help - can't get to youtube and others - cisco umbrella root CA

  • Release Candidate 6
    Guest:
    We are at a “proposed final” true release candidate with nothing known remaining to be changed or fixed. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.

rfrazier

Well-known member
Sep 30, 2020
569
194
@Steve or anyone. Help. I cannot get to youtube today and some other sites. I don't have hours to troubleshoot it now. Firefox did some kind of update yesterday. Until then, everything was working fine. I hate this rubbish! Here's part of the message. Anybody know what's up? All help is appreciated.

Software is Preventing Firefox From Safely Connecting to This Site

youtube.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Cisco Umbrella Root CA,

May your bits be stable and your interfaces be fast. :cool: Ron
 
Sounds like some sort of proxy is in use, and Firefox doesn't trust the root certificate.

Are you using OpenDNS by chance? I know they were put under the Cisco Umbrella thing at some point. Your network might have a feature turned on for scanning on their end for bad stuff before it even hits your computer.
 
Thank you guys. I am using OpenDNS, although I could change that. I'll take a look at the link. Is that CA something I can trust?

May your bits be stable and your interfaces be fast. :cool: Ron
 
Define "trust". Presumably the reason that you need their root certificate is so that they can intercept your SSL traffic and inspect it for harmful things ( viruses etc). The problem is that it means they can intercept and inspect everything. YMMV
 
My router and Windows DNS settings point toward OpenDNS servers, but that is the extent of things. I don't use any of their apps, etc. I didn't ask for their CA. My browser just suddenly started giving that error message every time I go to YouTube and a few others.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Frankly, I just discovered it this morning, said a few selected harsh words to the computer, and moved on. I haven't had a couple of hours to troubleshoot it, and haven't successfully visited YouTube since the problem. I've been tied up with other things including researching how Windows 7 interacts with TRIM interacts with defrag for posting on another thread here on the forum. I'm hoping to get back to the problem of THIS thread a bit later.

But, since you mentioned it, I fired up Brave and went to YouTube. I get this error.

Your connection is not private​

Attackers might be trying to steal your information from youtube.com (for example, passwords, messages, or credit cards). Learn more


NET::ERR_CERT_AUTHORITY_INVALID

But wait, there's more ...

On a whim, I disconnected my TorGuard VPN. I was then able to connect with Firefox. I tried Brave and I was able to connect.

Then, I reconnected TorGuard but to a different city. I was able to connect with both browsers. I then put it back to the original city. I was able to connect with both browsers.

Whatever happened is above my pay grade. But, it appears I may have solved the problem. I appreciate everybody's suggestions and, if the problem reappears, I plan to pursue them.

May your bits be stable and your interfaces be fast. :cool: Ron
 
  • Like
Reactions: Barry Wallis
Thanks. I'm glad it's gone, if it's gone. I'd rather it never appeared at all though.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Well if you're using Tor you have bigger problems than certificates... Tor exit nodes are not guaranteed to be trustworthy, and in fact a great many of them are not. It's been well reported how people downloading executables over Tor have received virus laden files. Tor is not the same as a reputable VPN.
 
TorGuard VPN is completely separate and different from Tor, but thanks for the tips. ;)


May your bits be stable and your interfaces be fast. :cool: Ron
 
TorGuard VPN is completely separate and different from Tor
Well that was their mistake in choosing a name then.

From their FAQ:
Is TorGuard related in any way to the “tor” project?
Answer: No, The reference to "tor" in TorGuard relates to "torrents" and guarding one’s privacy when using bitorrent. We are not related in any way to the “tor” project however the company does support through donations.

So they're based on piracy privacy... still not sure that'd be a brand I'd trust.
 
AFAIK they are a well respected VPN Provider. I don't know that I'd say all torrents are piracy. Not quite sure how it got late. Where does the time go? Supper time. More research has to wait.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Same reason you pay a VPN provider for privacy for other things. I run a VPN all the time on every PC as a standard practice.

May your bits be stable and your interfaces be fast. :cool: Ron
 
That may be YOUR motivation Ron, but that is clearly not THEIR motivation for selling the service. (Which was my point... it's about them and their poor name choice, and nothing to do with your choices, poor or not.)
 
I see. Well, I don't know anything about the name other than what's in the FAQ. They were recommended to me by someone knowledgeable in another group years ago and they seem to do what I need.

May your bits be stable and your interfaces be fast. :cool: Ron
 
The way OpenDNS identify customers is with IP addresses. I bet what happened was someone who turned on a service with their OpenDNS account that needed them to install the root cert happened to use the same exit node as you. Either they got another IP and their tool to updated their account info, or when you reconnected, you got an IP OpenDNS doesn't identify as a special account.