Web-bugs: www.fioapp.co - Secure Connection Failed page

Created on 24 Oct 2019 · 9Comments · Source: webcompat/web-bugs

Browser / Version: Firefox 72.0
Operating System: Mac OS X 10.14
Tested Another Browser: Yes

Problem type: Something else
Description: Secure Connection Failed page
Steps to Reproduce:
When navigating to the site, there's an error page displayed

An error occurred during a connection to www.fioapp.co. Peer’s Certificate has been revoked.

Error code: SEC_ERROR_REVOKED_CERTIFICATE

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

It seems like a legit error, but Chrome and Firefox don't have the same error, so I'm wondering if there's a Firefox issue here

Browser Configuration

gfx.webrender.all: false
gfx.webrender.blob-images: true
gfx.webrender.enabled: false
image.mem.shared: true
buildID: 20191022214314
channel: nightly
hasTouchScreen: false
mixed active content blocked: false
mixed passive content blocked: false
tracking content blocked: false

_From webcompat.com with ❤️_

browser-firefox engine-gecko priority-normal severity-critical type-server-issue type-untrusted-connection

Source

nchevobbe

Most helpful comment

We've reinstalled certificates, and tested on
macOS 10.15
Chrome 77
Firefox 69.0.1
Safari 13.0.2

all works

@nchevobbe @karlcow @wisniewskit please let us know if you still experiencing the bug?

antsav on 31 Oct 2019

❤2

All 9 comments

I think that this might be the reason for the insecure connection message:

Tested with:
Browser / Version: Firefox Nightly 72.0a1 (2019-10-29)
Operating System: Windows 10 Pro

Moving to Needsdiagnosis.

softvision-sergiulogigan on 30 Oct 2019

and it doesn't reproduce for me on macOS.
which is interesting because https://www.ssllabs.com/ssltest/analyze.html?d=fioapp.co
is still failing

karlcow on 30 Oct 2019

This is legitimately because the site's SSL certificate has been revoked; it is no longer considered trustworthy: https://www.ssllabs.com/ssltest/analyze.html?d=www.fioapp.co&latest

I'm not sure why Chrome is still accepting it, because they are receiving the same certificate that is supposed to be considered as revoked. That's technically an error on their part, unless I'm missing something out of the ordinary.

Fioapp will have to update their SSL certificate to a trusted one.

wisniewskit on 30 Oct 2019

This site works only in browsers with SNI support.

https://www.fioapp.co/app/
And it does work for me on Chrome Canary too.

But if it reproduces on Chrome. I would say non-compat. And if they still have some rogue certificates on a server, I guess contacting them could be a solution?

But maybe @alafritz and @antsav know about it.

karlcow on 30 Oct 2019

Thank you guys for bringing it up 🙏
We are looking into this issue

antsav on 30 Oct 2019

❤1

Quick update

So far we see certificate is valid
https://www.whynopadlock.com/results/69f8421e-9ac5-4eff-a889-114b4e483171

SSL labs are selling their own certificates and having conflict of interests on giving fair analysis results.

We are still working on this and will keep posting updates.

antsav on 31 Oct 2019

We've reinstalled certificates, and tested on
macOS 10.15
Chrome 77
Firefox 69.0.1
Safari 13.0.2

all works

@nchevobbe @karlcow @wisniewskit please let us know if you still experiencing the bug?

antsav on 31 Oct 2019

❤2

@antsav, it's working fine now, thanks for the quick turn-around!

wisniewskit on 31 Oct 2019

👍1

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue at https://webcompat.com/issues/new if you are experiencing a similar problem.