sierra & some websites...

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere
musicgateway may be a different issue... seems to open on one mac, not the other (both running 10.12.1 PB4). weird...
[doublepost=1476386487][/doublepost]
Check your Flash and Java settings

hmmm. no flash installed on the mac that can't access musicgateway. but one mac has flash, the other doesn't, and both can't open soundcloud...
[doublepost=1476389029][/doublepost]can sierra users on the forum try the soundcloud site? just trying to narrow the problem down... thanks!
 

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere
can anyone here try, at least, soundcloud, let me know if you can get in or not? would be greatly appreciated...
 

raymond7

macrumors member
Jan 14, 2016
45
26
odd, that both my macs (on 10.12.1 public beta4) can't get in; safari or chrome. any ideas, anyone?
Couldn't it be your ISP that blocks these sites somehow? Maybe if you have another internet carrier on your phone you could tether the internet and use that internet to go to the site on your macbook and see if it works
 

Floris

macrumors 68020
Sep 7, 2007
2,381
1,472
Netherlands
Sorry, i can't test, I don't have flash or java on my system for obvious reasons.
[doublepost=1476449040][/doublepost]
Couldn't it be your ISP that blocks these sites somehow? Maybe if you have another internet carrier on your phone you could tether the internet and use that internet to go to the site on your macbook and see if it works
If that's the case, use DNS Crypt and Google's public DNS. The ISP doesn't need to do deep packet inspection, this isn't mother russia.
 

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere
just tried on my neighbor's network and same issues with the same sites; again, people on the soundcloud forums report the same problem in sierra... and all of this worked just prior to installing 10.12.1 public beta 4.

no flash on my main mac (i do have java, for dreamweaver).
 

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere
It's time to let dreamweaver go. Just .. put it to rest. You can do it.
everything was working before the PB4 update (besides, dreamweaver is an essential app for me).

just tried Opera (an impressive browser!) but same problem (and an error about an 'expired certificate')....
 

sniffs

macrumors regular
Jan 24, 2013
190
6
What certificate is it saying is expired? the site's cert?

Are you using a proxy on your machine? Sometimes proxies will install a cert as a man-in-the-middle, and if that cert expires you'd experience exactly what you're referring to.
 

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere

sniffs

macrumors regular
Jan 24, 2013
190
6
Yeah I'd like to see that cert error. Browsers all handle certificates differently. As an example, Google has deprecated Sha1 certs as being trusted in Chrome and the site won't load, but in IE, it'll load just with a line through the lock.

I'm not 100% sure what Safari does but I believe it also loads the site but complains about the cert.

I see that the 2 sites you linked above are using a Sha256 cert which is current and the official supported algorithm of SSL going forward.

If for whatever reason you and the others are loading the site and it's presenting you with the Sha1 cert, you're going to get cert errors.

If you go to Keychain Access, click on Certificates on the left and then click on Login, System and System roots. Are any of the certs listed with an X on them? If so, which ones?
 

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere
i tried deleting cookie & website data, and clearing the cache, but can't get that certificate error back (but i may have clicked 'always trust' in that window)...

here's what i get (first 2 images from safari, 3rd image from chrome):



 

sniffs

macrumors regular
Jan 24, 2013
190
6
In Keychain Access, under Certificate, it'll show you which certs you have installed. It's possible that at some point you installed the musicgateway.net certificate which is sha1 and they are using sha256 now.

Just go into Keychain Access, click Certificates on the bottom left, and then at the top left, click on Login and look for any that are denied. Then click through System and System Roots to find any denied ones.
 

sniffs

macrumors regular
Jan 24, 2013
190
6
ok so it's a Sha256 cert which is good. I'm not entirely sure why you have it installed however.. you shouldn't ever need to install a website's cert..

Delete it and try visiting the site again.


EDIT: The only reason I can even think of you need to install it is because you downloaded an application that requires you to make an SSL connection into their environment. If this isn't the case, just delete the cert.

EDIT2: Also, whenever you see the "S" at the end of "http", this means you're making a "SECURED" connection into their environment. It's called SSL, and the way you secure the connection is via certificates. Your browser and the site exchange the certificate key and that prevents people from snooping in on your connection. Sha1 has all but been broken, so many sites are abandoning it.
 

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere
ok. just installed firefox (which i never liked), and BOTH sites load in firefox. so...?????? not in safari, chrome, or opera. what does this suggest??
 

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere
Firefox is loading the site regardless of the certificate trust. :D
hmm. any way to get safari to do that with these specific sites? and what caused these sites to stop loading? definitely started with the PB4 install (but curiously, musicgateway opens on my other mac, same OS...)
[doublepost=1476463373][/doublepost]here's the soundcloud error:
 

sniffs

macrumors regular
Jan 24, 2013
190
6
For whatever reason your browsers aren't trusting the certificate that they are presenting. This is the ONLY reason this is happening. Now, for the reason why your browsers aren't trusting it could be a few reasons.

1. You installed the cert, they are presenting a new cert and your cert and their cert dont match. Just delete the one you installed, you dont need it.
2. You are using a proxy that uses a man-in-the-middle cert. Lots of web filtering companies do this such as Zscaler and Websense. If those certs aren't trusted, then you'll always have an error.
3. Some how the root chain of the cert they are presenting is missing on your machine. You need the entire chain for it to be trusted. Go back to Keychain Access, click on Certificates on the bottom left and click on System roots on the top left. If you don't see "GlobalSign" in system roots, you don't have the full chain and this is a problem.

When I go to Safari and click the padlock to the left of soundcloud.com, and click Show Certificate, I see
GlobalSign Root CA -> GlobalSign Domain Validation CA - SHA256 - G2 -> *.soundcloud.com
[doublepost=1476463529][/doublepost]Delete the certificate for soundcloud.com that you have installed
 

fisherking

macrumors 604
Original poster
Jul 16, 2010
7,220
2,144
ny somewhere
globalsign is there. and the way i got to see the error message on soundcloud was by first deleting the certificate from the keychain. otherwise, something in 10.12.1 pb4 must have caused this (as others are experiencing the issue). no proxy, no certificates installed)...

neither soundcloud nor musicgateway.net display the padlock (except in firefox).
 

sniffs

macrumors regular
Jan 24, 2013
190
6
Odd.. yeah I have 10.12.1 PB4 on a 2013 iMac, 2012 MBP, 2010 MBA and the machine I'm on now, a 2015 rMBP and none of them as experiencing this.. I guess use Firefox for the time being! :)
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.