7
2
If I try to fetch this resource (CSS file) with my browser(s):
https://secure.skypeassets.com/apollo/2.0.823/css/components.css
I get this error:
With Firefox:
This Connection is Untrusted
You have asked Firefox to connect securely to secure.skypeassets.com, but we can't confirm that your connection is secure.
Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. What Should I Do?
If you usually connect to this site without problems, this error could mean that someone is trying to impersonate the site, and you shouldn't continue.
However, if I connect my ethernet cable directly to my cable modem, instead of going through my router, I can access this resource without any problem.
So it seems to me that the problem is a router setting, not network settings for the computer itself.
The router is a D-Link DIR-632 Wireless N 8-Port Router. The problem is seen on computers connected via ethernet cable and computers connected via wireless. The router says that the firmware is up-to-date.
EDIT:
I see this problem with all pages at skype.com (no CSS files are getting fetched, and so all pages look pretty ugly). Other HTTPS traffic is fine. It has been happening for as long as I can remember, but I'm not sure if it has always happened with this router.
MORE EDITS:
Selecting "ADVANCED" shows me this:
This server could not prove that it is secure.skypeassets.com; its security certificate is not trusted by your computer's operating system. This may be caused by a misconfiguration or an attacker intercepting your connection.
Proceed to secure.skypeassets.com (unsafe)
I have been asked to provide the certificate. There were lots of options when I went to save it, and I'm not sure I've done it correctly, but it is zipped up here. (I think it was saved when visiting www.skype.com
, which was badly-formatted because it couldn't access the CSS files from secure.skypeassets.com
. But I gather now that I did that wrong ... I should have saved the certificate when I was at the "Your connection is not private" page. Oops. I could go and get the other certificate now if it might help, but I'm not sure now if that was a red herring, in light of the problem being fixed by changing my DNS servers.)
2Your router appears to be munging the certificate chain. Start by upgrading the router's firmware. You'll need to provide more information about the router (make/model/configuration) if you want more specific suggestions from people. Edit it into your question. – Ƭᴇcʜιᴇ007 – 2016-08-03T02:39:23.327
4Don't bother upgrading. Throw it in the bin. There is absolutely no reason for a router to be mucking about with traffic like this. – EEAA – 2016-08-03T02:51:04.127
Can you edit your question to add details on what model router you’re using that you believe would be causing an issue like this? – JakeGould – 2016-08-03T03:03:12.183
1Out of curiosity, please provide screenshots of the certificate (or ideally the certificate itself). – Daniel B – 2016-08-08T16:27:00.757
@DanielB: I don't know what the certificate is, or where I would find it. – Jeff Roe – 2016-08-08T19:01:40.570
1Press F12 (to open DevTools), go to the “Security” tab. After clicking on “View certificate” you can save the certificate on the “Details” tab of the properties dialog that opens. If there are other certificates in the “Certification Path” tab, you should export these, too. You can then ZIP the files and upload them to your favorite file hoster. – Daniel B – 2016-08-08T20:09:24.917
If my answer does not help, it may indeed be useful to see the certificate(s), and to get some more info like: has it always been like this or did it suddenly start? Do you have this with all HTTPS traffic or only with this specific site, or this specific URL? – hertitu – 2016-08-09T20:27:40.390
Thanks for your help, but that certificate stuff seems too difficult. Would it be the same certificate for anyone going to skype.com? – Jeff Roe – 2016-08-10T02:02:43.247
When you get the error in chrome and click Advanced, what extra info does it show? – hertitu – 2016-08-10T05:42:43.460
1@JeffRoe How is it difficult? To get good answers, you really should provide the certificate. An alternate way to get to the "Security" tab is to click on the lock icon in the address bar and then select "Details". – Daniel B – 2016-08-10T20:17:19.293
"Would it be the same certificate for anyone going to skype.com?", that's what we're trying to determine. So, we need that info. – Arjan – 2016-08-10T20:23:38.627
1If you click Proceed to secure.skypeassets.com (unsafe) what do you get? – hertitu – 2016-08-10T21:52:37.723
@hertitu: I just get a blank page. – Jeff Roe – 2016-08-11T01:45:07.920
Nice it was fixed, @Jeff. As an aside, the output from Google's DNS was just a reference, meant as the expected output to compare your own output against. I've removed the Google stuff from your question. – Arjan – 2016-08-12T09:29:51.527
Well seeing how the certificate was probably not the “faulty” one, I’m removing my answer. – Daniel B – 2016-08-12T15:29:22.820