CentOS - Aug 2009 - OT: Firefox SSL error on Linux, Firefox OK on Windows - same web site

Using CentOS 5.3 (32 bit) on my Desktop with Mozilla Firefox 3.0.12.
With one web site (LinkShare) I am getting an SSL error, after
clicking to get a more advanced report  I do not get that error, using
Mozilla Firefox 3.0.13 on M$ Windows and I get the report OK on
Windows. It appears, when using Firefox on Linux, that it is not
ending up on the LinkShare web site and Firefox is giving me the below
error. I use OpenDNS.com for DNS service. Question: How can I verify
that there is no corruption in my Firefox installation on Linux and
that I have the latest SSL CAs for it?  TIA!  Lanny


Secure Connection Failed

analytics.linksynergy.com uses an invalid security certificate.

The certificate is only valid for *.opendns.com

(Error code: ssl_error_bad_cert_domain)

    * This could be a problem with the server's configuration, or it
could be someone trying to impersonate the server.

    * If you have connected to this server successfully in the past,
the error may be temporary, and you can try again later.

          Or you can add an exception?


Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009072711
CentOS/3.0.12-1.el5.centos Firefox/3.0.12

Lanny Marcus wrote:
> Using CentOS 5.3 (32 bit) on my Desktop with Mozilla Firefox 3.0.12.
> With one web site (LinkShare) I am getting an SSL error, after
> clicking to get a more advanced report  I do not get that error, using
> Mozilla Firefox 3.0.13 on M$ Windows and I get the report OK on
> Windows. It appears, when using Firefox on Linux, that it is not
> ending up on the LinkShare web site and Firefox is giving me the below
> error. I use OpenDNS.com for DNS service. Question: How can I verify
> that there is no corruption in my Firefox installation on Linux and
> that I have the latest SSL CAs for it?  TIA!  Lanny
> 
> 
> Secure Connection Failed
> 
> analytics.linksynergy.com uses an invalid security certificate.
> 
> The certificate is only valid for *.opendns.com
> 
This indicates that the Security Certificate that you are connecting to
is issued for "*.opendns.com" and you are connecting to
"analytics.linksynergy.com".

If I try to connect to analytics.linksynergy.com, I am redirected to
www.linkshare.com so I can't really test the connection.

> (Error code: ssl_error_bad_cert_domain)
> 
>     * This could be a problem with the server's configuration, or it
> could be someone trying to impersonate the server.
> 
>     * If you have connected to this server successfully in the past,
> the error may be temporary, and you can try again later.
> 
>           Or you can add an exception?
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL:
<http://lists.centos.org/pipermail/centos/attachments/20090812/237ece36/attachment-0003.sig>

Hi Lanny! How's it going?

On Wed, Aug 12, 2009 at 07:24, Lanny Marcus<lmmailinglists at gmail.com>
wrote:
> analytics.linksynergy.com uses an invalid security certificate.
> The certificate is only valid for *.opendns.com
It looks like you are getting to an OpenDNS server instead of a
LinkSynergy server...

This looks like exactly the kind of stuff that OpenDNS does... They
redirect inexistant domains to their own servers. I think there are
also some options that you can request to redirect other domains (like
maybe ones used by ads?) to their servers.

To diagnose the problem I suggest you use "nslookup" on the two
machines to find out to which IP they are resolving
analytics.linksynergy.com, I think they will probably not resolve to
the same IP (if they do, then try to close and reopen Firefox, clear
the cache, and try the website again, maybe it was a temporary problem
and is now fixed). If the IPs are indeed different, then you can use
"whois" to find out who owns the IP, I bet the one that gives you the
certificate error you reported is going to be owned by OpenDNS.

If you need help using the tools (nslookup and whois) please reply to
the list and we'll happy to help you there. If you can resolve the IPs
with nslookup you can post them to the list as well.

Cheers!
Filipe