Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Very odd network issue - can't access my.1password.com (except on Firefox)

usagora

usagora

macrumors 601
Original poster
Nov 17, 2017
4,869
4,451
So all of a sudden, at work, I go to add a new item in 1Password at my.1password.com, and I get the following error message (in Chrome):

1628785548661.png


So after much testing and long story short, it turns out that I am unable to connect to my.1password.com on Chrome (desktop or iOS), Edge, Safari (desktop or iOS), or Firefox iOS when connected to the local network. Every one of those browsers gives a similar error message to the one above. ONLY Firefox desktop for macOS or Windows will connect to the website. If I turn off wi-fi on my iPhone or tether to my iPhone, EVERY browser is able to connect, so it's obviously something within our network that's the issue. And I have no issues connecting to the website on my home network.

I contacted our network admin, and he is just as confused as I am why this would be happening. He said he's made no changes to our network at all. So before I call our ISP and go through all that rigmarole, I was hoping some knowledgeable person here might know of something in our network that I could play with to see if it fixes the issue.

Other important notes:
  • This happens even if I turn off "safe browsing" in Chrome desktop.
  • my.1password.com is the ONLY website I am unable to access on our network so far - I have had no issues with dozens of other websites that I regularly go to
  • I’ve tried clearing all browsing data and even re-installing Chrome.
  • our network setup is the following:
    • Modem > Router
    • Router >
      • computer
      • DVR1
      • POE Switch >
        • DVR1
        • DVR2
 
Last edited:
usagora

usagora

macrumors 601
Original poster
Nov 17, 2017
4,869
4,451
satcomer said:
Yes that should like Crome! Google wants you buy from Google store then Amazon! Delete Crome and go with the chromium browser as a replacement!

plus change yout time server in Router to Time Servers you already pay for but never use!
Click to expand...

This isn't helpful, and I don't see how the linked web page is relevant to this issue. As clearly explained in my OP, this is not a Chrome-only issue. It also affects Safari and Edge on macOS and Windows, respectively, as well as Safari, Edge, Firefox, and Chrome on iOS.
 
  • Like
Reactions: ikjadoon
satcomer

satcomer

Suspended
Feb 19, 2008
9,115
1,973
The Finger Lakes Region
usagora said:
This isn't helpful, and I don't see how the linked web page is relevant to this issue. As clearly explained in my OP, this is not a Chrome-only issue. It also affects Safari and Edge on macOS and Windows, respectively, as well as Safari, Edge, Firefox, and Chrome on iOS.
Click to expand...

That's why I said the ROUTER!
 
T

TriBruin

macrumors 6502
Jul 28, 2008
440
918
If this is happening at work, why would you call the ISP. That should be your network admins responsibility.

It looks like the SSL certificate is getting corrupted. Ask your Network admin if they have any SSL inspection in place. Many companies have SSL inspection in place to decrypt network traffic coming in to the corporate network instead of passing the encrypted packets to the browser.
 
usagora

usagora

macrumors 601
Original poster
Nov 17, 2017
4,869
4,451
TriBruin said:
If this is happening at work, why would you call the ISP. That should be your network admins responsibility.

It looks like the SSL certificate is getting corrupted. Ask your Network admin if they have any SSL inspection in place. Many companies have SSL inspection in place to decrypt network traffic coming in to the corporate network instead of passing the encrypted packets to the browser.
Click to expand...

This is a a very small company, and out network admin has already said that there's nothing in place that should cause this issue, and no changes have been made. Besides, wouldn't what you're describing affect every browser? The real mystery here is why only Firefox (and all default settings too) is able to access this one website, but no other browsers are. I don't mind calling our ISP, but if it turns out that it's something not easily resolved, I will definitely get our network admin in on a three-way call or something for deeper investigation.

I'll be sure to report what we find out.
 
danskoya

danskoya

macrumors newbie
Nov 23, 2021
17
4
127.0.0.1
Afaik, Firefox > General Settings > Network Settings > is set to "No Proxy"

Seems like your main router / gateway is in promiscuous mode and sniffing everything.
 
danskoya

danskoya

macrumors newbie
Nov 23, 2021
17
4
127.0.0.1
danskoya said:
Afaik, Firefox > General Settings > Network Settings > is set to "No Proxy"

Seems like your main router / gateway is in promiscuous mode and sniffing everything.
Click to expand...
FWIW, Firefox is the only web browser that provides "proxy" flexibility (no proxy, automatic, manual, etc...)
 
VideoFreek

VideoFreek

Contributor
May 12, 2007
577
180
Philly
Likely not an ISP or network issue, since you can reach the site using Firefox. You should focus on the error message you are receiving:

NET::ERR_CERT_COMMON_NAME_INVALID

This seems to be a fairly common problem with Chrome, and causes can be anything from interference from certain extensions to out-of-date SSL caches. There are a number of helpful troubleshooting guides...see for example, here:

https://www.windowsdispatch.com/fix-net-err-cert-common-name-invalid-chrome-error/
 
usagora

usagora

macrumors 601
Original poster
Nov 17, 2017
4,869
4,451
VideoFreek said:
Likely not an ISP or network issue, since you can reach the site using Firefox. You should focus on the error message you are receiving:

NET::ERR_CERT_COMMON_NAME_INVALID

This seems to be a fairly common problem with Chrome, and causes can be anything from interference from certain extensions to out-of-date SSL caches. There are a number of helpful troubleshooting guides...see for example, here:

https://www.windowsdispatch.com/fix-net-err-cert-common-name-invalid-chrome-error/
Click to expand...

Except I CAN reach the site using Chrome once I disconnect from the office LAN or WAN and use my cellular data or connect to my home network, so the network is definitely at least part of the problem.

Also, unlike pictured in the article you linked to, I am given no option to "proceed" to the website.
 
VideoFreek

VideoFreek

Contributor
May 12, 2007
577
180
Philly
usagora said:
Also, unlike pictured in the article you linked to, I am given no option to "proceed" to the website.
Click to expand...
And I wouldn't do that in any case, since of course one possibility is that you actually ARE under some sort of man-in-the-middle attack at work!

Did you inspect the certificate? The ERR_CERT_COMMON_NAME_INVALID result means, superficially, that the name of the website embedded in the certificate (in this case, should be *.1password.com) doesn't match what Chrome thinks you typed into the address bar. Chrome apparently no longer uses the Common Name (CN) field for this, so make sure the Subject Alternative Name (SAN) field is correct (should say DNS Name=*.1password.com, DNS Name=1password.com). Check the Certification Path also for anything that looks weird.

Next, cover the basics: verify time and time zone settings are correct on your computer, flush your DNS cache, try running in Incognito mode in Chrome, and if your network is not locked down, you can try manually configuring DNS forwards to, for example, Cloudflare (1.1.1.1) or Google (8.8.8.8) to bypass whatever your network's or the ISP's DNS servers are doing: Network Preferences --> Advanced --> DNS --> add one or both of the above DNS servers. Note that some sysadmins or ISPs block this, so you may not be able to do it.

You might want to reach out to 1Password, too. This problem has been seen by others in the past.

Do other users in your company get the same error on their machines?

What bothers me is that this problem is affecting you across multiple devices. The evidence points strongly to your company network--despite your sysadmin's claims to the contrary, I think it is likely something on your company network like a proxy or a misconfigured network appliance that is screwing with the certificate. If it was something at the ISP, their other customers would have been screaming by now.

Good luck! I know problems like this one can be very frustrating.
 
usagora

usagora

macrumors 601
Original poster
Nov 17, 2017
4,869
4,451
VideoFreek said:
And I wouldn't do that in any case, since of course one possibility is that you actually ARE under some sort of man-in-the-middle attack at work!

Did you inspect the certificate? The ERR_CERT_COMMON_NAME_INVALID result means, superficially, that the name of the website embedded in the certificate (in this case, should be *.1password.com) doesn't match what Chrome thinks you typed into the address bar. Chrome apparently no longer uses the Common Name (CN) field for this, so make sure the Subject Alternative Name (SAN) field is correct (should say DNS Name=*.1password.com, DNS Name=1password.com). Check the Certification Path also for anything that looks weird.

Next, cover the basics: verify time and time zone settings are correct on your computer, flush your DNS cache, try running in Incognito mode in Chrome, and if your network is not locked down, you can try manually configuring DNS forwards to, for example, Cloudflare (1.1.1.1) or Google (8.8.8.8) to bypass whatever your network's or the ISP's DNS servers are doing: Network Preferences --> Advanced --> DNS --> add one or both of the above DNS servers. Note that some sysadmins or ISPs block this, so you may not be able to do it.

You might want to reach out to 1Password, too. This problem has been seen by others in the past.

Do other users in your company get the same error on their machines?

What bothers me is that this problem is affecting you across multiple devices. The evidence points strongly to your company network--despite your sysadmin's claims to the contrary, I think it is likely something on your company network like a proxy or a misconfigured network appliance that is screwing with the certificate. If it was something at the ISP, their other customers would have been screaming by now.

Good luck! I know problems like this one can be very frustrating.
Click to expand...

Well guess what? I have just been using Firefox and hadn't tried Chrome again for 1Password for a few weeks. I just tried in Chrome and it is now working again! I had actually contacted 1Password about this issue back in August, and apparently both I and the 1Password employees reading the thread missed that the certificate showed the wrong domain (EDIT: I just re-read the thread, and an employee DID mention it, but I missed it)!

This is what the Certificate said back in August:

fpbenxjx5qrd.jpg


This is what it says now:

Capture.JPG


I wonder how on earth that mixup happened?! And why on earth was Chrome only warning me when I was on LAN or Wi-Fi at work but not on cellular data or on another network? So strange...
 
Last edited:
VideoFreek

VideoFreek

Contributor
May 12, 2007
577
180
Philly
Glad to hear it is resolved. outsystemsenterprise.com is apparently some sort of enterprise SaaS provider, so I suspect a misconfigured proxy server on your corporate network was to blame, and perhaps the bad certificate was cached somewhere, which is why it took a while to clear out. Why did this not affect Firefox? Who knows? Perhaps Firefox handles certificates differently...but I'm getting out of my depth here. If this should come up again, here is some info on how to clear the SSL certificate cache on various browsers.
 
Last edited:
  • Like
Reactions: satcomer, hobowankenobi and usagora
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom