The DU Lounge
Related: Culture Forums, Support ForumsI think I've been hijacked. Can only go to a few websites. Get the message:
Your connection is being intercepted by a TLS proxy. Uninstall it if possible or configure your device to trust its root certificate. I keep being told that none of the sites certificates are valid? Any ideas?
unblock
(52,387 posts)OregonBlue
(7,755 posts)msongs
(67,462 posts)Eugene
(61,965 posts)This is known to happen with proxies like AVG.
BTW check that your system clock hasn't rolled back to 2012 or something.
OregonBlue
(7,755 posts)cos dem
(903 posts)A root certificate is "self-signed", so the authority is based on your knowledge that it comes from a legitimate source. If you don't know who it is, DO NOT ACCEPT IT.
OregonBlue
(7,755 posts)cos dem
(903 posts)What you're seeing is what's called a "man-in-the-middle". There are legitimate reasons for this type of operation (for example, if your employer is like mine, they run MITM). In a normal secure connection (for your purposes, think of TLS and https as the same), you have an encrypted link between you and the party to which you're connected. The protocols are such that only you and the other party can communicate; no-one else can decrypt and observe your communications.
However (and it's a big however) this is dependent on you and that other party being able to verify each other's identity. That is done using these certificates, and root certificates are the "root" of the security. Think of it as a trustworthy source (in most cases, your browser manufacturer, rather than you, made that decision, but OK) that vouches for anyone with a certificate signed by one of these root certs. Thus, if you accept a root cert signed by Vladimir Putin, anyone with a website (or a TLS proxy) that uses a certificate signed by Vlad will look authentic to you and your browser.
MITM works by establishing this proxy between you and your destination (say your bank). You try to connect to the bank, but the proxy intercepts the communication, authenticates itself (because you have Vlad's root cert installed on your computer), and thus establish a secure connection to the proxy. The proxy then establishes a second link to your bank. In this way, the proxy intercepts everything you send back and forth to your bank (useless info like balances, account numbers, mother's maiden name, etc).
If you ever want to be certain of the site you connected to, if it is an https site, click on the padlock icon (I'm using Chrome on a mac, so it might be slightly different). You should see an option to "view site certificate" or something like that. On DU, I can see that their root certificate is generated by DigiCert https://www.digicert.com/. So, DigiCert sold a certificate to DU, and DU presents that cert to your computer. Your browser is set to trust DigiCert root certs, and DigiCert is vouching for DU, thus you trust DU, and set up the secure connection.
(I'd post a screen-shot, but I'm not sure how to embed an image).
Sorry if this is more info than you wanted. I thought it might be of interest to others, given the ever-increasing need for security and some knowledge about what it all means.