Router introduces NET::ERR_CERT_AUTHORITY_INVALID on all sites

markdalelace

When connected to internet via Asus wireless router every site I navigate to shows NET::ERR_CERT_AUTHORITY_INVALID, or is rerouted to 'bigdrip' spam site. This appears to happen with any Chromium based browser. But does not happen with Edge.

If I plug Ethernet directly into wall (my office has direct fibre so I can bypass router) everything works fine.

I've tried disabling all security on router but nothing helps.

Does anybody have any idea how to resolve this as it is extremely frustrating!

Thanks.

DoctorG

@markdalelace If it works directly over LAN, and you get not certificate errors, then your Windows is ok.
Could be your router has vulnerable firmware, weak password and router software was changed.

markdalelace

It's a brand new router that I bought because the old one suddenly started doing the same thing.... so I assumed it had gone faulty.

It has a strong password and firmware is latest release.

It's just weird! and very annoying.

Pathduck

@markdalelace

When you are on the error page, click the message NET::ERR_CERT_AUTHORITY_INVALID. Something like this should pop up:

NET::ERR_CERT_AUTHORITY_INVALID
Subject: *.badssl.com

Issuer: BadSSL Untrusted Root Certificate Authority

Expires on: 23 Apr 2025

Current date: 14 Jun 2023

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIEmTCCAoGgAwIBAgIJANF9lCPbnmetMA0GCSqGSIb3DQEBCwUAMIGBMQswCQYD
VQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5j

Copy that text here in a code block - use the </> icon before pasting.

What is the url of the "bigdrip" spam site?
Do you have any extensions installed in Vivaldi?

DoctorG

@markdalelace Try this https://answers.microsoft.com/en-us/windows/forum/all/i-am-getting-errcertauthorityinvalid-when-i/4f2ad32a-1ffa-45b6-971f-24f2b7631336

markdalelace

@Pathduck

This is an example site....

PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIICojCCAYoCCQCvkGc2EdjdmzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdv
c3BhbmVsMB4XDTE2MTIyMzEwNTQzNFoXDTMxMTIyMDEwNTQzNFowFDESMBAGA1UE
AwwJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA29lJ
I2AppkzcnS9Y7FrmwPLGqHNARc4ClYECMAq+Nd/ectLRHTL4QVFbuFbWHsTgeSFV
5U1JG5v8LR0cJIARQsCSrhNhRcfwsLrGv4igQXtLmE37dlYeGs43QAV+/GAyRemN
3QhEknegGaNyMUSVHfEsIh+laNBKRfGdPp5UWd3ls0WJUIIoOPm+mqRscq31eDw5
H4kGi1EU28BM7losKpsiEdWq7bjOTF99oiWGxszn0OMNI2Dy61CfGzgoyg9dxS7e
15iZFL/vOFqjgQl+3ybVyVM4okbcjEnNCH4vyImdC4I8ALqX+2wxjKirJvjMQSSK
XfCv+7ah/3deE6Ij3QIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQCxPljez/1fn32L
CLKq2O2EmqnxOMPw/J4pzCqzYOHvt2GeFjv7dxlzGD6KGTerat9LoA65dZV+Fbe4
9EuXf/lx6Tm9gCnM1v9N97ZBMtJ/PMtKzhh8P+pPOvf8GE9CsEsjakBGofRd0zf9
qryU7d9+q8kzLe5Pc9wVQcZFiQF+0gMmqFDMkhUoD03DMv5oMaph1L/GxSu9T/N5
PxMKLHYV9p4G+CG8UJ4oHYDLM7ByRAGECapaEuKb0fseFDA8qVFlqI8IcrGp/apW
6PiwkGaUAtWSbJs6xnU9NAeHv/0i2flqeRvP5j2PNSLu4VljxSLZxq1m5pPKzyGw
63pNCwGG
-----END CERTIFICATE-----

https://winbigdrip.life/?u=63fkp0n&o=uh7pmz8

I can stop this one with router's protection, but still get the cert error.

//modedit: url, code

DoctorG

@markdalelace The certificate is for Common Name ospanel and localhost.

T:\>type a.txt | openssl x509 -text
Certificate:
    Data:
        Version: 1 (0x0)
        Serial Number:
            af:90:67:36:11:d8:dd:9b
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN = ospanel
        Validity
            Not Before: Dec 23 10:54:34 2016 GMT
            Not After : Dec 20 10:54:34 2031 GMT
        Subject: CN = localhost
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d9:49:23:60:29:a6:4c:dc:9d:2f:58:ec:5a:
                    e6:c0:f2:c6:a8:73:40:45:ce:02:95:81:02:30:0a:
                    be:35:df:de:72:d2:d1:1d:32:f8:41:51:5b:b8:56:
                    d6:1e:c4:e0:79:21:55:e5:4d:49:1b:9b:fc:2d:1d:
                    1c:24:80:11:42:c0:92:ae:13:61:45:c7:f0:b0:ba:
                    c6:bf:88:a0:41:7b:4b:98:4d:fb:76:56:1e:1a:ce:
                    37:40:05:7e:fc:60:32:45:e9:8d:dd:08:44:92:77:
                    a0:19:a3:72:31:44:95:1d:f1:2c:22:1f:a5:68:d0:
                    4a:45:f1:9d:3e:9e:54:59:dd:e5:b3:45:89:50:82:
                    28:38:f9:be:9a:a4:6c:72:ad:f5:78:3c:39:1f:89:
                    06:8b:51:14:db:c0:4c:ee:5a:2c:2a:9b:22:11:d5:
                    aa:ed:b8:ce:4c:5f:7d:a2:25:86:c6:cc:e7:d0:e3:
                    0d:23:60:f2:eb:50:9f:1b:38:28:ca:0f:5d:c5:2e:
                    de:d7:98:99:14:bf:ef:38:5a:a3:81:09:7e:df:26:
                    d5:c9:53:38:a2:46:dc:8c:49:cd:08:7e:2f:c8:89:
                    9d:0b:82:3c:00:ba:97:fb:6c:31:8c:a8:ab:26:f8:
                    cc:41:24:8a:5d:f0:af:fb:b6:a1:ff:77:5e:13:a2:
                    23:dd
                Exponent: 65537 (0x10001)
    Signature Algorithm: sha256WithRSAEncryption
         b1:3e:58:de:cf:fd:5f:9f:7d:8b:08:b2:aa:d8:ed:84:9a:a9:
         f1:38:c3:f0:fc:9e:29:cc:2a:b3:60:e1:ef:b7:61:9e:16:3b:
         fb:77:19:73:18:3e:8a:19:37:ab:6a:df:4b:a0:0e:b9:75:95:
         7e:15:b7:b8:f4:4b:97:7f:f9:71:e9:39:bd:80:29:cc:d6:ff:
         4d:f7:b6:41:32:d2:7f:3c:cb:4a:ce:18:7c:3f:ea:4f:3a:f7:
         fc:18:4f:42:b0:4b:23:6a:40:46:a1:f4:5d:d3:37:fd:aa:bc:
         94:ed:df:7e:ab:c9:33:2d:ee:4f:73:dc:15:41:c6:45:89:01:
         7e:d2:03:26:a8:50:cc:92:15:28:0f:4d:c3:32:fe:68:31:aa:
         61:d4:bf:c6:c5:2b:bd:4f:f3:79:3f:13:0a:2c:76:15:f6:9e:
         06:f8:21:bc:50:9e:28:1d:80:cb:33:b0:72:44:01:84:09:aa:
         5a:12:e2:9b:d1:fb:1e:14:30:3c:a9:51:65:a8:8f:08:72:b1:
         a9:fd:aa:56:e8:f8:b0:90:66:94:02:d5:92:6c:9b:3a:c6:75:
         3d:34:07:87:bf:fd:22:d9:f9:6a:79:1b:cf:e6:3d:8f:35:22:
         ee:e1:59:63:c5:22:d9:c6:ad:66:e6:93:ca:cf:21:b0:eb:7a:
         4d:0b:01:86

Could it be that you connects thru a proxy?

markdalelace

I think it must be something to do with the ISP used by the serviced offices so I'm going to get service management to get ISP to investigate as I've spent many hours of my time trying to resolve!

Pathduck

@markdalelace Sounds to me like your system has some malware or a browser hijacker.

But that doesn't explain why Edge works. So that leads me into the theory that this is caused by some malicious extension you have installed in Vivaldi and your other browsers where it happens.

I did find someone with what appears with the exact same issue (Google Cached):
https://webcache.googleusercontent.com/search?q=cache:-KUCLjnyMpgJ:https://www.reddit.com/r/HomeNetworking/comments/urwc7a/i_cant_open_websites_browser_hijacking/&cd=11&hl=en&ct=clnk&

Please try the troubleshooting steps, including testing in a clean profile and disabling adblocking/extensions:
https://help.vivaldi.com/desktop/troubleshoot/troubleshooting-issues/

markdalelace

If it occurred all the time that would make sense, but as I don't have any issues when directly connected to the fibre switch, but the issues start when I connect through a router (that then goes into fibre switch) that indicates the ISP has probably changed a setting in their configuration.

I'll pass the buck to them and hopefully they will resolve!

DoctorG

@markdalelace What happens if you start Vivaldi with a clean temoprary profile in Command Line box.
Hit Win+R , type cmd.exe and hit Return
Close all Vivaldi windows!
The start Vivaldi like this:
start vivaldi --user-data-dir="%TEMP%\TESTVIV"

markdalelace

tried that... same errors over WiFi. It can only be the ISP interfering with the router's connection. It must object to additional switch.

DoctorG

@markdalelace Or malware which infects new profiles and hijacks change network routing/DNS if you use WiFi.

//EDIT:
Had you tried to reset network as i wrote at https://forum.vivaldi.net/post/675400?