Google Abandoned

Printable View

02-09-2018, 12:51 PM
skearton

Google Abandoned

Is anyone else seeing abandoned Google sessions today?

All other search engines and https sites appear to work fine.

Just started today from what I can tell.

SSL inspector says it's using rule 0 for google, but my inspect google rule is ID 10.

I don't have a rule ID 0. Am I trying to inspect Google incorrectly?

Still working on this too. Will edit as I go.

ERR_Connection_Closed shows in the client browser.
02-11-2018, 10:24 PM
skearton

2 Attachment(s)

Chrome, Edge, and Firefox face the same issue. Disabling ssl inspector allows Google to work, but when re-enabled Google is disabled again, even if I untick the "Inspect Google" that I had created.

My root cert is still working fine with other ssl sites. Only getting rejected by google.

Attachment 8519

Attachment 8520
02-12-2018, 09:24 PM
skearton

2 Attachment(s)

Attachment 8530

Attachment 8531

I've tried switching to SSL: Cert Issuer and SSL: Cert subject rather than SNI

I still see abandoned, rule 0 no matter which way I switch it around.

Disabling SSL inspector allows google to work properly.
02-12-2018, 09:53 PM
dmorris

You will need to look at the cert coming from that IP.
You can do so in chrome or with a variety of tools.
If the cert is from google it should be accepted, if its from someone else something funky is going on...

abandoned means that SSL inspector abandoned the session because it did not trust the certificate presented from the server.
02-12-2018, 10:29 PM
skearton

4 Attachment(s)

Attachment 8532

Attachment 8533

Attachment 8534

Attachment 8535

When SSL inspector is off, the google cert looks to be normal. Is that what you mean?

Thank you for your assistance.
02-12-2018, 10:38 PM
dmorris

run this on untangle:
echo | openssl s_client -showcerts -connect 172.217.6.110:443 2>|/dev/null | openssl x509 -inform pem -noout -text
02-13-2018, 07:02 AM
skearton

1 Attachment(s)

Attachment 8536
02-13-2018, 08:18 AM
skearton

Do I need to have an "Ignore all other traffic, or block all other traffic" enabled? Is it mandatory, and maybe I unticked it at some point?
02-13-2018, 10:29 AM
skearton

I've verified that the CA for untangle is present in

ConsoleRoot\Certificates\(local computer)TrustedRootAuthorities\Certificates
02-13-2018, 10:29 AM
bluechris

I don't have ssl inspector enabled in company but something strange is happening since yesterday because in work the last 2 days i got in all the terminals of my users (25) popups to allow our not allow connections to Google from eset. I haven't figured why and after too much ball breaking in phones i ended up to configure all the eset installations to never ask and always block the suspicious site from Google.
It was something from adservices from Google i think but even after the block all working fine.
02-13-2018, 10:48 AM
dmorris

edit: nevermind, not sure

I was wrong above - abandoned means the client quit. untrusted means the cert wasn't trusted.

I would contact support if you have a support contract.
Otherwise I would try a different client.
02-13-2018, 01:15 PM
skearton

Thank you. I've been working with support too, but the back and forth takes a bit. We're a Google based school, so I've been trying to be persistent in seeking a solution. I've been cross posting info between here, and my support ticket. REQUEST #116174

All clients landing within this rack show the same symptoms (student rack) with SSL inspector.

Teachers are BYOD, so we don't inspect their ssl.

Maybe I should create a new rack with SSL inspection, and move a few clients over?
02-13-2018, 02:38 PM
dmorris

Yeah, I would setup a special policy with SSL inspection for testing.
If you opened a ticket we'll get it sorted. They'll likely need access to a test device though.
02-19-2018, 02:22 PM
skearton

I'm resolved. This was the answer: "there was a missing cert on the back end. The engineer regenerated that and is now seeing the certs being generated as they should be. "

I've asked for clarification, and will post here if I receive it. It reads like the server certificate itself had an issue, but I'm not sure why other SSL sites I was inspecting worked properly if that were the case.

Thank you Dirk, and other contributors here.
02-19-2018, 03:34 PM
dmorris

I think I saw your case and I wondered if it was this one...

There was a zero length cert file for google on the filesystem (in the cache). Since it existed it thought it was already there and kept using it even though it wasn't valid.
Never seen that issue before and we aren't sure what caused it. Usually its a box that has been hard rebooted before the filesystem synced, but your system had not been rebooted and showed no hard drive issues in the logs. No idea...

Removing the file and allowing it to regen the google cert fixed it...
02-20-2018, 07:26 AM
skearton

Thank you for the assistance.
02-27-2018, 10:47 PM
TheDude

Location example is /var/cache/untangle-ssl/7C01D933313189CC5692AC730A27235755A1DBDB.p12

You can remove p12's from /var/cache/untangle-ssl/ and they will regenerate from what I can tell.
03-01-2018, 05:40 AM
AdamB

Figured I would add to this thread. We re-generated our CA and certificates for SSL inspector and were faced with SSL inspector still not working. After blowing out /var/cache/untangle-ssl/ everything started working as expected with the new certificate. Very odd issue, that even support was spinning its wheels on for quite some time now.

All times are GMT -7. The time now is 07:29 AM.

SEO by vBSEO 3.6.0 PL2