Browser warnings for invalid domain certificates

After a new OpenWRT flash on my router my device browser is suddenly warning about certificate errors (SSL_ERROR_BAD_CERT_DOMAIN). It is far from every site though but all of a sudden I'm getting these browser warnings on several websites, which didn't happen before flashing to OpenWRT.

It seems to be related to the domain names. Screenshot:

image

Does anyone know what could be causing this?

Most probably unrelated to OpenWrt. Sounds like a MITM issue - frequently triggered by bogus anti virus products.

2 Likes

I don't use antivirus products and the issues began after switching to a newly flashed router with OpenWRT, so I suspect it is related. I'm fairly security conscious and I doubt it's a MITM, I'm pretty sure it's caused by something in the configuration.

Not sure if incorrect time settings can cause BAD_CERT_DOMAIN errors but both my laptop device and the OpenWRT router are configured to the correct time. The certificates haven't expired, either.

Official OpenWrt images do not affect/interfere the SSL traffic/certificate handling.

Doublecheck if you receive these errors from another connected mobile device as well ... and please provide more information: Where did you download/flashed which image? Any special plugins activated? Which URL did you use for testing?

1 Like

The image I flashed was this one. (Firmware downloads really should be available with https btw!)

I tried it on my phone, and it produced the same error. HOWEVER, I also disconnected from the OpenWRT router and used my mobile connection and it produces the same error when bypassing my home connection. So this indicates there's something wrong on their end, and because I've been receiving the error on different websites it may be related to the certificate authority (Digicert, in this case) ?

Edit: also tried it on a Wireguard VPN connection and it also produces the error. So I've essentially tried it on 3 different connections and 2 different devices, 3 different browsers.

Just use https i/o http and you're done.

3 Likes

That's good but even better if the links be changed to https instead. Perhaps it points to http for a reason though?

It'd be great if someone else also could give it a try and see if they get a cert error, and report back pls.

Just see if it gets an error, no need to download it, of course:
https://download.virtualbox.org/virtualbox/6.0.6/VirtualBox-6.0.6-130049-OSX.dmg

It does, because ssl enabled "wget" (ustream) implementations aren't part of the default preinstalled package set (for size reasons and other side effects, such as certificate complaints for self-signed 'invalid' access to the router's webinterface).

4 Likes

I receive a certificate error as well - unrelated to OpenWrt. Oracle seems to re-organize their download area, use https://www.oracle.com/technetwork/server-storage/virtualbox/downloads/index.html to download virtualbox.

3 Likes

Thank you for your help in diagnosing this issue.