1. nhatanh181's Avatar
    Browser and Certificates-img_20170326_080652.png
    This apparently happens often lately when I click on the link on Google search. Somehow, browser doesn't work well with Google redirect link:
    https://www.google.com/url?q=http://...W8NXG9qIrjUvYg

    Does anyone know how to fix it?

    Posted from BlackBerry Passport.
    03-26-17 08:13 AM
  2. m69c44's Avatar
    Yes please any help for this problem. This is happening more and more. I notice this after I update to 10. 3. Thanks
    03-26-17 08:31 AM
  3. Rendergroup's Avatar
    +1

    Posted via CB10
    03-26-17 03:57 PM
  4. Richard Buckley's Avatar
    So this is a very specific error. As the dialogue says the domain name doesn't match that on the certificate. The odd thing here is that "you can't proceed because this site has HTTP Strict Transport Security Enabled". This is odd because it shouldn't happen, which leads me to believe that this is a result of misconfiguration of the server. But there are some things you need to know to understand my conclusion.

    Akamai, the name on the domain certificate is a Content Delivery Network or CDN, similar to Cloud Flare. CDNs are companies that set up large global networks specialized in delivering content by HTTP (though some support other protocols as well). You may know them from their very public ability to defend web servers against Denial of Service attacks. This ability is a side effect of their normal business. They provide the infrastructure needed to deliver content world wide to millions or even billions of concurrent users. They have a network presence in most if not all top level service providers so that they have a server close to most users around the world. Google does this all by them selves, but most other companies, even large ones like Apple, use CDNs. This means that not all requests in the world for Apple have to go to Cupertino. This is what allows CDNs to defend against DoS attacks. Taking down Apple's HQ server doesn't have much impact if no one actually visits it.

    So a company, like BlackBerry in this case, will provide there website data to a CDN who can then host it on many servers around the world. For unencrypted HTTP sites that and a little DNS configuration is all that is needed. It gets a little more complicated for HTTPS. As we see from the OP's problem, web browsers have been designed to balk when they request data from one domain but get data that is signed by the certificate from a different domain. If they didn't do this the web would be a much more dangerous place to browse. When companies want to use a CDN for encrypted HTTPS data they provide their security certificates to the CDN and the sites work seamlessly. Except this is a situation that we normally try very hard to avoid: company A is serving up pages "pretending to be" company B. In this case company B would be OK with this, but it is still a weakness in the system.

    What is clear from the dialogue in the OP is that Akamai does not have, or at least has not installed, a BlackBerry certificate for the us.blackberry.com domain. This shouldn't be a problem, the site works fine using HTTP. This is where HTTP Strict Transport Security (HSTS) comes in. There are a number of ways that bad actors on the internet can make your browser visit the HTTP version of a site when you want to be secure and use the HTTPS version. Some web sites have taken the step of only providing access via HTTPS, but still bad actors could arrange for you to visit their fake site using HTTP, they get the data from the legitimate HTTPS site and send it to you harvesting data or emptying your bank account at the same time. HSTS solves this by allowing a site to tell a browser that (until some time in the future which can be infinite) the browser should only accept connections to the site using HTTPS. It appears at some point us.blackberry.com instructed the OP's browser to use HSTS with that domain. But there is no web site at the HTTPS version of us.blackberry.com. Catch 22, the OP has to use the secure site, but there is no secure site.

    All of this can be further complicated by the fact that the part of the CDN network you interact with depends on where in the world you start from, or VPN to. Other than clearing the HSTS flag, and I don't think anything short of a security wipe or an autoloader install will do that, I don't know of anything the OP can do. This is an unfortunate side effect of using a system with many design issues, but being so deeply inured in it that we can't do any more that put band aids like HSTS on it.

    That this is affecting a BlackBerry site is ironic on so many levels. You should tweet the picture to BlackBerry help and see what they have to say.
    BigBadWulf likes this.
    03-26-17 06:27 PM
  5. nhatanh181's Avatar
    Thanks for the reply with providing background of what happens behind the scene. From further observation along with trials and errors, there are two work-arounds:
    1. Keep the bb browser but use Bing/Yahoo search engine
    2. Use a different browser and use Google search engine

    It seems I would choose option 1 for now. Upon research for alternatives, I found Browsie browser on the bbw. Have anyone tried it out and see if problem solved?

    Posted from BlackBerry Passport.
    03-26-17 06:58 PM
  6. BigBadWulf's Avatar
    That this is affecting a BlackBerry site is ironic on so many levels.
    LoL! How's this for BlackBerry irony?

    Browser and Certificates-ed-levine-screenshot_20170225-185928.jpg

    Taken at the KEYone launch.


    @nhatanh181 I've never experience a Google redirect issue on the BlackBerry browser. I have heard good things about Browsie, but not used it myself. It's only that site?
    03-26-17 08:43 PM
  7. nhatanh181's Avatar


    @nhatanh181 I've never experience a Google redirect issue on the BlackBerry browser. I have heard good things about Browsie, but not used it myself. It's only that site?[/color][/B]

    Another reason why I'm looking for different browser/search engine
    Google add a bunch of stuffs at the redirect link and bb browser just refuses it all together.
    https://www.google.com/url?q=http://...nYxbOvEVIYeQIg
    Browser and Certificates-img_20170326_205923.png

    Posted from BlackBerry Passport.
    03-26-17 09:08 PM
  8. BigBadWulf's Avatar
    This is on 10.3.3? I wonder if the added phishing filter has anything to do with it.
    03-26-17 09:17 PM
  9. Richard Buckley's Avatar
    Thanks for the reply with providing background of what happens behind the scene. From further observation along with trials and errors, there are two work-arounds:
    1. Keep the bb browser but use Bing/Yahoo search engine
    2. Use a different browser and use Google search engine

    It seems I would choose option 1 for now. Upon research for alternatives, I found Browsie browser on the bbw. Have anyone tried it out and see if problem solved?

    Posted from BlackBerry Passport.
    I think the reasons those work for you is that the search engines don't offer the bogus https link. I couldn't replicate your problem even with Google and the BlackBerry browser until I forced the browser to go there. Now whether I'm using Google or Bing the BlackBerry browser will offer that link up if the URL matches the search, probably from the browser history, so you could try clearing that.

    No matter what browser you use to go to https://us.blackberry.com it should come up with some kind of error. Even Firefox on my PC won't render a page (good) but can't tell what is really wrong (bad). Any browser that shows you a valid page when sent to that link the way things are now is dangerous to use.

    LeapSTR100-2/10.3.3.2205
    BigBadWulf likes this.
    03-27-17 07:20 AM

Similar Threads

  1. Replies: 13
    Last Post: 10-07-17, 06:07 PM
  2. Website restrictions on BlackBerry 10 browser
    By endy_young in forum BlackBerry Z30
    Replies: 5
    Last Post: 03-28-17, 03:38 AM
  3. Loading nytimes.com causes browser crash
    By Josh3 in forum Ask a Question
    Replies: 6
    Last Post: 03-26-17, 10:15 PM
  4. Battery Life and Heating on Passport Silver Edition
    By Sara Escudero in forum BlackBerry Passport
    Replies: 11
    Last Post: 03-26-17, 04:31 PM
  5. Replies: 4
    Last Post: 03-25-17, 02:33 PM
LINK TO POST COPIED TO CLIPBOARD