angular.io icon indicating copy to clipboard operation
angular.io copied to clipboard

Published 20 hours ago verified publisher icon angular

Angular.io Website SSL Certificate Problem

Open nickhod opened this issue 8 years ago • 101 comments

The angular.io website does not work with ESET NOD32, I believe there is a certificate problem. The certificate has many spam sites in the SAN field.

In NOD32 I have to "Disable HTTPS checking" to view the site or it is blocked.

This happens on no other sites that I visit regularly.

nickhod avatar Jul 13 '16 08:07 nickhod

I have the same issue, it's related to the certificate for firebase (which is the same for angular.io), you probably have the same issue with https://www.firebase.com/ But I think the problems is with Eset, not really Google It's good to know that I'm not the only one though!

ocombe avatar Jul 13 '16 08:07 ocombe

I think it's related to the number of 'questionable quality' sites listed on certificate.

https://www.sslshopper.com/ssl-checker.html#hostname=angular.io

Angular should get their own certificate to sidestep the problem. Wasted an hour trying to figure out why the site wouldn't load. It used to work fine.

nickhod avatar Jul 13 '16 08:07 nickhod

Yes, that's a good idea, and for firebase as well, it should be an official and exclusive google certificate

ocombe avatar Jul 13 '16 08:07 ocombe

Same issue here. ESET NOD32 was the culprit.

akarel avatar Jul 14 '16 15:07 akarel

Turn off SSL filtering solved it http://support.eset.com/kb3126/?locale=en_US

asaf050 avatar Jul 19 '16 05:07 asaf050

I also had the same issue. Angular.io seems is so far the only site I've encountered this. I can access it on my mobile on the same network without any problems. When I disable the HTTPS checking in ESET NOD32 I can access the site without a problem.

jhjdev avatar Jul 22 '16 13:07 jhjdev

It's also possible to load the website under ESET NOD32 by disabling HTTPS scanning (guessing it's almost the same thing?) udklip

jhjdev avatar Jul 22 '16 13:07 jhjdev

For those who would rather only allow access for the certificate used by angular.io, you can Note: this refers to NOD32 ANTIVIRUS 9 Click "Setup" Click "Internet Protection" Click the gear to the right of "Web access protection" Click "WEB AND EMAIL" Expand "SSL/TLS" Click the "Edit" link next to "List of known certificates" Click "Add" Click "URL" Enter https://angular.io Choose "Auto" for "Access action" Choose "Ignore" for "Scan action" Click "OK" 3 times to close 3 dialog boxes (one click each) Try again to browse to https://angular.io A dialog will come up about encrypted network traffic. Select "Remember Action for this certificate" and then click "Allow".

kentweigel avatar Jul 22 '16 23:07 kentweigel

It appears this problem can be extended to those using FortiGate firewalls.

https://sites.google.com/site/scriptsexamples/available-web-apps/awesome-tables/documentation/known-issues/ssl-issue

Note sure if there is a work around for this at this time.

ShaneCourtrille avatar Sep 07 '16 16:09 ShaneCourtrille

Indeed, I am behind a FortiGate Firewall and can't access any page under https://angular.io

Anyone knows if the tutorials are available elsewhere?

acoronel avatar Sep 12 '16 18:09 acoronel

You can build the repo locally: https://github.com/angular/angular.io

ocombe avatar Sep 12 '16 18:09 ocombe

I'm actually trying that @ocombe but when I do my gulp server-and-sync the Chrome tab that is trying to load it just spins for forever.

I've realized that's because I don't have things setup properly but the next hurdle is the Python requirement. Quite a pain just to read some documentation.

ShaneCourtrille avatar Sep 12 '16 20:09 ShaneCourtrille

Today I can't access angular.io using Chrome. I get this message: This site can’t provide a secure connection angular.io didn’t accept your login certificate, or your login certificate may have expired. Try contacting the system admin. ERR_BAD_SSL_CLIENT_AUTH_CERT

marcusreese avatar Sep 20 '16 15:09 marcusreese

@marcusreese that's unusual. Is it still occurring, or was it temporary?

jeffbcross avatar Sep 20 '16 20:09 jeffbcross

it's still occurring to all of us who use those firewalls / antivirus softwares

ocombe avatar Sep 20 '16 20:09 ocombe

I had our security people do some config changes to allow access but the firebase CDN IP changed yesterday so that broke that. It's looking like we either need to spend time/effort replicating the documentation locally or find another framework to use. I'm wondering how many other Enterprises (who would be the more likely consumers of Fortigate firewalls) are going to have the same choice because of one silly SSL certificate.

ShaneCourtrille avatar Sep 21 '16 14:09 ShaneCourtrille

@jeffbcross I can show you the problem at angular connect next week if you want

ocombe avatar Sep 21 '16 14:09 ocombe

Same problem for me.... and impossible to modify the FortiGate Firewall of the place where is my entreprise..... and we are working with angular.... so it's very very difficult to can get access to documentation :-(.

fletort avatar Oct 05 '16 09:10 fletort

To all of you who struggle to access the documentation, it is also available on devdocs: http://devdocs.io/angular~2.0_typescript/

ocombe avatar Oct 05 '16 09:10 ocombe

I'm also in contact with Firebase to see if they can fix anything on there side as this issue impacts all the sites on that SSL certificate.

ShaneCourtrille avatar Oct 05 '16 13:10 ShaneCourtrille

@ocombe Images aren't working as per http://devdocs.io/angular~2.0_typescript/cookbook/component-communication

Not sure if that's something that can be resolved or where I'd report it but still a nice workaround for now.

ShaneCourtrille avatar Oct 05 '16 14:10 ShaneCourtrille

Same issue here, I as well am behind a FortiGate firewall

BLITZandKILL avatar Oct 05 '16 19:10 BLITZandKILL

Same issue here as well - behind a FortiGate firewall. EDIT: Should add that, like Shane above, the change of CDN IP broke the firewall rule we previously had in place that was working.

drhc avatar Oct 05 '16 20:10 drhc

Same issue. Both Bitdefender and ESET won't allow for a connection to be made. The workaround in https://github.com/angular/angular.io/issues/1875#issuecomment-234679100 can not be applied because the options in the comment are no longer available.

This is critical for us, because we need to access the site.

urbanhusky avatar Oct 07 '16 11:10 urbanhusky

sorry, folks -- I thought we had this fixed just before angular connect. continuing to investigate.

issue reports are very helpful.

naomiblack avatar Oct 07 '16 13:10 naomiblack

A temp work around allowing bitdefender users to access the site is to go to web protection -> settings and uncheck scan ssl. I tried adding angular.io to the whitelist but that didn't work.

jeffswitzer avatar Oct 07 '16 16:10 jeffswitzer

Hey folks -- Firebase Hosting team member here. We're looking into why this might be and what we can do to mitigate. Not sure when we'll be able to find a solution, but we're aware of the issue.

mbleigh avatar Oct 07 '16 18:10 mbleigh

This is very much a Fortinet/FortiGate problem - if their appliance is configured for deep inspection, it will try to substitute a forged self-signed certificate (essentially doing a man-in-the-middle attack). Angular.io is using HSTS, so the connection will fail.

This is a known problem with FortiGate: http://kb.fortinet.com/kb/documentLink.do?externalID=FD37211

Unfortunately, many of us don't have the choice about having our connection spied on, so we are pretty much screwed :(

janoc avatar Oct 10 '16 14:10 janoc

I had same problem using Bitdefender Internet Security 2016.

The solution which worked is: Bitdefender -> Modules -> Web Protection -> turn off Scan SSL.

deltaag avatar Oct 11 '16 02:10 deltaag

I wouldn't call disabling your antivirus a solution

urbanhusky avatar Oct 11 '16 07:10 urbanhusky