1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Unable to Visit Websites Using HSTS

Discussion in 'Routers' started by Bulldog, Aug 21, 2019.

  1. Bulldog

    Bulldog Regular Contributor

    Joined:
    Feb 17, 2009
    Messages:
    50
    Seemingly out of the blue, I am unable to reach websites that use HSTS to enforce https, even when I include https in the URL.

    I have the same problem with Google Chrome and with Microsoft Edge, so it doesn't seem to be a browser issue. [Same problem exists after removing the websites from the HSTS cache in Chrome.]

    So now I'm thinking, maybe my router is causing the problem? [Asus RT-N56U] I tried clearing my router's cache, but the problem persists.

    I'm running out of ideas to troubleshoot this problem and would appreciate hearing your ideas.
     
  2. RMerlin

    RMerlin Super Moderator

    Joined:
    Apr 14, 2012
    Messages:
    31,020
    Location:
    Canada
    Check the clock (and date) on your computer.
     
  3. Bulldog

    Bulldog Regular Contributor

    Joined:
    Feb 17, 2009
    Messages:
    50
    Yes, I'm aware of that. Both are correct.
     
  4. Bulldog

    Bulldog Regular Contributor

    Joined:
    Feb 17, 2009
    Messages:
    50
    I was able to solve my problem with some refined Google-ing. In my case, I was a victim of my own doing! :(

    I'll explain:

    I use a third-party DNS - OpenDNS - that allows me to filter objectionable domains. One category of domains I was filtering was 'Proxies and Anonymizers.' That was the 'aha' moment.

    I had been researching VPN services, whose domains were being blocked because I was filtering 'Proxies and Anonymizers.' It wasn't that I couldn't reach any HSTS-enabled website - that might cripple my ability to browse - it was the domains of VPN services that I could not reach.

    But it doesn't end there ...

    Normally, when OpenDNS blocks a domain, they serve a page explaining that the domain has been blocked by OpenDNS. That would have been the tip-off except that there's a problem with the OpenDNS blocking page. I won't repeat the entire explanation - I'll share the link below - but here it is in condensed format:

    OpenDNS’s blocking page presents an SSL certificate to browsers that references the blocked domain ... but is signed by the Cisco Root Certificate Authority. (Cisco owns OpenDNS.) If the Cisco Root CA is not trusted by a browser, an error may be displayed which makes no sense because the blocking page is encrypted with SSL. So the solution is to install the Cisco Root CA. Ta da.

    Thanks for this great forum from which I have gained so much. I hope I have been able to give something back in a small way.

    https://support.opendns.com/hc/en-us/articles/227987007