Opened 6 months ago

Closed 6 months ago

#1230 closed defect (fixed)

IETF102 meetecho certificate setting problem

Reported by: nsornin@… Owned by: alex@…
Priority: tbd Milestone: ietf-102
Component: servers Keywords:
Cc: My Current Location:
My MAC Address: My OS:

Description

Dear support team.

The meetecho servers for IETF102 have a security setup problem preventing me to join.
I am supposed to present remotely on Thursday (on the LPWAN session) and for the moment every time I try to join
https://centreville.conf.meetecho.com/q-meetecho/login.jsp?event=anrw
I get (see at the bottom of this email)
Unfortunately I cannot just bypass this security certificate problem (forbidden by my IT department).
Is this something that you could possibly fix ?
I would be very grateful.

Thank you!

Nicolas Sornin.

[cid:image001.jpg@01D41D1C.780C5170]

[cid:image002.png@01D41D1C.780C5170]

Nicolas SORNIN

[Description: Description: semtech_horz_72dpi_rgb]
14,  Chemin des Clos
38240 Meylan
France


To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

Added by email2trac

Added by email2trac

Added by email2trac

Attachments (3)

image001.jpg (10.4 KB) - added by nsornin@… 6 months ago.
Added by email2trac
image002.png (10.7 KB) - added by nsornin@… 6 months ago.
Added by email2trac
image003.jpg (1.6 KB) - added by nsornin@… 6 months ago.
Added by email2trac

Download all attachments as: .zip

Change history (21)

Changed 6 months ago by nsornin@…

Attachment: image001.jpg added

Added by email2trac

Changed 6 months ago by nsornin@…

Attachment: image002.png added

Added by email2trac

Changed 6 months ago by nsornin@…

Attachment: image003.jpg added

Added by email2trac

comment:1 Changed 6 months ago by llynch@…

Component: incomingservers
Owner: changed from < default > to Hans Kuhn
Status: newassigned
Type: requestdefect

Hans -

who should own this? Reassign as needed, please.

  • Lucy

comment:2 in reply to:  1 Changed 6 months ago by Hans Kuhn

Replying to llynch@…:

Hans -

who should own this? Reassign as needed, please.

  • Lucy

Certificate looks valid to me. Ticket belongs to meetecho, but I suspect that this reporter doesn't have the correct root certs installed -- possibly by central IT policy:

Testing server defaults (Server Hello)

TLS extensions (standard) "renegotiation info/#65281" "EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next protocol/#13172"

"application layer protocol negotiation/#16"

Session Ticket RFC 5077 hint 300 seconds, session tickets keys seems to be rotated < daily
SSL Session ID support yes
Session Resumption Tickets: yes, ID: no
TLS clock skew Random values, no fingerprinting possible
Signature Algorithm SHA256 with RSA
Server key size RSA 2048 bits
Fingerprint / Serial SHA1 7E5A42E7859EE677869E0277E64A8FBD6EC5E518 / 011726622815905D0B5F2F80B57DC807

SHA256 F3035F4DE5CACBD828A4D0F68387D85E8EC7BEB312226DB6CE3C94469601DB44

Common Name (CN) *.conf.meetecho.com
subjectAltName (SAN) *.conf.meetecho.com
Issuer RapidSSL RSA CA 2018 (DigiCert? Inc from US)
Trust (hostname) Ok via SAN wildcard and CN wildcard (same w/o SNI)
Chain of trust Ok
EV cert (experimental) no
Certificate Expiration 339 >= 60 days (UTC: 2017-12-12 19:00 --> 2019-06-21 08:00)
# of certificates provided 3
Certificate Revocation List http://cdp.rapidssl.com/RapidSSLRSACA2018.crl
OCSP URI http://status.rapidssl.com
OCSP stapling --
OCSP must staple no
DNS CAA RR (experimental) --
Certificate Transparency no

comment:3 Changed 6 months ago by Hans Kuhn

Looking a bit more, it looks like meetecho is including the DigiCert? root cert in their chain which might be causing the problem.

comment:4 Changed 6 months ago by llynch@…

Component: serversmeetecho-streaming
Owner: changed from Hans Kuhn to alex@…

Thanks Hans -

Moving the ticket

comment:5 Changed 6 months ago by Hans Kuhn

Component: meetecho-streamingservers
Owner: changed from alex@… to Hans Kuhn

Ticket should belong to Simon <spromano@…>

comment:6 Changed 6 months ago by llynch@…

Owner: changed from Hans Kuhn to llynch@…

Sadly, he's not in the system - they had a single point of contact

comment:7 Changed 6 months ago by alex@…

Owner: changed from llynch@… to alex@…

Please do assign Meetecho tickets to me.

comment:8 Changed 6 months ago by alex@…

Hi Nicolas,

Can you visit the following page, please?

https://p1.conf.meetecho.com/q-meetecho/?event=newcomers_webinar

We removed the root certificate from the chain.
Please let us know if your issue is solved.

Cheers, the Meetecho team

comment:9 in reply to:  12 Changed 6 months ago by nsornin@…

Hi alex.
The link you created works just fine !

Thank you for your help on this matter.


-----Original Message-----
From: IETF Tickets/NOC <tickets@meeting.ietf.org> 
Sent: Monday, July 16, 2018 5:32 PM
Cc: alex@meetecho.com; hans@flyingpoodle.com; llynch@civil-tongue.net; Nicolas Sornin <nsornin@semtech.com>
Subject: Re: [IETF Tickets/NOC] #1230: IETF102 meetecho certificate setting problem

WARNING - External Email
________________________________

#1230: IETF102 meetecho certificate setting problem
----------------------------+--------------------------------
      Reporter:  nsornin@…  |                Owner:  alex@…
          Type:  defect     |               Status:  assigned
      Priority:  tbd        |            Milestone:  ietf-102
     Component:  servers    |           Resolution:
      Keywords:             |  My Current Location:
My MAC  Address:            |                My OS:
----------------------------+--------------------------------

Comment (by alex@…):

 Hi Nicolas,

 Can you visit the following page, please?

 https://p1.conf.meetecho.com/q-meetecho/?event=newcomers_webinar

 We removed the root certificate from the chain.
 Please let us know if your issue is solved.

 Cheers, the Meetecho team

--
Ticket URL: <https://tickets.meeting.ietf.org/ticket/1230#comment:8>
IETF Tickets/NOC <https://tickets.meeting.ietf.org>
IETF Meeting Tickets - NOC pages

To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

comment:10 Changed 6 months ago by alex@…

Resolution: fixed
Status: assignedclosed

comment:11 in reply to:  14 Changed 6 months ago by nsornin@…

Resolution: fixed
Status: closedreopened
Hi alex.

Sorry, I meant the  https://p1.conf.meetecho.com/q-meetecho/?event=newcomers_webinar works just fine.
But I still cannot access the 
https://centreville.conf.meetecho.com/q-meetecho/login.jsp?event=anrw
which is used for the real IETF102 sessions.

So I am afraid the problem is not fixed yet.
Sorry for bothering you.



-----Original Message-----
From: IETF Tickets/NOC <tickets@meeting.ietf.org> 
Sent: Monday, July 16, 2018 5:58 PM
Cc: alex@meetecho.com; hans@flyingpoodle.com; llynch@civil-tongue.net; Nicolas Sornin <nsornin@semtech.com>
Subject: Re: [IETF Tickets/NOC] #1230: IETF102 meetecho certificate setting problem

WARNING - External Email
________________________________

#1230: IETF102 meetecho certificate setting problem
----------------------------+--------------------------------
      Reporter:  nsornin@…  |                Owner:  alex@…
          Type:  defect     |               Status:  closed
      Priority:  tbd        |            Milestone:  ietf-102
     Component:  servers    |           Resolution:  fixed
      Keywords:             |  My Current Location:
My MAC  Address:            |                My OS:
----------------------------+--------------------------------
Changes (by alex@…):

 * status:  assigned => closed
 * resolution:   => fixed


--
Ticket URL: <https://tickets.meeting.ietf.org/ticket/1230#comment:10>
IETF Tickets/NOC <https://tickets.meeting.ietf.org>
IETF Meeting Tickets - NOC pages

To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

comment:12 Changed 6 months ago by alex@…

The configuration has been updated on all servers. Now that the morning sessions are over, the servers have been restarted. Can you please make a hard refresh (Ctrl+shift+R) and try again?

comment:13 in reply to:  16 Changed 6 months ago by nsornin@…

Dear alex.

I have restarted my browser , and sadly no update. Same certificate problem.
Will try restarting my PC.


-----Original Message-----
From: IETF Tickets/NOC <tickets@meeting.ietf.org> 
Sent: Monday, July 16, 2018 6:41 PM
Cc: alex@meetecho.com; hans@flyingpoodle.com; llynch@civil-tongue.net; Nicolas Sornin <nsornin@semtech.com>
Subject: Re: [IETF Tickets/NOC] #1230: IETF102 meetecho certificate setting problem

WARNING - External Email
________________________________

#1230: IETF102 meetecho certificate setting problem
----------------------------+--------------------------------
      Reporter:  nsornin@…  |                Owner:  alex@…
          Type:  defect     |               Status:  reopened
      Priority:  tbd        |            Milestone:  ietf-102
     Component:  servers    |           Resolution:
      Keywords:             |  My Current Location:
My MAC  Address:            |                My OS:
----------------------------+--------------------------------

Comment (by alex@…):

 The configuration has been updated on all servers. Now that the morning  sessions are over, the servers have been restarted. Can you please make a  hard refresh (Ctrl+shift+R) and try again?

--
Ticket URL: <https://tickets.meeting.ietf.org/ticket/1230#comment:12>
IETF Tickets/NOC <https://tickets.meeting.ietf.org>
IETF Meeting Tickets - NOC pages

To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

comment:14 in reply to:  17 ; Changed 6 months ago by nsornin@…

Dear alex.
No chance either after rebooting computer.
Same problem.
Thank you so much for your help.
I need to rush home now (it is late here now :-)) , so I will be able to answer you tomorrow morning when you arrive.


-----Original Message-----
From: IETF Tickets/NOC <tickets@meeting.ietf.org> 
Sent: Monday, July 16, 2018 6:45 PM
To: Nicolas Sornin <nsornin@semtech.com>; llynch@civil-tongue.net; hans@flyingpoodle.com; alex@meetecho.com
Subject: Re: [IETF Tickets/NOC] #1230: IETF102 meetecho certificate setting problem

WARNING - External Email
________________________________

#1230: IETF102 meetecho certificate setting problem
----------------------------+--------------------------------
      Reporter:  nsornin@…  |                Owner:  alex@…
          Type:  defect     |               Status:  reopened
      Priority:  tbd        |            Milestone:  ietf-102
     Component:  servers    |           Resolution:
      Keywords:             |  My Current Location:
My MAC  Address:            |                My OS:
----------------------------+--------------------------------

Comment (by nsornin@…):

 {{{
 Dear alex.

 I have restarted my browser , and sadly no update. Same certificate  problem.
 Will try restarting my PC.


 -----Original Message-----
 From: IETF Tickets/NOC <tickets@meeting.ietf.org>
 Sent: Monday, July 16, 2018 6:41 PM
 Cc: alex@meetecho.com; hans@flyingpoodle.com; llynch@civil-tongue.net;  Nicolas Sornin <nsornin@semtech.com>
 Subject: Re: [IETF Tickets/NOC] #1230: IETF102 meetecho certificate  setting problem

 WARNING - External Email
 ________________________________

 #1230: IETF102 meetecho certificate setting problem
 ----------------------------+--------------------------------
       Reporter:  nsornin@…  |                Owner:  alex@…
           Type:  defect     |               Status:  reopened
       Priority:  tbd        |            Milestone:  ietf-102
      Component:  servers    |           Resolution:
       Keywords:             |  My Current Location:
 My MAC  Address:            |                My OS:
 ----------------------------+--------------------------------

 Comment (by alex@…):

  The configuration has been updated on all servers. Now that the morning  sessions are over, the servers have been restarted. Can you please make a  hard refresh (Ctrl+shift+R) and try again?

 --
 Ticket URL: <https://tickets.meeting.ietf.org/ticket/1230#comment:12>
 IETF Tickets/NOC <https://tickets.meeting.ietf.org>
 IETF Meeting Tickets - NOC pages

 To view our privacy policy, including the types of personal information we  collect, process and share, and the rights and options you have in this  respect, see www.semtech.com/legal.
 }}}

--
Ticket URL: <https://tickets.meeting.ietf.org/ticket/1230#comment:13>
IETF Tickets/NOC <https://tickets.meeting.ietf.org>
IETF Meeting Tickets - NOC pages

To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

comment:15 Changed 6 months ago by alex@…

The configuration on the two servers is identical. I can only think of some sort o caching happening on your side. Can you check if you have the same issue accessing a session hosted on a server you never accessed before, i.e., taking place in a different room?

comment:16 in reply to:  19 ; Changed 6 months ago by nsornin@…

Dear alex.

Strange. I have tried to access the URL
https://laurier.conf.meetecho.com/q-meetecho/login.jsp?ietf=6man
from a tablet that had never seen this website before and I get exactly the same certificate error.
I have to force a security exception to be able to connect.
Something must be wrong with the certificate chain.

Thanks again for your help.

Nicolas


-----Original Message-----
From: IETF Tickets/NOC <tickets@meeting.ietf.org> 
Sent: Monday, July 16, 2018 7:00 PM
Cc: alex@meetecho.com; hans@flyingpoodle.com; llynch@civil-tongue.net; Nicolas Sornin <nsornin@semtech.com>
Subject: Re: [IETF Tickets/NOC] #1230: IETF102 meetecho certificate setting problem

WARNING - External Email
________________________________

#1230: IETF102 meetecho certificate setting problem
----------------------------+--------------------------------
      Reporter:  nsornin@…  |                Owner:  alex@…
          Type:  defect     |               Status:  reopened
      Priority:  tbd        |            Milestone:  ietf-102
     Component:  servers    |           Resolution:
      Keywords:             |  My Current Location:
My MAC  Address:            |                My OS:
----------------------------+--------------------------------

Comment (by alex@…):

 The configuration on the two servers is identical. I can only think of  some sort o caching happening on your side. Can you check if you have the  same issue accessing a session hosted on a server you never accessed  before, i.e., taking place in a different room?

--
Ticket URL: <https://tickets.meeting.ietf.org/ticket/1230#comment:15>
IETF Tickets/NOC <https://tickets.meeting.ietf.org>
IETF Meeting Tickets - NOC pages

To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

comment:17 in reply to:  20 ; Changed 6 months ago by nsornin@…

Dear alex.
Disregard my previous email !!
The problem is somehow linked to our corporate network.
When I try to access the URL from outside it works without certificate problem.
I will investigate with our IT team.
Sorry for bothering you with this.


-----Original Message-----
From: IETF Tickets/NOC <tickets@meeting.ietf.org> 
Sent: Tuesday, July 17, 2018 9:00 AM
To: Nicolas Sornin <nsornin@semtech.com>; llynch@civil-tongue.net; hans@flyingpoodle.com; alex@meetecho.com
Subject: Re: [IETF Tickets/NOC] #1230: IETF102 meetecho certificate setting problem

WARNING - External Email
________________________________

#1230: IETF102 meetecho certificate setting problem
----------------------------+--------------------------------
      Reporter:  nsornin@…  |                Owner:  alex@…
          Type:  defect     |               Status:  reopened
      Priority:  tbd        |            Milestone:  ietf-102
     Component:  servers    |           Resolution:
      Keywords:             |  My Current Location:
My MAC  Address:            |                My OS:
----------------------------+--------------------------------

Comment (by nsornin@…):

 {{{
 Dear alex.

 Strange. I have tried to access the URL  https://laurier.conf.meetecho.com/q-meetecho/login.jsp?ietf=6man
 from a tablet that had never seen this website before and I get exactly  the same certificate error.
 I have to force a security exception to be able to connect.
 Something must be wrong with the certificate chain.

 Thanks again for your help.

 Nicolas


 -----Original Message-----
 From: IETF Tickets/NOC <tickets@meeting.ietf.org>
 Sent: Monday, July 16, 2018 7:00 PM
 Cc: alex@meetecho.com; hans@flyingpoodle.com; llynch@civil-tongue.net;  Nicolas Sornin <nsornin@semtech.com>
 Subject: Re: [IETF Tickets/NOC] #1230: IETF102 meetecho certificate  setting problem

 WARNING - External Email
 ________________________________

 #1230: IETF102 meetecho certificate setting problem
 ----------------------------+--------------------------------
       Reporter:  nsornin@…  |                Owner:  alex@…
           Type:  defect     |               Status:  reopened
       Priority:  tbd        |            Milestone:  ietf-102
      Component:  servers    |           Resolution:
       Keywords:             |  My Current Location:
 My MAC  Address:            |                My OS:
 ----------------------------+--------------------------------

 Comment (by alex@…):

  The configuration on the two servers is identical. I can only think of  some sort o caching happening on your side. Can you check if you have the  same issue accessing a session hosted on a server you never accessed  before, i.e., taking place in a different room?

 --
 Ticket URL: <https://tickets.meeting.ietf.org/ticket/1230#comment:15>
 IETF Tickets/NOC <https://tickets.meeting.ietf.org>
 IETF Meeting Tickets - NOC pages

 To view our privacy policy, including the types of personal information we  collect, process and share, and the rights and options you have in this  respect, see www.semtech.com/legal.
 }}}

--
Ticket URL: <https://tickets.meeting.ietf.org/ticket/1230#comment:16>
IETF Tickets/NOC <https://tickets.meeting.ietf.org>
IETF Meeting Tickets - NOC pages

To view our privacy policy, including the types of personal information we collect, process and share, and the rights and options you have in this respect, see www.semtech.com/legal.

comment:18 Changed 6 months ago by alex@…

Resolution: fixed
Status: reopenedclosed

Fine. As I said, the web servers configuration is now correct. I'm closing this ticket, but feel free to re-open it if you think we can do anything else to help.

Note: See TracTickets for help on using tickets.