Need CP, CPS for Cisco Umbrella certs - Certificate Policies and Certification Practice Statements

Comments

5 comments

  • Avatar
    rotblitz

    This OpenDNS forum is a (home) user to user one, and probably nobody can provide help with Umbrella.  You better raise a support ticket in the Umbrella forum at https://support.umbrella.com/hc/en-us/requests/new

    0
    Comment actions Permalink
  • Avatar
    mrelvey (Edited )

    Thanks for the tip.  I started the post off with FYI.  This issue is one impacting fellow home users of OpenDNS, so I wanted to inform them - that's the purpose of the post.  When we home users of OpenDNS visit web pages, we see these certs, same as commercial Umbrella users, for example, when we visit a URL with a host name that OpenDNS resolves to the IP of hit-adult.opendns.com.  But I'll take your advice and open a ticket - because it'll take several people to resolve the issue. 

    It results in this error:

    Warning: Potential Security Risk Ahead

    Firefox detected a potential security threat and did not continue to www.internetbadguys.com. If you visit this site, attackers could try to steal information like your passwords, emails, or credit card details.

    What can you do about it?

    The issue is most likely with the website, and there is nothing you can do to resolve it.

    If you are on a corporate network or using anti-virus software, you can reach out to the support teams for assistance. You can also notify the website’s administrator about the problem.

    If one clicks on Advanced, this is also shown:

    Someone could be trying to impersonate the site and you should not continue.

    Websites prove their identity via certificates. Firefox does not trust www.internetbadguys.com because its certificate issuer is unknown, the certificate is self-signed, or the server is not sending the correct intermediate certificates.

    Error code: SEC_ERROR_UNKNOWN_ISSUER

    (Of course, on a system where this root cert has been added to the ones that shipped with the browser, there will be no error.)

    For which, again, https://support.opendns.com/hc/en-us/articles/227987007#CERT  is certainly helpful, but doesn't address  these concerns I raise; they remain a problem. 

    0
    Comment actions Permalink
  • Avatar
    rotblitz

    I don’t know why, but I do not face this problem. Is this browser warning just with the FireFox browser?

    0
    Comment actions Permalink
  • Avatar
    mrelvey (Edited )

    Thanks for trying to reproduce!  (I HATE it when a company's support staff refuse to do that, even when asked - and you did it proactively!   Bravo.  And I'm not referring to Cisco; my experience with Cisco support has been excellent.  I'm thinking of, for example, a large online marketplace, and a health insurance benefit manager that appear to intentionally add bugs to their system in order to increase their profits, and when reported, refuse to attempt to reproduce or fix them.)

    I made edits to above answer to clarify: www.internetbadguys.com

    and "(Of course, on a system where this root cert has been added to the ones that shipped with the browser, there will be no error.)"

    and done: https://support.umbrella.com/hc/en-us/requests/710051

    0
    Comment actions Permalink
  • Avatar
    rotblitz (Edited )

    It seems that internetbadguys.com is in the blacklist of FireFox.  You cannot overcome this with any measure except to disable the bad site check in FireFox or to ask the Mozilla corporation to remove this domain from their blacklist.  Especially Cisco/OpenDNS will not be able to help here.  You're out of luck and need to live with it.

    Weird, I just tried with FireFox and internetbadguys.com, and no problem either...

    0
    Comment actions Permalink

Please sign in to leave a comment.