help - can't get to youtube and others - cisco umbrella root CA

  • SpinRite v6.1 Release #3
    Guest:
    The 3rd release of SpinRite v6.1 is published and may be obtained by all SpinRite v6.0 owners at the SpinRite v6.1 Pre-Release page. (SpinRite will shortly be officially updated to v6.1 so this page will be renamed.) The primary new feature, and the reason for this release, was the discovery of memory problems in some systems that were affecting SpinRite's operation. So SpinRite now incorporates a built-in test of the system's memory. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in please checkout the “Tips & Tricks” page for some very handy tips!

    /Steve.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)

rfrazier

Well-known member
Sep 30, 2020
566
194
@Steve or anyone. Help. I cannot get to youtube today and some other sites. I don't have hours to troubleshoot it now. Firefox did some kind of update yesterday. Until then, everything was working fine. I hate this rubbish! Here's part of the message. Anybody know what's up? All help is appreciated.

Software is Preventing Firefox From Safely Connecting to This Site

youtube.com is most likely a safe site, but a secure connection could not be established. This issue is caused by Cisco Umbrella Root CA,

May your bits be stable and your interfaces be fast. :cool: Ron
 
Sounds like some sort of proxy is in use, and Firefox doesn't trust the root certificate.

Are you using OpenDNS by chance? I know they were put under the Cisco Umbrella thing at some point. Your network might have a feature turned on for scanning on their end for bad stuff before it even hits your computer.
 
Thank you guys. I am using OpenDNS, although I could change that. I'll take a look at the link. Is that CA something I can trust?

May your bits be stable and your interfaces be fast. :cool: Ron
 
Define "trust". Presumably the reason that you need their root certificate is so that they can intercept your SSL traffic and inspect it for harmful things ( viruses etc). The problem is that it means they can intercept and inspect everything. YMMV
 
My router and Windows DNS settings point toward OpenDNS servers, but that is the extent of things. I don't use any of their apps, etc. I didn't ask for their CA. My browser just suddenly started giving that error message every time I go to YouTube and a few others.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Frankly, I just discovered it this morning, said a few selected harsh words to the computer, and moved on. I haven't had a couple of hours to troubleshoot it, and haven't successfully visited YouTube since the problem. I've been tied up with other things including researching how Windows 7 interacts with TRIM interacts with defrag for posting on another thread here on the forum. I'm hoping to get back to the problem of THIS thread a bit later.

But, since you mentioned it, I fired up Brave and went to YouTube. I get this error.

Your connection is not private​

Attackers might be trying to steal your information from youtube.com (for example, passwords, messages, or credit cards). Learn more


NET::ERR_CERT_AUTHORITY_INVALID

But wait, there's more ...

On a whim, I disconnected my TorGuard VPN. I was then able to connect with Firefox. I tried Brave and I was able to connect.

Then, I reconnected TorGuard but to a different city. I was able to connect with both browsers. I then put it back to the original city. I was able to connect with both browsers.

Whatever happened is above my pay grade. But, it appears I may have solved the problem. I appreciate everybody's suggestions and, if the problem reappears, I plan to pursue them.

May your bits be stable and your interfaces be fast. :cool: Ron
 
  • Like
Reactions: Barry Wallis
Thanks. I'm glad it's gone, if it's gone. I'd rather it never appeared at all though.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Well if you're using Tor you have bigger problems than certificates... Tor exit nodes are not guaranteed to be trustworthy, and in fact a great many of them are not. It's been well reported how people downloading executables over Tor have received virus laden files. Tor is not the same as a reputable VPN.
 
TorGuard VPN is completely separate and different from Tor, but thanks for the tips. ;)


May your bits be stable and your interfaces be fast. :cool: Ron
 
TorGuard VPN is completely separate and different from Tor
Well that was their mistake in choosing a name then.

From their FAQ:
Is TorGuard related in any way to the “tor” project?
Answer: No, The reference to "tor" in TorGuard relates to "torrents" and guarding one’s privacy when using bitorrent. We are not related in any way to the “tor” project however the company does support through donations.

So they're based on piracy privacy... still not sure that'd be a brand I'd trust.
 
AFAIK they are a well respected VPN Provider. I don't know that I'd say all torrents are piracy. Not quite sure how it got late. Where does the time go? Supper time. More research has to wait.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Same reason you pay a VPN provider for privacy for other things. I run a VPN all the time on every PC as a standard practice.

May your bits be stable and your interfaces be fast. :cool: Ron
 
That may be YOUR motivation Ron, but that is clearly not THEIR motivation for selling the service. (Which was my point... it's about them and their poor name choice, and nothing to do with your choices, poor or not.)
 
I see. Well, I don't know anything about the name other than what's in the FAQ. They were recommended to me by someone knowledgeable in another group years ago and they seem to do what I need.

May your bits be stable and your interfaces be fast. :cool: Ron
 
The way OpenDNS identify customers is with IP addresses. I bet what happened was someone who turned on a service with their OpenDNS account that needed them to install the root cert happened to use the same exit node as you. Either they got another IP and their tool to updated their account info, or when you reconnected, you got an IP OpenDNS doesn't identify as a special account.