sierra & some websites...

Discussion in 'macOS Sierra (10.12)' started by fisherking, Oct 13, 2016.

  1. fisherking macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #1
    so, pretty sure this started with public beta4, but wondering who else here is seeing it? some sites are inaccessible in safari, and i get privacy warnings in chrome. others on the soundcloud forums running sierra report same issue:

    for example:

    https://soundcloud.com/stream

    and

    https://www.musicgateway.net
     
  2. Mufasa804 macrumors regular

    Joined:
    Mar 6, 2009
  3. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #3
    musicgateway may be a different issue... seems to open on one mac, not the other (both running 10.12.1 PB4). weird...
    --- Post Merged, Oct 13, 2016 ---

    hmmm. no flash installed on the mac that can't access musicgateway. but one mac has flash, the other doesn't, and both can't open soundcloud...
    --- Post Merged, Oct 13, 2016 ---
    can sierra users on the forum try the soundcloud site? just trying to narrow the problem down... thanks!
     
  4. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #4
    can anyone here try, at least, soundcloud, let me know if you can get in or not? would be greatly appreciated...
     
  5. joker00 macrumors member

    Joined:
    Apr 30, 2011
    #5
    no problem for me
     
  6. raymond7 macrumors member

    Joined:
    Jan 14, 2016
    #6
    I can open also both without any problems.

    Running MacOS Sierra on rMBP 2015 13inch 8GB RAM 512GB
     
  7. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #7
    odd, that both my macs (on 10.12.1 public beta4) can't get in; safari or chrome. any ideas, anyone?
     
  8. raymond7 macrumors member

    Joined:
    Jan 14, 2016
    #8
    Couldn't it be your ISP that blocks these sites somehow? Maybe if you have another internet carrier on your phone you could tether the internet and use that internet to go to the site on your macbook and see if it works
     
  9. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #9
    Sorry, i can't test, I don't have flash or java on my system for obvious reasons.
    --- Post Merged, Oct 14, 2016 ---
    If that's the case, use DNS Crypt and Google's public DNS. The ISP doesn't need to do deep packet inspection, this isn't mother russia.
     
  10. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #10
    just tried on my neighbor's network and same issues with the same sites; again, people on the soundcloud forums report the same problem in sierra... and all of this worked just prior to installing 10.12.1 public beta 4.

    no flash on my main mac (i do have java, for dreamweaver).
     
  11. Floris macrumors 68020

    Floris

    Joined:
    Sep 7, 2007
    Location:
    Netherlands
    #11
    It's time to let dreamweaver go. Just .. put it to rest. You can do it.
     
  12. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #12
    everything was working before the PB4 update (besides, dreamweaver is an essential app for me).

    just tried Opera (an impressive browser!) but same problem (and an error about an 'expired certificate')....
     
  13. sniffs macrumors regular

    sniffs

    Joined:
    Jan 24, 2013
    #13
    What certificate is it saying is expired? the site's cert?

    Are you using a proxy on your machine? Sometimes proxies will install a cert as a man-in-the-middle, and if that cert expires you'd experience exactly what you're referring to.
     
  14. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #14
    i'd have to see the message again. no proxy. the only thing that's changed is installing the latest public beta.

    others seeing this too: https://www.soundcloudcommunity.com/soundcloud/topics/cant-get-in-to-soundcloud-site
     
  15. sniffs macrumors regular

    sniffs

    Joined:
    Jan 24, 2013
    #15
    Yeah I'd like to see that cert error. Browsers all handle certificates differently. As an example, Google has deprecated Sha1 certs as being trusted in Chrome and the site won't load, but in IE, it'll load just with a line through the lock.

    I'm not 100% sure what Safari does but I believe it also loads the site but complains about the cert.

    I see that the 2 sites you linked above are using a Sha256 cert which is current and the official supported algorithm of SSL going forward.

    If for whatever reason you and the others are loading the site and it's presenting you with the Sha1 cert, you're going to get cert errors.

    If you go to Keychain Access, click on Certificates on the left and then click on Login, System and System roots. Are any of the certs listed with an X on them? If so, which ones?
     
  16. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #16
    i tried deleting cookie & website data, and clearing the cache, but can't get that certificate error back (but i may have clicked 'always trust' in that window)...

    here's what i get (first 2 images from safari, 3rd image from chrome):
    [​IMG]
    [​IMG]

    [​IMG]
     
  17. sniffs macrumors regular

    sniffs

    Joined:
    Jan 24, 2013
    #17
    In Keychain Access, under Certificate, it'll show you which certs you have installed. It's possible that at some point you installed the musicgateway.net certificate which is sha1 and they are using sha256 now.

    Just go into Keychain Access, click Certificates on the bottom left, and then at the top left, click on Login and look for any that are denied. Then click through System and System Roots to find any denied ones.
     
  18. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #18
    nothing for musicgateway, and the only thing i see for soundcloud is this:
    [​IMG]


    btw, appreciate your trying to help..
     
  19. sniffs macrumors regular

    sniffs

    Joined:
    Jan 24, 2013
    #19
    ok so it's a Sha256 cert which is good. I'm not entirely sure why you have it installed however.. you shouldn't ever need to install a website's cert..

    Delete it and try visiting the site again.


    EDIT: The only reason I can even think of you need to install it is because you downloaded an application that requires you to make an SSL connection into their environment. If this isn't the case, just delete the cert.

    EDIT2: Also, whenever you see the "S" at the end of "http", this means you're making a "SECURED" connection into their environment. It's called SSL, and the way you secure the connection is via certificates. Your browser and the site exchange the certificate key and that prevents people from snooping in on your connection. Sha1 has all but been broken, so many sites are abandoning it.
     
  20. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #20
    ok. just installed firefox (which i never liked), and BOTH sites load in firefox. so...?????? not in safari, chrome, or opera. what does this suggest??
     
  21. sniffs macrumors regular

    sniffs

    Joined:
    Jan 24, 2013
    #21
    Firefox is loading the site regardless of the certificate trust. :D
     
  22. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #22
    hmm. any way to get safari to do that with these specific sites? and what caused these sites to stop loading? definitely started with the PB4 install (but curiously, musicgateway opens on my other mac, same OS...)
    --- Post Merged, Oct 14, 2016 ---
    here's the soundcloud error: [​IMG]
     
  23. sniffs macrumors regular

    sniffs

    Joined:
    Jan 24, 2013
    #23
    For whatever reason your browsers aren't trusting the certificate that they are presenting. This is the ONLY reason this is happening. Now, for the reason why your browsers aren't trusting it could be a few reasons.

    1. You installed the cert, they are presenting a new cert and your cert and their cert dont match. Just delete the one you installed, you dont need it.
    2. You are using a proxy that uses a man-in-the-middle cert. Lots of web filtering companies do this such as Zscaler and Websense. If those certs aren't trusted, then you'll always have an error.
    3. Some how the root chain of the cert they are presenting is missing on your machine. You need the entire chain for it to be trusted. Go back to Keychain Access, click on Certificates on the bottom left and click on System roots on the top left. If you don't see "GlobalSign" in system roots, you don't have the full chain and this is a problem.

    When I go to Safari and click the padlock to the left of soundcloud.com, and click Show Certificate, I see
    GlobalSign Root CA -> GlobalSign Domain Validation CA - SHA256 - G2 -> *.soundcloud.com
    --- Post Merged, Oct 14, 2016 ---
    Delete the certificate for soundcloud.com that you have installed
     
  24. fisherking thread starter macrumors 603

    fisherking

    Joined:
    Jul 16, 2010
    Location:
    ny somewhere
    #24
    globalsign is there. and the way i got to see the error message on soundcloud was by first deleting the certificate from the keychain. otherwise, something in 10.12.1 pb4 must have caused this (as others are experiencing the issue). no proxy, no certificates installed)...

    neither soundcloud nor musicgateway.net display the padlock (except in firefox).
     
  25. sniffs macrumors regular

    sniffs

    Joined:
    Jan 24, 2013
    #25
    Odd.. yeah I have 10.12.1 PB4 on a 2013 iMac, 2012 MBP, 2010 MBA and the machine I'm on now, a 2015 rMBP and none of them as experiencing this.. I guess use Firefox for the time being! :)
     

Share This Page