Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

sierra & some websites...

fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
musicgateway may be a different issue... seems to open on one mac, not the other (both running 10.12.1 PB4). weird...
[doublepost=1476386487][/doublepost]
Mufasa804 said:
Check your Flash and Java settings
Click to expand...


hmmm. no flash installed on the mac that can't access musicgateway. but one mac has flash, the other doesn't, and both can't open soundcloud...
[doublepost=1476389029][/doublepost]can sierra users on the forum try the soundcloud site? just trying to narrow the problem down... thanks!
 
fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
can anyone here try, at least, soundcloud, let me know if you can get in or not? would be greatly appreciated...
 
R

raymond7

macrumors member
Jan 14, 2016
53
27
fisherking said:
odd, that both my macs (on 10.12.1 public beta4) can't get in; safari or chrome. any ideas, anyone?
Click to expand...
Couldn't it be your ISP that blocks these sites somehow? Maybe if you have another internet carrier on your phone you could tether the internet and use that internet to go to the site on your macbook and see if it works
 
Floris

Floris

macrumors 68020
Sep 7, 2007
2,381
1,476
Netherlands
Sorry, i can't test, I don't have flash or java on my system for obvious reasons.
[doublepost=1476449040][/doublepost]
raymond7 said:
Couldn't it be your ISP that blocks these sites somehow? Maybe if you have another internet carrier on your phone you could tether the internet and use that internet to go to the site on your macbook and see if it works
Click to expand...
If that's the case, use DNS Crypt and Google's public DNS. The ISP doesn't need to do deep packet inspection, this isn't mother russia.
 
fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
just tried on my neighbor's network and same issues with the same sites; again, people on the soundcloud forums report the same problem in sierra... and all of this worked just prior to installing 10.12.1 public beta 4.

no flash on my main mac (i do have java, for dreamweaver).
 
fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
Floris said:
It's time to let dreamweaver go. Just .. put it to rest. You can do it.
Click to expand...

everything was working before the PB4 update (besides, dreamweaver is an essential app for me).

just tried Opera (an impressive browser!) but same problem (and an error about an 'expired certificate')....
 
sniffs

sniffs

macrumors regular
Jan 24, 2013
190
6
What certificate is it saying is expired? the site's cert?

Are you using a proxy on your machine? Sometimes proxies will install a cert as a man-in-the-middle, and if that cert expires you'd experience exactly what you're referring to.
 
fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
sniffs

sniffs

macrumors regular
Jan 24, 2013
190
6
Yeah I'd like to see that cert error. Browsers all handle certificates differently. As an example, Google has deprecated Sha1 certs as being trusted in Chrome and the site won't load, but in IE, it'll load just with a line through the lock.

I'm not 100% sure what Safari does but I believe it also loads the site but complains about the cert.

I see that the 2 sites you linked above are using a Sha256 cert which is current and the official supported algorithm of SSL going forward.

If for whatever reason you and the others are loading the site and it's presenting you with the Sha1 cert, you're going to get cert errors.

If you go to Keychain Access, click on Certificates on the left and then click on Login, System and System roots. Are any of the certs listed with an X on them? If so, which ones?
 
fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
i tried deleting cookie & website data, and clearing the cache, but can't get that certificate error back (but i may have clicked 'always trust' in that window)...

here's what i get (first 2 images from safari, 3rd image from chrome):
safari1.png

safari2.png


chrome.png
 
sniffs

sniffs

macrumors regular
Jan 24, 2013
190
6
In Keychain Access, under Certificate, it'll show you which certs you have installed. It's possible that at some point you installed the musicgateway.net certificate which is sha1 and they are using sha256 now.

Just go into Keychain Access, click Certificates on the bottom left, and then at the top left, click on Login and look for any that are denied. Then click through System and System Roots to find any denied ones.
 
sniffs

sniffs

macrumors regular
Jan 24, 2013
190
6
ok so it's a Sha256 cert which is good. I'm not entirely sure why you have it installed however.. you shouldn't ever need to install a website's cert..

Delete it and try visiting the site again.


EDIT: The only reason I can even think of you need to install it is because you downloaded an application that requires you to make an SSL connection into their environment. If this isn't the case, just delete the cert.

EDIT2: Also, whenever you see the "S" at the end of "http", this means you're making a "SECURED" connection into their environment. It's called SSL, and the way you secure the connection is via certificates. Your browser and the site exchange the certificate key and that prevents people from snooping in on your connection. Sha1 has all but been broken, so many sites are abandoning it.
 
fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
ok. just installed firefox (which i never liked), and BOTH sites load in firefox. so...?????? not in safari, chrome, or opera. what does this suggest??
 
fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
sniffs said:
Firefox is loading the site regardless of the certificate trust. :D
Click to expand...

hmm. any way to get safari to do that with these specific sites? and what caused these sites to stop loading? definitely started with the PB4 install (but curiously, musicgateway opens on my other mac, same OS...)
[doublepost=1476463373][/doublepost]here's the soundcloud error:
soundcloudCERT.png
 
sniffs

sniffs

macrumors regular
Jan 24, 2013
190
6
For whatever reason your browsers aren't trusting the certificate that they are presenting. This is the ONLY reason this is happening. Now, for the reason why your browsers aren't trusting it could be a few reasons.

1. You installed the cert, they are presenting a new cert and your cert and their cert dont match. Just delete the one you installed, you dont need it.
2. You are using a proxy that uses a man-in-the-middle cert. Lots of web filtering companies do this such as Zscaler and Websense. If those certs aren't trusted, then you'll always have an error.
3. Some how the root chain of the cert they are presenting is missing on your machine. You need the entire chain for it to be trusted. Go back to Keychain Access, click on Certificates on the bottom left and click on System roots on the top left. If you don't see "GlobalSign" in system roots, you don't have the full chain and this is a problem.

When I go to Safari and click the padlock to the left of soundcloud.com, and click Show Certificate, I see
GlobalSign Root CA -> GlobalSign Domain Validation CA - SHA256 - G2 -> *.soundcloud.com
[doublepost=1476463529][/doublepost]Delete the certificate for soundcloud.com that you have installed
 
fisherking

fisherking

macrumors G4
Original poster
Jul 16, 2010
11,251
5,561
ny somewhere
globalsign is there. and the way i got to see the error message on soundcloud was by first deleting the certificate from the keychain. otherwise, something in 10.12.1 pb4 must have caused this (as others are experiencing the issue). no proxy, no certificates installed)...

neither soundcloud nor musicgateway.net display the padlock (except in firefox).
 
sniffs

sniffs

macrumors regular
Jan 24, 2013
190
6
Odd.. yeah I have 10.12.1 PB4 on a 2013 iMac, 2012 MBP, 2010 MBA and the machine I'm on now, a 2015 rMBP and none of them as experiencing this.. I guess use Firefox for the time being! :)
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom