Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ciscobinary.openh264.org using invalid certificate #3748

Open
ErikCumps opened this issue Apr 26, 2024 · 7 comments
Open

ciscobinary.openh264.org using invalid certificate #3748

ErikCumps opened this issue Apr 26, 2024 · 7 comments

Comments

@ErikCumps
Copy link

The ciscobinary.openh264.org web server is using an invalid certificate.
(see screenshot)

This causes the automatic dowload (or update) of the plugin to fail for firefox.

As a workaround, a certificate exception can be added to firefox, but this may not always be possible.

image
@BenzhengZhang
Copy link
Collaborator

refer to #909

@ErikCumps
Copy link
Author

I don't mind on which issue this gets fixed, as long as it gets fixed. 😊

Browsers are more and more reluctant to connect with plain http sites (like it or not) and there is really, really no point at all in using a TLS certificate for a webserver that is not matching the identity of that server.

So please fix the invalid TLS certificate on https://ciscobinary.openh264.org/, so that web browsers can load that link without security warnings.

@ErikCumps
Copy link
Author

Seeing as #909 is closed without fixing the certificate issue, I understand this issue will not get fixed there.

So please fix it here.

Browsers are more and more reluctant to connect with plain http sites (like it or not) and there is really, really no point at all in using a TLS certificate for a webserver that is not matching the identity of that server.

So please fix the invalid TLS certificate on https://ciscobinary.openh264.org/, so that web browsers can load that link without security warnings.

@ErikCumps ErikCumps mentioned this issue May 17, 2024
Closed
@bobj1212
Copy link

Many firewalls started to block http urls so when installer tries to download the binary using http then the firewall blocks it and it is bad approach to ask users to disable firewall for the installer..
So you can not even do fingerprint checking as you have suggested since you can not even download the file..
Please fix the certificate issue.
Thanks

@torokati44 torokati44 mentioned this issue Jul 23, 2024
Closed
@nanonyme
Copy link

nanonyme commented Sep 6, 2024

Duplicate of #3662; solution is simple

  1. Generate a TLS certificate with Let's Encrypt for correct hostname
  2. Upload to Akamai
  3. Add reminder to go to 1 before certificate expires

Cisco has chosen not to fix it but close issue instead.

@ErikCumps
Copy link
Author

Indeed, this is one of many possible solutions.

To be frank, I fail to understand why this issue has not yet been fixed.

@nanonyme
Copy link

nanonyme commented Sep 8, 2024

Indeed, this is one of many possible solutions.

To be frank, I fail to understand why this issue has not yet been fixed.

There aren't that many possible solutions. As is obvious from response it comes from Akamai. The only workable solution with it is to externally create and then upload certificate so Akamai can terminate TLS and CDN cache as normal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@nanonyme @ErikCumps @bobj1212 @BenzhengZhang