Using CentOS 5.3 (32 bit) on my Desktop with Mozilla Firefox 3.0.12. With one web site (LinkShare) I am getting an SSL error, after clicking to get a more advanced report I do not get that error, using Mozilla Firefox 3.0.13 on M$ Windows and I get the report OK on Windows. It appears, when using Firefox on Linux, that it is not ending up on the LinkShare web site and Firefox is giving me the below error. I use OpenDNS.com for DNS service. Question: How can I verify that there is no corruption in my Firefox installation on Linux and that I have the latest SSL CAs for it? TIA! Lanny
Secure Connection Failed
analytics.linksynergy.com uses an invalid security certificate.
The certificate is only valid for *.opendns.com
(Error code: ssl_error_bad_cert_domain)
* This could be a problem with the server's configuration, or it could be someone trying to impersonate the server.
* If you have connected to this server successfully in the past, the error may be temporary, and you can try again later.
Or you can add an exception…
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.12) Gecko/2009072711 CentOS/3.0.12-1.el5.centos Firefox/3.0.12
Lanny Marcus wrote:
Using CentOS 5.3 (32 bit) on my Desktop with Mozilla Firefox 3.0.12. With one web site (LinkShare) I am getting an SSL error, after clicking to get a more advanced report I do not get that error, using Mozilla Firefox 3.0.13 on M$ Windows and I get the report OK on Windows. It appears, when using Firefox on Linux, that it is not ending up on the LinkShare web site and Firefox is giving me the below error. I use OpenDNS.com for DNS service. Question: How can I verify that there is no corruption in my Firefox installation on Linux and that I have the latest SSL CAs for it? TIA! Lanny
Secure Connection Failed
analytics.linksynergy.com uses an invalid security certificate.
The certificate is only valid for *.opendns.com
This indicates that the Security Certificate that you are connecting to is issued for "*.opendns.com" and you are connecting to "analytics.linksynergy.com".
If I try to connect to analytics.linksynergy.com, I am redirected to www.linkshare.com so I can't really test the connection.
(Error code: ssl_error_bad_cert_domain)
* This could be a problem with the server's configuration, or itcould be someone trying to impersonate the server.
* If you have connected to this server successfully in the past,the error may be temporary, and you can try again later.
Or you can add an exception…
Hi Lanny! How's it going?
On Wed, Aug 12, 2009 at 07:24, Lanny Marcuslmmailinglists@gmail.com wrote:
analytics.linksynergy.com uses an invalid security certificate. The certificate is only valid for *.opendns.com
It looks like you are getting to an OpenDNS server instead of a LinkSynergy server...
This looks like exactly the kind of stuff that OpenDNS does... They redirect inexistant domains to their own servers. I think there are also some options that you can request to redirect other domains (like maybe ones used by ads?) to their servers.
To diagnose the problem I suggest you use "nslookup" on the two machines to find out to which IP they are resolving analytics.linksynergy.com, I think they will probably not resolve to the same IP (if they do, then try to close and reopen Firefox, clear the cache, and try the website again, maybe it was a temporary problem and is now fixed). If the IPs are indeed different, then you can use "whois" to find out who owns the IP, I bet the one that gives you the certificate error you reported is going to be owned by OpenDNS.
If you need help using the tools (nslookup and whois) please reply to the list and we'll happy to help you there. If you can resolve the IPs with nslookup you can post them to the list as well.
Cheers! Filipe
On Wed, Aug 12, 2009 at 9:09 AM, Filipe Brandenburgerfilbranden@gmail.com wrote:
Hi Lanny! How's it going?
OK Filipe. :-)
On Wed, Aug 12, 2009 at 07:24, Lanny Marcuslmmailinglists@gmail.com wrote:
analytics.linksynergy.com uses an invalid security certificate. The certificate is only valid for *.opendns.com
It looks like you are getting to an OpenDNS server instead of a LinkSynergy server...
Yes. But what I do not understand is why that is happening on Linux and not on Windows. The version of Firefox on Windows is only very slightly advanced than the version on Linux.
This looks like exactly the kind of stuff that OpenDNS does... They redirect inexistant domains to their own servers. I think there are also some options that you can request to redirect other domains (like maybe ones used by ads?) to their servers.
To diagnose the problem I suggest you use "nslookup" on the two machines
Actually it's the same box. It's dual boot.
to find out to which IP they are resolving analytics.linksynergy.com, I think they will probably not resolve to the same IP (if they do, then try to close and reopen Firefox, clear the cache, and try the website again, maybe it was a temporary problem and is now fixed). If the IPs are indeed different, then you can use "whois" to find out who owns the IP, I bet the one that gives you the certificate error you reported is going to be owned by OpenDNS.
OK. I will try this later and I think I cleared the cache when this first began happening, but I will try that again too. Actually, I have been having this problem with the new LinkShare Publisher web site for quite awhile, but they also had the old Traditional interface, until yesterday, which worked perfectly for me. So, now, it has become an issue I need to try to eliminate.
If you need help using the tools (nslookup and whois) please reply to the list and we'll happy to help you there. If you can resolve the IPs with nslookup you can post them to the list as well.
Will try nslookup ASAP and get back to the list later. Thank you!
Also, Johnny, thank you for your reply! I started to reply to you and due to operator error, lost my response...
On Wed, Aug 12, 2009 at 9:09 AM, Filipe Brandenburgerfilbranden@gmail.com wrote:
On Wed, Aug 12, 2009 at 07:24, Lanny Marcuslmmailinglists@gmail.com wrote:
analytics.linksynergy.com uses an invalid security certificate. The certificate is only valid for *.opendns.com
It looks like you are getting to an OpenDNS server instead of a LinkSynergy server...
This looks like exactly the kind of stuff that OpenDNS does... They redirect inexistant domains to their own servers. I think there are also some options that you can request to redirect other domains (like maybe ones used by ads?) to their servers.
To diagnose the problem I suggest you use "nslookup" on the two machines to find out to which IP they are resolving analytics.linksynergy.com, I think they will probably not resolve to the same IP (if they do, then try to close and reopen Firefox, clear the cache, and try the website again, maybe it was a temporary problem and is now fixed).
When I make the same test, using Mozilla Firefox on Linux and Windows, it ends up at the same URL, but that IP, is shown to be owned by OpenDNS. But it works properly using Mozilla Firefox 3.0.13 on M$ Windows XP Home and it does not on Mozilla Firefox 3.0.12 on CentOS 5.3. I went into .mozilla and wiped out the contents of the cache (which I don't think contains URLs) but that has no effect and I also wiped out the catch using the dropdown menu in Firefox.
[lanny@dell2400 ~]$ nslookup https://cli.linksynergy.com/cli/publisher/reports/advancedReports.php?report... [1] 4517 [2] 4518 [lanny@dell2400 ~]$ Server: 192.168.10.1 Address: 192.168.10.1#53
Non-authoritative answer: Name: https://cli.linksynergy.com/cli/publisher/reports/advancedReports.php?report... Address: 208.69.32.132
[lanny@dell2400 ~]$
[lanny@dell2400 ~]$ whois 208.69.32.132 [Querying whois.arin.net] [whois.arin.net]
OrgName: OpenDNS, LLC OrgID: OPEND-2
<snip>
Now I am going to answer the other reply regarding TTL. Thank you as always for your time and help!
Hi Lanny,
On Wed, Aug 12, 2009 at 12:48, Lanny Marcuslmmailinglists@gmail.com wrote:
On Wed, Aug 12, 2009 at 9:09 AM, Filipe Brandenburgerfilbranden@gmail.com wrote:
On Wed, Aug 12, 2009 at 07:24, Lanny Marcuslmmailinglists@gmail.com wrote:
analytics.linksynergy.com uses an invalid security certificate. The certificate is only valid for *.opendns.com
It looks like you are getting to an OpenDNS server instead of a LinkSynergy server...
[lanny@dell2400 ~]$ nslookup https://cli.linksynergy.com/cli/publisher/reports/advancedReports.php?report...
Please try "nslookup analytics.linksynergy.com" instead, since that is the domain that appears in your error message.
This is what I got here:
$ nslookup analytics.linksynergy.com Server: aaa.bbb.ccc.ddd Address: aaa.bbb.ccc.ddd#53
Non-authoritative answer: Name: analytics.linksynergy.com Address: 63.123.248.38 Name: analytics.linksynergy.com Address: 64.29.178.147
Actually, just after doing that "nslookup" above I repeated it, and now I get an error response:
$ nslookup analytics.linksynergy.com Server: aaa.bbb.ccc.ddd Address: aaa.bbb.ccc.ddd#53
** server can't find analytics.linksynergy.com: NXDOMAIN
Looks like there is something wrong with their DNS...
HTH, Filipe
On Wed, Aug 12, 2009 at 11:55 AM, Filipe Brandenburgerfilbranden@gmail.com wrote:
On Wed, Aug 12, 2009 at 07:24, Lanny Marcuslmmailinglists@gmail.com wrote:
analytics.linksynergy.com uses an invalid security certificate. The certificate is only valid for *.opendns.com
It looks like you are getting to an OpenDNS server instead of a LinkSynergy server...
[lanny@dell2400 ~]$ nslookup https://cli.linksynergy.com/cli/publisher/reports/advancedReports.php?report...
Please try "nslookup analytics.linksynergy.com" instead, since that is the domain that appears in your error message.
[lanny@dell2400 ~]$ nslookup analytics.linksynergy.com Server: 192.168.10.1 Address: 192.168.10.1#53
Non-authoritative answer: Name: analytics.linksynergy.com Address: 64.29.178.147 Name: analytics.linksynergy.com Address: 63.123.248.38
[lanny@dell2400 ~]$
This is what I got here:
$ nslookup analytics.linksynergy.com Server: aaa.bbb.ccc.ddd Address: aaa.bbb.ccc.ddd#53
Non-authoritative answer: Name: analytics.linksynergy.com Address: 63.123.248.38 Name: analytics.linksynergy.com Address: 64.29.178.147
Actually, just after doing that "nslookup" above I repeated it, and now I get an error response:
$ nslookup analytics.linksynergy.com Server: aaa.bbb.ccc.ddd Address: aaa.bbb.ccc.ddd#53
** server can't find analytics.linksynergy.com: NXDOMAIN
Looks like there is something wrong with their DNS...
I didn't realize before that Rick (a2z2) had written to me off list. That is what he thought.
Thanks to everyone! I will contact LinkShare again and ask them to fix their DNS!
On 8/12/09, Lanny Marcus lmmailinglists@gmail.com wrote:
On Wed, Aug 12, 2009 at 11:55 AM, Filipe Brandenburgerfilbranden@gmail.com wrote:
On Wed, Aug 12, 2009 at 07:24, Lanny Marcuslmmailinglists@gmail.com wrote:
analytics.linksynergy.com uses an invalid security certificate. The certificate is only valid for *.opendns.com
It looks like you are getting to an OpenDNS server instead of a LinkSynergy server...
Please try "nslookup analytics.linksynergy.com" instead, since that is the domain that appears in your error message.
<snip>
** server can't find analytics.linksynergy.com: NXDOMAIN
Looks like there is something wrong with their DNS...
Well, in the whois for linkshare I found their contact, so today I wrote to that email address. I was very hopeful he would understand why the TTL should be changed, but he wrote back:
"Our TTLs are correct. They are set at the current value for faster failover."
I just wrote to him again, and I copied what Rick wrote to me off list and what Filipe wrote on list and hopefully he will read what they wrote (and the intermittent failures they saw) and understand why the TTL should be changed. Yesterday, I assumed they would correct this. Today, I'm not so sure...
-
Filipe Brandenburger -
Johnny Hughes -
Lanny Marcus