benhelps
Level 8: Inspector

Signon.telstra.com.au ssl chain borked?

Answered
Not sure if this is the best place to post this, but here goes:

For the last few months whenever I try to login to the url above in chrome on my phone, I get an ssl warning.

It works ok in chrome on my laptop, and in the old built in browser on android, just not chrome on android.

Checking the following url is to a results page on testing the ssl for that url: https://www.ssllabs.com/ssltest/analyze.html?d=signon.telstra.com.au

Note that it says untrusted by google and Mozilla (haven't dug into why yet, though I recall running info similar issues myself when I wrongly setup a certificate chain on a load balancer)

The actual error in chrome on android is:
ERR_CERT_AUTHORITY_INVALID
Ben Helps
https://benhelps.me
1 ACCEPTED SOLUTION

Accepted Solutions
ForensicsGuru
Level 21: Augmented
Accepted Solution

Re: Signon.telstra.com.au ssl chain borked?

The reason is that Telstra certificates are signed by Symantec CA and Google made big boo about distrusting them in M66 and M70 releases of Chrome (https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certific...). However, if your Android is older, it could also be because your trusted root certificates are outdated...

DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.

View solution in original post

Was this helpful?

  • Yes it was, thank you
  • No, I still need help
3 REPLIES 3
benhelps
Level 8: Inspector

Re: Signon.telstra.com.au ssl chain borked?

Actually at a quick look since writing this, perhaps it's a hostname mismatch (common with non wildcard certs) - it appears that signon.telstra.com.au is trying to use a certificate for signon.bigpond.com
Ben Helps
https://benhelps.me
ForensicsGuru
Level 21: Augmented
Accepted Solution

Re: Signon.telstra.com.au ssl chain borked?

The reason is that Telstra certificates are signed by Symantec CA and Google made big boo about distrusting them in M66 and M70 releases of Chrome (https://blog.qualys.com/ssllabs/2017/09/26/google-and-mozilla-deprecating-existing-symantec-certific...). However, if your Android is older, it could also be because your trusted root certificates are outdated...

DISCLAIMER: I do not work for Telstra or any other ISP. I never did. I have wealth of practical knowledge in Computer Security and Forensic Computing. I have been in the field since 1985.

Likes (formerly Kudos) and solutions are appreciated!!!
The comments expressed by me reflect my user experience and personal opinion.

View solution in original post

benhelps
Level 8: Inspector

Re: Signon.telstra.com.au ssl chain borked?

Ah yep that's it. Running 66 on the phone. Note they push an update soon, sucks having to use a different browser if I want to login
Ben Helps
https://benhelps.me

Set it & forget it

With direct debit there’s no need to give paying your bill another thought.

Avoid queuing up and never worry about late fees again.

Setup direct debit