5
0
I'm running Windows 8.1 Pro, almost clean OS with Norton Internet Security v. 21.5.0.19 protected. I've strange issue on Google Chrome v. 37.0.2062.124 m and Opera 24.0 while trying to visit PayPal website. The problem is that SSL certificate common name (CN) doesn't match PayPal.
Google Chrome error page:
Opera error pop-up:
Google Chrome and Opera certificate information:
The most interesting part that Firefox v. 31.0 and Safari 5.1.7 works like a charm:
My system, router and bios date and time are correct. I've tried to use google DNS IPs as well as DNS of my internet provider. I've no extensions. Hosts file is clean. Have no idea why is the problem occurs. Help me please. Thank you! :)
UPD: Still have this issue. :( SSL "Issued to" field has different values time to time (I even had google.com when used 8.8.8.8 DNS) but PayPal doesn't open. Sometimes it let me login and even press couple buttons but after that I back again to SSL error. Same issue when using IE.
- I've no malwares;
- System, bios, router time and date are absolutely correct;
- Host file is clean;
- Cache is clean;
Everything is up to date.
Tried ipconfig /flushdns; - Interesting situation here. PayPal with a 50% chance open after executing this command. But after a short time, like few buttons press or let's say 3 minutes you receive SSL error and can't continue viewing a website. And the most interesting part that the "Issued to" differs time to time too. This happens both with my provider's default DNS and google DNS servers.
I tried to completely disable Norton Internet Security;
- I tried to visit https://66.211.169.66/ instead PayPal, but I've the same error (but the "issued to" seems to be correct this time "paypal.com");
UPD: List of all Certificates under "Trusted Root Certification Authorities" tab:
Complete Norton Internet Security removal has nothing changed. But one important thing. I'm using router Asus WL520gc connected via wire. I tried to connect cable directly to my PC, set up simple VPN connection and PayPal finally start opening. My router settings are pretty simple, everything is disabled, except VPN and manual IP assign for wireless devices. I've absolutely no idea what an issue can be. Mobile devices connected through this router open PayPal perfectly. And seems like the problem is with PayPal only cause another https connections cause me no problems as I remember.
And I have no plugins for browsers at all. I do pay attention for things I install on my PC and that's why I've no plugins, toolbars etc.
Now I've the same issue with Safari browser as well. :(
I can't catch when it appears. Cause the same time it works now in Chrome but doesn't work in Safari. And in 3 minutes or so Chrome shows certificate error again.
PayPal is working for me now, please see a tracert route:
Certificates looks different for https://66.211.169.66/ and https://www.paypal.com websites:
OK, it doesn't work again! Now "Issued to" is google.com:
But the screen is still the same if I visit https://66.211.169.66/ as on previous screenshot.
Tracert looks now like this:
And nslookup looks the same for working and non-working states:
After a reconnect "Issued to" changed to ad.yieldmanager.com (I've never seen this website before):
After a couple more reconnects - PayPal works but ping looks like this:
Important UPD. Now I see the problem persist at all devices connected through my router! DNS is currently set to 8.8.8.8. And certificate is issued to google.com. If change DNS to automatic "Issued to" gonna change to any random address mentioned above. See a screenshots from Android device connected via Wi-Fi. It's a default browser.
2Uninstall Norton and remove any plugin, it installed within chrome or opera. – davidbaumann – 2015-03-03T20:42:17.960
2
Does this only happen when you try to access PayPal over HTTPS? Do you notice similar problems when visiting other websites (say, Gmail) over SSL? Also, did you check your certificate store to see if you recognize any unwanted root certificates? The problem you're facing seems similar to the SuperFish incident. Could you run
– Vinayak – 2015-03-06T23:13:50.957certmgr.msc
and add the list of allTrusted Root Certification Authorities
to your question? Order the list byExpiration Date
so anomalies are easy to pick out.2
I think the reason why it works well in Firefox is because Firefox has its own certificate store and doesn't rely on the Windows cert store to validate SSL connections. Chrome however, does. As does IE. I guess Safari maintains its own root cert store as well. Maybe, this test might help. Opera used to have it's own cert store too, but not anymore
– Vinayak – 2015-03-06T23:33:40.880Please see my UPD.. – Mike – 2015-03-07T14:07:02.157
What do you see when you do a
tracert 66.211.169.66
? – Vinayak – 2015-03-07T16:37:24.303Also, could you show what the certification path looks like? – Vinayak – 2015-03-07T16:50:48.027
1
Could you verify that the thumbprint of
– Vinayak – 2015-03-07T23:32:04.750VeriSign Class 3 Public Primary Certification Authority - G5
is indeed4e b6 d5 78 49 9b 1c cf 5f 58 1e ad 56 be 3d 9b 67 44 a5 e5
? In the certification path, can you confirm thatVeriSign Class 3 Public Primary Certification Authority - G5
is the root certificate used to issue the certificate forVeriSign Class 3 Secure Server CA - G3
? You can check that like this. Could you also provide the output ofnslookup paypal.com
?1I also just noticed that your first screenshot says your connection to PayPal is encrypted with 112-bit encryption which looks very suspicious to me. I've never seen that before. I usually see 128 or 256 bit encryption. And my connection to PayPal is indeed encrypted with 128-bit encryption using TLS 1.2. Have you tried updating to the latest version of Google Chrome and then visiting PayPal again? – Vinayak – 2015-03-07T23:56:56.323
Please see my UPD. – Mike – 2015-03-08T11:58:12.660
Mike, the ping results are fine. That's a valid PayPal host. Are you using a VPN to access websites (including PayPal) on your computer?
– Vinayak – 2015-03-08T13:32:24.903I just found out about this which looks quite similar to the issue you're facing (note the certificate for josbank.com when visiting docs.google.com). Unfortunately, it's in Chinese and Google Translate doesn't help much so I can't make out what the problem is, but it seems it might be VPN related.
– Vinayak – 2015-03-08T13:43:26.120@Vinayak yes I'm using VPN at my router (PPPoE) connection without encryption. IP/DNS automatically. MTU/MRU set to 1492. "Issued to" field changed if I play with DNS - set Manual (8.8.8.8 / 8.8.4.4) and back to automatically. But I can't catch the actual issue and can't represent the issue by my wish. It's just random. – Mike – 2015-03-08T13:44:29.100
Can you try visiting PayPal without a VPN and see if you still get the
CERT_COMMON_NAME_INVALID
error? – Vinayak – 2015-03-08T13:45:33.557The problem is that my internet provider don't let me visit any web sources without established VPN connection. I mean once it's disconnected - I've only local internet avail. Like my billing panel and provider website. – Mike – 2015-03-08T13:49:31.523
You said PayPal opens fine on mobile devices connected to your Wi-Fi? Do they fail to open at random times like with Chrome on your computer? Also, could you connect to a separate VPN after you've connected to your ISP's VPN? For instance, what happens of you access PayPal through CyberGhost VPN?
– Vinayak – 2015-03-08T13:59:08.560@Vinayak I have the same issue at a mobile device! Please see my upd. And yes it seems to work fine via CyberGhost. – Mike – 2015-03-08T14:17:54.873
I think that pretty much tells us everything we need to know. The problem lies with the router. Specifically, with the DNS settings or the VPN, I'm not sure yet. You can try switching to a different DNS server like OpenDNS or CyberGhost's DNS and see if that makes a difference. If not, it has to be the ISP's VPN, in which case you'd have to contact your ISP.
– Vinayak – 2015-03-08T14:36:31.687In the meantime, you could also try using CyberGhost VPN (or any other VPN of your choice) for a while and keep visiting PayPal at random times to see if the certificate problem recurs. If it does not, you know there's something's wrong with your ISP's VPN. Also, a router reset might be in order. – Vinayak – 2015-03-08T14:46:28.103
@Vinayak Thank you so much for your time and help. I see the problem is somewhere between my router and ISP. I will also try firmware update, maybe a new router, and finally I will try to contact my ISP. Can you please resume all of your final thoughts as an answer, I would like to accept it, cause I'm not sure it's possible to help me more than you did and I appreciate it. – Mike – 2015-03-08T15:27:57.287