu <mailto:cra@wpi.edu> > wrote: I think this is a separate issue from the 404 error though. I can't load ANY of the variants, SSL or not, using a mobile device connected to the same network where I can successfully load the site using a desktop system. On Sat, Jan 04, 2014 at 03:26:03PM -0800, Conrad Heiney wrote:
Right they made this mistake with that particular URL only. I emailed a contact there. I'm sure it will be fixed shortly. All other url variants redirect to the https://www pattern which has a proper CA
On Saturday, January 4, 2014, Joe St Sauver wrote:
Hi,
Jeremy noted:
#Testing in a browser (Firefox) for https://juniper.net/ results in this: # #juniper.net <http://juniper.net> uses an invalid security certificate. #The certificate is not trusted because no issuer chain was provided. #(Error code: sec_error_unknown_issuer)
There are issues with more than just the cert. A more extensive analysis can be seen at:
https://www.ssllabs.com/ssltest/analyze.html?d=juniper.net
[FWIW, the SSL Labs tester is a tool I've previously recommended to folks in the higher ed community, e.g., as part of "SSL/TLS Certificiates: Giving Your Use of Server Certificates a Hard Look," http://pages.uoregon.edu/joe/hardlook/hard-look.pdf and most recently in "Networking in These Crazy Days: Stay Calm, Get Secure, Get Involved," http://pages.uoregon.edu/joe/merit-networking/merit-networking.pdf at slide 104. If you haven't checked your own site and critical sites you rely on, it can be eye opening to do so.]
Regards,
Joe
Outages mailing list Outages@outages.org <mailto:Outages@outages.org> https://puck.nether.net/mailman/listinfo/outages
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Interestingly, surfing to https://juniper.net/ just presented me with: "This Connection is Untrusted" "You have asked Firefox to connect securely to juniper.net, but we can't confirm that your connection is secure." "juniper.net uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)" They seem to have a mess on their hands. - - ferg (Greater Seattle area) On 1/5/2014 8:21 PM, Frank Bulk wrote:
Juniper shared with me a few minutes ago that ?one of the web servers filesystem went into a read-only, so we have removed that server from the cluster.? That resolved the HTTPv6 around 9:45 pm Central and http://www.juniper.net now loads without issue on smartphones. The cert issue from smartphones when visiting https://juniper.net remains. That issue has probably been there for a long time.
Frank
- -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLKQXkACgkQKJasdVTchbIxtAD9EreScWATlVAUuXiwenfbzznp R6NH6cJ505MG2fyH808A/R+Nyznz+64NxwEMD/aIT1THKxrfHVV1sahgMbnRYKKQ =/ojc -----END PGP SIGNATURE-----
Yes, Jeremy Chadwick mentioned that yesterday afternoon. =) Juniper followed up with me on that, too, and they're going to replace that self-signed certificate with a proper one. Frank -----Original Message----- From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Paul Ferguson Sent: Sunday, January 05, 2014 11:39 PM To: outages@outages.org Subject: Re: [outages] juniper.net 404 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Interestingly, surfing to https://juniper.net/ just presented me with: "This Connection is Untrusted" "You have asked Firefox to connect securely to juniper.net, but we can't confirm that your connection is secure." "juniper.net uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)" They seem to have a mess on their hands. - - ferg (Greater Seattle area) On 1/5/2014 8:21 PM, Frank Bulk wrote:
Juniper shared with me a few minutes ago that ?one of the web servers filesystem went into a read-only, so we have removed that server from the cluster.? That resolved the HTTPv6 around 9:45 pm Central and http://www.juniper.net now loads without issue on smartphones. The cert issue from smartphones when visiting https://juniper.net remains. That issue has probably been there for a long time.
Frank
- -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLKQXkACgkQKJasdVTchbIxtAD9EreScWATlVAUuXiwenfbzznp R6NH6cJ505MG2fyH808A/R+Nyznz+64NxwEMD/aIT1THKxrfHVV1sahgMbnRYKKQ =/ojc -----END PGP SIGNATURE----- _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
Juniper informed me overnight that they replaced their updated cert for juniper.net, and SSL Labs confirms that: https://www.ssllabs.com/ssltest/analyze.html?d=juniper.net&s=207.17.137.239 Frank -----Original Message----- From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Frank Bulk Sent: Sunday, January 05, 2014 11:45 PM To: fergdawgster@mykolab.com; outages@outages.org Subject: Re: [outages] juniper.net 404 Yes, Jeremy Chadwick mentioned that yesterday afternoon. =) Juniper followed up with me on that, too, and they're going to replace that self-signed certificate with a proper one. Frank -----Original Message----- From: Outages [mailto:outages-bounces@outages.org] On Behalf Of Paul Ferguson Sent: Sunday, January 05, 2014 11:39 PM To: outages@outages.org Subject: Re: [outages] juniper.net 404 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Interestingly, surfing to https://juniper.net/ just presented me with: "This Connection is Untrusted" "You have asked Firefox to connect securely to juniper.net, but we can't confirm that your connection is secure." "juniper.net uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)" They seem to have a mess on their hands. - - ferg (Greater Seattle area) On 1/5/2014 8:21 PM, Frank Bulk wrote:
Juniper shared with me a few minutes ago that ?one of the web servers filesystem went into a read-only, so we have removed that server from the cluster.? That resolved the HTTPv6 around 9:45 pm Central and http://www.juniper.net now loads without issue on smartphones. The cert issue from smartphones when visiting https://juniper.net remains. That issue has probably been there for a long time.
Frank
- -- Paul Ferguson PGP Public Key ID: 0x54DC85B2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlLKQXkACgkQKJasdVTchbIxtAD9EreScWATlVAUuXiwenfbzznp R6NH6cJ505MG2fyH808A/R+Nyznz+64NxwEMD/aIT1THKxrfHVV1sahgMbnRYKKQ =/ojc -----END PGP SIGNATURE----- _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages _______________________________________________ Outages mailing list Outages@outages.org https://puck.nether.net/mailman/listinfo/outages
participants (8)
-
Brad Cowie -
Chuck Anderson -
Conrad Heiney -
Frank Bulk -
Jeremy Chadwick -
Joe St Sauver -
John Barbieri -
Paul Ferguson