What's new

Unable to Visit Websites Using HSTS

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Bulldog

Regular Contributor
Seemingly out of the blue, I am unable to reach websites that use HSTS to enforce https, even when I include https in the URL.

I have the same problem with Google Chrome and with Microsoft Edge, so it doesn't seem to be a browser issue. [Same problem exists after removing the websites from the HSTS cache in Chrome.]

So now I'm thinking, maybe my router is causing the problem? [Asus RT-N56U] I tried clearing my router's cache, but the problem persists.

I'm running out of ideas to troubleshoot this problem and would appreciate hearing your ideas.
 
Check the clock (and date) on your computer.
 
I was able to solve my problem with some refined Google-ing. In my case, I was a victim of my own doing! :(

I'll explain:

I use a third-party DNS - OpenDNS - that allows me to filter objectionable domains. One category of domains I was filtering was 'Proxies and Anonymizers.' That was the 'aha' moment.

I had been researching VPN services, whose domains were being blocked because I was filtering 'Proxies and Anonymizers.' It wasn't that I couldn't reach any HSTS-enabled website - that might cripple my ability to browse - it was the domains of VPN services that I could not reach.

But it doesn't end there ...

Normally, when OpenDNS blocks a domain, they serve a page explaining that the domain has been blocked by OpenDNS. That would have been the tip-off except that there's a problem with the OpenDNS blocking page. I won't repeat the entire explanation - I'll share the link below - but here it is in condensed format:

OpenDNS’s blocking page presents an SSL certificate to browsers that references the blocked domain ... but is signed by the Cisco Root Certificate Authority. (Cisco owns OpenDNS.) If the Cisco Root CA is not trusted by a browser, an error may be displayed which makes no sense because the blocking page is encrypted with SSL. So the solution is to install the Cisco Root CA. Ta da.

Thanks for this great forum from which I have gained so much. I hope I have been able to give something back in a small way.

https://support.opendns.com/hc/en-us/articles/227987007
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top