UGH! Secure site issue...

Chache

Chache

Pre-takeoff checklist
Joined
Aug 6, 2006
Messages
190
Location
New Jersey
Display Name
Display name:
i-intheSkyraider
Joined C.A.P. ( Civil Air Patrol ) a while ago, and I
need to access the USAF secure site for training purposes,
I have the correct link, and the username /password issued to me.
The username /password works to get me into the secure C.A.P. training site, ( E - Services) ,
where I click a link to the specific "U.S.A.F. Distant Learning" test , also a secure site. <Https://...>

Instead of giving me the web page I need, I get this: <CAP test site.bmp>
I can "Ping" the specific site, by DNS, and by IP addy.
A "tracert", to the specific page completes. So, there's no DNS listing thats missing, on the DNS lookup.

I can access other secure sites such as banking, etc.

Others tell me they can access the tests on the AF site with no issues.
I've tried default settings under Internet options> advanced> security.
I've tried enabling the SSL 2.0, SSL 3.0 and the TLS 1.0, in every conceivable pattern, to no avail.
Have the URL, in my trusted site list, temporarily disconnected my AV software, and Firewall, still get the same <CAP test site.bmp> error.
I've gone as far as reinstalling I.E. 7.0 (with no change.)


Anyone have a clue as to what's up here??
I need this to complete my "training level" tests, for advancement in grade. Any help appreciated.
 

Attachments

  • CAP test site.bmp
    1.9 MB · Views: 21
Can you access any other site using SSL (https://...) like your bank?
If not, the SSL in IE is borked. Make sure you have the US version of IE.

Try using Firefox or Opera.
 
Check your browser SSL settings, and be sure you have the "high encryption" patch for IE/XP/Win2K.

Most likely causes of your problem are that the server is requiring a version of SSL you don't support (such as 3.0 instead of 2.0), or is requiring a strong cipher that you can't support without the high encryption patch.
 
TMetzinger said:
Check your browser SSL settings, and be sure you have the "high encryption" patch for IE/XP/Win2K.

Most likely causes of your problem are that the server is requiring a version of SSL you don't support (such as 3.0 instead of 2.0), or is requiring a strong cipher that you can't support without the high encryption patch.
Click to expand...

His screenshot was from IE7, the newest browser from Microsoft. I'm pretty sure it supports any version of SSL a government website would be using (they being notoriously slow to adopt new technology).
 
Not if he doesn't have the high security ciphers, which are an option for the OS, they don't come by default, even with IE7, since some are not exportable.

Many government SSL sites require SSL3 or TLS 1.0 and use Triple-DES or AES ciphers.
 
TMetzinger said:
Not if he doesn't have the high security ciphers, which are an option for the OS, they don't come by default, even with IE7, since some are not exportable.

Many government SSL sites require SSL3 or TLS 1.0 and use Triple-DES or AES ciphers.
Click to expand...

Thank you very much for the edumucation! I didn't know that about the gov't sites. I wonder why his other friends can access it, then?

To the original poster: Does the site mention any specific security protocol you must install to view the site?
 
Also, if you can paste the link to the site, it's possible that I could test it, using my network monitoring software, and determine what protocols and ciphers it uses.

It could also (just thought of this) be a basic issue with IE7, which by default won't trust an SSL site that doesn't have it's SSL certificate signed by a trusted root like Verisign or Entrust. If this site generated it's own SSL credentials that might cause a problem

Other potential issues could be that the server is up (so you can ping it) but the SSL service isn't configured correctly, or is listening on a nonstandard port. Try connecting with http:// instead of https://
 
Last edited:
mikea said:
Can you access any other site using SSL (https://...) like your bank?
If not, the SSL in IE is borked. Make sure you have the US version of IE.

Try using Firefox or Opera.
Click to expand...


Ummm Yes, I can.
I can access other secure sites such as banking, etc.
Click to expand...
And.... The secure pages of the C.A.P. website

This is the only site I haven't been able to reach.
I have 128 bit encryption, and the latest IE: ... 7.0

Just Dld'd Firefox. Same issues.

"A puzzlement!"
................ Yul Bryner, as "The King of Siam"
 
Then I'll bet the problem is with the link or the server... either the link is wrong, or the host is screwed up, or they have a firewall that restricts access.
 
Check to also make sure you are accepting certificates. The first page of that site will send you a certificate that you have to accept. This is very common with any gov. site so that they can track you.
 
I think you mean "cookies" which are used for tracking. Certificates are used for identification and authentication, usually to establish SSL sessions.
 
TMetzinger said:
I think you mean "cookies" which are used for tracking. Certificates are used for identification and authentication, usually to establish SSL sessions.
Click to expand...

You're right cookies are used for that but I did mean a certificate. It has been a long day and I was thinking about a bunch of stuff and jsut wrote this quickly.

I went to the CAP training site and I was sent a certificate from the site to verify.
 
Troy Whistman said:
Thank you very much for the edumucation! I didn't know that about the gov't sites. I wonder why his other friends can access it, then?

To the original poster: Does the site mention any specific security protocol you must install to view the site?
Click to expand...

FROM ORIGINAL POSTER:

NEGATIVE, on the specific security protocol.

With the IE 7, I have enabled the warning under "Options" where I am
notified of switching to a secure / non secure site.
<security warning.jpg>
I get the warning for "C A P" pages but nothing for Air Force site, since the server isn't being {quote} "found", or recognized, or whatever it's doing. Because the page can't be found by IE 7, or FireFox....
<Server not found.jpg >

(an aside.... Some other people finding this site, wouldn't know a security protocol, from an Excel extension, or a simple dialog box)
It is really bugging me, :mad: that I [an ex-network admin for a number of years] can't get there and ....."they".....:goofy: have no problem...:mad:

BTW.... If I haven't said thanks.... well, thanks!
 

Attachments

  • Security Warning.JPG
    Security Warning.JPG
    27.8 KB · Views: 1
  • Server not found.JPG
    Server not found.JPG
    30.3 KB · Views: 2
smigaldi said:
You're right cookies are used for that but I did mean a certificate. It has been a long day and I was thinking about a bunch of stuff and jsut wrote this quickly.

I went to the CAP training site and I was sent a certificate from the site to verify.
Click to expand...

Original poster
Yes, I get the CAP Training site certificate too.... ( CAP, is U.S.A.F. Aux.)

My problem site.... is the "Air Force testing facility", and restricted,
to CAP and USAF members only.

(TMetzinger)..... You want to monitor a USAF website??? :dunno:
I wouldn't, in these post 9/11 times...:no:
One might be thought of as a terrorist searching for weak point....:hairraise:
But thanks...
 
Chache said:
Original poster
Yes, I get the CAP Training site certificate too.... ( CAP, is U.S.A.F. Aux.)

My problem site.... is the "Air Force testing facility", and restricted,
to CAP and USAF members only.

(TMetzinger)..... You want to monitor a USAF website??? :dunno:
I wouldn't, in these post 9/11 times...:no:
One might be thought of as a terrorist searching for weak point....:hairraise:
But thanks...
Click to expand...
I wouldn't monitor the site (that would be bad), but would attempt to replicate your problem and then look at the captured session for possible causes.

I'm not too worried about being considered a terrorist, I do sensitive work for Uncle Sam now and the various defense, spook, and law enforcement agencies all have files on me. My "necklace" of building passes and access cards weighs around 4 pounds if I pull them all out of the safe and put them on.
 
You must log in or register to reply here.
Back
Top