Sign in with
Sign up | Sign in
Your question
Solved

School SSL certificates broken. Chrome doesn't let me access the pages.

Tags:
  • Chrome
  • SSL
  • Macbook Pro
  • Certificate
  • Mac OS X
Last response: in Mac Os X
Share
August 5, 2014 3:27:31 AM

Now I no idea how SSL works, but how ever my school sets it up, it breaks certificates for EVERY website.
I just recently started taking my MacBook Pro to school to do work. They also recently got a new WiFi system that is causing problems across the board. Now for iPhones and iPads etc they get you to install their SSL certificate which I suppose fixes the errors. But its not available for Mac (or my android) so half the time when I go to any website it will say something like (if its google) This is not the real google.com and wont let me connect.
The way I fixed this was clicking the lock next to the HTTP in the address bar and viewing the certificate information. Then I drag the certificate to the desktop and double click it to open it in the keychain app. Then I click get info for the certificate and select it as being trusted. This allows me to access the website, such as google. But somethings I cant find the certificate for because they are hosted on a separate server. The main thing is Steam Servers and YouTube videos. I can go to steampowered.com and log in. But the actual steam program cant connect. Also I can load YouTube.com but when i click on a video, the page loads but the video just says Cant load please try again later or something like that. So all I really need is the certificates for those websites or how to find the certificates.

More about : school ssl certificates broken chrome access pages

August 5, 2014 3:43:05 AM

It sounds like they are violating the RFC for SSL by intercepting all traffic and presenting their own SSL certificate so they can perform a man-in-the-middle "attack" for the purposes of scanning "encrypted" traffic. Don't use their network until they fix it.
m
0
l
August 5, 2014 4:02:34 AM

There are many firewalls that use that system; it's that or block all encrypted traffic if you need to censor/monitor internet usage. Which you would, given it's a school system.
m
0
l
Related resources
Can't find your answer ? Ask !
August 5, 2014 5:29:49 AM

Someone Somewhere said:
There are many firewalls that use that system; it's that or block all encrypted traffic if you need to censor/monitor internet usage. Which you would, given it's a school system.


Yes well the certificates always have an error in them, or chrome says so anyway. The other actual school owned computers are either plugged in via ethernet (which i have tried) or are connected using a hidden network I think

EDIT: all websites work correctly on school computers, which is why im guessing it requires the certificate that they give iphones automatically.
m
0
l
August 5, 2014 5:37:53 AM

They don't so much have an error as being signed by an authority (the school) your computer doesn't know of.

Getting their root certificate is the way to fix this. Note, however, that they will still be able to read your data even with the padlock in the address bar.
m
0
l
August 5, 2014 6:15:33 PM

Someone Somewhere said:
They don't so much have an error as being signed by an authority (the school) your computer doesn't know of.

Getting their root certificate is the way to fix this. Note, however, that they will still be able to read your data even with the padlock in the address bar.


Can they only get the data of what is on the screen, or do passwords and logins that get sent also be viewed? eg logging into facebook
m
0
l
August 5, 2014 9:57:25 PM

Everything. Including login details.
m
0
l
August 5, 2014 11:14:18 PM

Someone Somewhere said:
Everything. Including login details.


But doesn't that stuff get encrypted or something?
m
0
l

Best solution

August 5, 2014 11:59:29 PM

Yes, but you've just added the school's certificate, which means that your computer thinks the school's proxy server's have the authority to transmit/receive encrypted content.

Have a read through here: (it's a little sensationalist, but generally OK) https://www.grc.com/fingerprints.htm
Share
August 7, 2014 3:17:09 PM

Someone Somewhere said:
Yes, but you've just added the school's certificate, which means that your computer thinks the school's proxy server's have the authority to transmit/receive encrypted content.

Have a read through here: (it's a little sensationalist, but generally OK) https://www.grc.com/fingerprints.htm


I haven't added the schools certificate because they haven't given it to me yet. All I did was install website certificates such as *google.com onto my computer, then set it as always allow. So that it ignores the errors. So can they still view it, or do I need their certificate for them to be able to do that.
m
0
l
August 7, 2014 3:20:34 PM

That's a certificate generated using their certificate, so yes, they can see all traffic to e.g. Google.

Their firewall/proxy will decrypt and re-encrypt all traffic through it, monitoring it on the way.
m
0
l
August 7, 2014 6:11:02 PM

Someone Somewhere said:
That's a certificate generated using their certificate, so yes, they can see all traffic to e.g. Google.

Their firewall/proxy will decrypt and re-encrypt all traffic through it, monitoring it on the way.


Is there anyway I can prevent that besides not using the internet?
m
0
l
August 7, 2014 6:23:06 PM

Using the internet through a different connection, e.g. a 3G/4G modem.
m
0
l
!