Lvox Security Certificate?

Post your questions & get help from friendly LibriVoxers
Post Reply
WYSIWYG
Posts: 965
Joined: April 19th, 2009, 8:51 am
Location: Mansfield, PA, USA

Post by WYSIWYG » September 23rd, 2015, 8:03 am

Lately I'm getting the below message when I hit my Lvox fone bookmark-- everything ok over there?--:

The site's security certificate is not trusted!

You attempted to reach librivox.org, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Internet cannot rely on for identity information, or an attacker may be trying to intercept your communications.

You should not proceed, especially if you have never seen this warning before for this site.
Vision issues and routine, long travel make audbiobooks a MUST for me-- THANK YOU. Apologies in advance for ypto's in my posts.

chocoholic
LibriVox Admin Team
Posts: 14114
Joined: January 16th, 2007, 9:23 am
Contact:

Post by chocoholic » September 23rd, 2015, 8:15 am

Librivox's security certificate was renewed within the last month. Where are you seeing the message? Are you accessing the site on a mobile device, and if so, what is the platform (Android, Windows, an iThing, etc)? If there's a problem with the new certificate, this will help our sysadmin track it down.
Laurie Anne

RuthieG
Posts: 22007
Joined: April 17th, 2008, 8:41 am
Location: Kent, England
Contact:

Post by RuthieG » September 23rd, 2015, 8:30 am

It is possible that there is some problem with Android devices misunderstanding the Security Certificate. The sysadmin is investigating. As a matter of interest, when did you first notice the problem?

Ruth
My LV catalogue page | RuthieG's CataBlog of recordings | Tweet: @RuthGolding

WYSIWYG
Posts: 965
Joined: April 19th, 2009, 8:51 am
Location: Mansfield, PA, USA

Post by WYSIWYG » September 23rd, 2015, 8:55 am

I have also occasionally gotten it on computer. I am not aware of any recent fone updates on my end that would account for its sudden appearance.

I've had it on and off the last week or so. Of course I always just bypass it and click ahead into the site, but I was concerned other folks might be scared off by it. I'm sure that if your sys administration is checking it, anything that needs to be done at the Lvox end will clear it up.
Vision issues and routine, long travel make audbiobooks a MUST for me-- THANK YOU. Apologies in advance for ypto's in my posts.

ekzemplaro
Posts: 2031
Joined: December 31st, 2011, 7:17 am
Location: Tochigi,Japan
Contact:

Post by ekzemplaro » September 24th, 2015, 2:49 am

Hello,
WYSIWYG wrote:The site's security certificate is not trusted!
I agree this.
Here's my test results.
$ openssl s_client -connect librivox.org:443


Start Time: 1443088055
Timeout : 300 (sec)
Verify return code: 21 (unable to verify the first certificate)
If I do the same to archive.org.
$ openssl s_client -connect archive.org:443


Start Time: 1443088122
Timeout : 300 (sec)
Verify return code: 0 (ok)
I ran the above test on Arch Linux 64 bit.

Cheers,
Masa
[/quote]

RuthieG
Posts: 22007
Joined: April 17th, 2008, 8:41 am
Location: Kent, England
Contact:

Post by RuthieG » September 24th, 2015, 2:53 am

Thank you, Masa san. I will point the sysadmin at your findings.

Ruth
My LV catalogue page | RuthieG's CataBlog of recordings | Tweet: @RuthGolding

WYSIWYG
Posts: 965
Joined: April 19th, 2009, 8:51 am
Location: Mansfield, PA, USA

Post by WYSIWYG » September 24th, 2015, 9:10 am

Again, purely informational, not complaint:

The error msg on my updated Samsung android fone (S 5) had stopped coming up but it's back. Here's the full text in case it's helpful:


The site's security certificate is not trusted!

You attempted to reach librivox.org, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Internet cannot rely on for identity information, or an attacker may be trying to intercept your communications.

You should not proceed, especially if you have never seen this warning before for this site.

Proceed anyway Back to safety

Help me understand

When you connect to a secure website, the server hosting that site presents your browser with something called a "certificate" to verify its identity. This certificate contains identity information, such as the address of the website, which is verified by a third party that your device trusts. By checking that the address in the certificate matches the address of the website, it is possible to verify that you are securely communicating with the website you intended, and not a third party (such as an attacker on your network).

In this case, the certificate has not been verified by a third party that your device trusts. Anyone can create a certificate claiming to be whatever website they choose, which is why it must be verified by a trusted third party. Without that verification, the identity information in the certificate is meaningless. It is therefore not possible to verify that you are communicating with librivox.orginstead of an attacker who generated his own certificate claiming to belibrivox.org. You should not proceed past this point.

If, however, you work in an organization that generates its own certificates, and you are trying to connect to an internal website of that organization using such a certificate, you may be able to solve this problem securely. You can import your organization's root certificate as a "root certificate", and then certificates issued or verified by your organization will be trusted and you will not see this error next time you try to connect to an internal website. Contact your organization's help staff for assistance in adding a new root certificate to your device.
Vision issues and routine, long travel make audbiobooks a MUST for me-- THANK YOU. Apologies in advance for ypto's in my posts.

ScottLawton
Posts: 244
Joined: October 14th, 2011, 1:38 pm

Post by ScottLawton » September 25th, 2015, 9:55 pm

I've also had security warnings when accessing LibriVox from a Linux machine. I didn't write down the date, but I'm pretty sure it happened right after I read on the forum that a new certificate was installed.

Masa san's openssl command seems like a great test; I get the same error 21 from Linux and Mac OS X.

Scott
Cheers,

Scott
Aplt1.com - alternate LibriVox catalog that puts more info up front; optional iOS app

Post Reply