0

I have installed Firefox and Chrome on an Ubuntu 18 machine, I'm not a regular 'nix user so I'm a bit lost as to why neither browser is accepting the SSL certificate offered at www.teamviewer.com. The site redirects me to an SSL site, of which I'm not terribly sure at any rate is honest, but I have to install their remoting host application to verify something. I found this old thread how to download the ssl certificate from a website? which no longer works for me, the line echo -n | openssl s_client -connect www.google.com | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' times out, or in the teamviewer site case the site refuses connection. That post seems like a wrong route?

This is probably a stupid question, but I have to start somewhere, I really know very little about how to frame the question, would appreciate alternate ways to access the/any website safely.

/edit echo -n | openssl s_client -connect www.google.com | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' output is:

140014374306240:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
140014374306240:error:0200206F:system library:connect:Connection refused:../crypto/bio/b_sock2.c:110:
140014374306240:error:2008A067:BIO routines:BIO_connect:connect error:../crypto/bio/b_sock2.c:111:
connect:errno=111

Now since my usual computer is on a VPN, I was not eliminating the one big possibility and that is that my ISP is blocking the site, because if I type www.teamviewer.com, my ISP displays a warning redirect, which was not happening when I followed a link directly. So the issue is that my ISP does not trust the site, something I can actually tweak myself. And both web browsers were showing a correct although cryptic error message which I was missinterpreting:


An error occurred during a connection to www.teamviewer.com. PR_END_OF_FILE_ERROR

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the web site owners to inform them of this problem.
Conrad B
  • 103
  • 1
  • 3
  • What is the issue? When you use Firefox or Chrome to access `https://www.teamviewer.com`, they complaint the connection is not secure and the site certificate is invalid? You should run openssl but the command should be `openssl s_client -connect www.teamviewer.com:443`. Edit your question to include the output of openssl if you do want others to help. – Lex Li Aug 18 '20 at 19:10
  • Turns out, my ISP is actually blocking that particular site, my usual computer is on a VPN, so it was not getting blocked, hence I thought it was an issue with Ubuntu being out of date or a error I had caused. I had not enough experience to guess that the port number 443 from the original post I followed, but now it's obvious it should be 443 as that's a default value. Thanks. – Conrad B Aug 18 '20 at 19:53
  • You should post that as an answer and accept it. It might help others as their ISPs might also block such sites. – Lex Li Aug 18 '20 at 21:37
  • @lexi-li I would love to say I solved it by editing my DNS address to bypass my ISP, but unfortunately the command```sudo visudo -f /etc/network/interfaces``` lets me add a line ```dns-addresses 8.8.4.4,8.8.8.8``` , but then the file fails to compile on Ubuntu 18. So not solved, I can work around using a flashdrive, but cannot work out how to reconfigure Ubuntu – Conrad B Aug 19 '20 at 08:20
  • I run ```sudo systemd-resolve --flush-caches``` after changing the addresses via the Graphical interface and rebooted, but that still did not resolve. At least I now see the ISP (TalkTalk) blocker warning page, I was getting a perplexing Firefox sertificate security page before the DNS change which is not having the effect I thought it would. – Conrad B Aug 19 '20 at 08:45

1 Answers1

0

Turns out that my ISP (TalkTalk) have a filtering system deployed called homesafe. It's a bit confusing how to turn off, but it lets you get access to loads of dodgy websites, when in fact you just want to trust one site that they think is dodgy.

The DNS workaround does not work, but it does resolve the issue I was seeing, that the browser simply baulks, instead of showing you the "this site is blocked" redirected page that the ISP tries to return to you. I had to login to my ISP and turn off filtering. This will impact anyone wanting to use Anydesk, as well as Teamviewer.

Conrad B
  • 103
  • 1
  • 3