easttle certificate problem

43 views
Skip to first unread message

trevor storr

unread,
Feb 25, 2015, 6:30:16 PM2/25/15
to techies-f...@googlegroups.com
Hi,

before I contact eastlle I wanted to check if others have seen this.

Our chromebooks are rejecting the student login on eastlle as it has an unverified certificate.  This isn't happening on desktops.  We don't want to get users in the habit of accepting unverified certs, so installing the cert as an exception is a no -no.

Easttle has a cert from entrust.

Other ssl sites eg https://novell.com work fine.

Does anyone have any ideas?

--
cheers

Trevor

Trevor Storr
Director of eLearning, CantaNET http://educo.vln.school.nz
Waimate High School
Waimate
New Zealand

Tim Harper

unread,
Feb 25, 2015, 6:34:29 PM2/25/15
to techies-f...@googlegroups.com
https://www.novell.com/home/ uses TLS 1.2


I'm guessing it the the version of TLS in use by easttle that is the issue?


regards,

Tim Harper


Phone 0800 755 966 option 2 then 3 (SchoolZone)
Phone 03 443 5167 (DDI)
Mobile 027 443 1236
Fax 03 443 0491

t...@mtaspiring.school.nz
www.mtaspiring.school.nz

--
You received this message because you are subscribed to the Google Groups "Techies for schools" group.
To unsubscribe from this group and stop receiving emails from it, send an email to techies-for-sch...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

trevor storr

unread,
Feb 25, 2015, 6:40:55 PM2/25/15
to techies-f...@googlegroups.com
mmm

here's our ssl policy - so it should be falling back to TLS 1.0.  It's almost as though the cb does not recognise entrust as a legitimate authority.
Minimum SSL version
Inherited

Set the minimum SSL version
SSL v3, TLS 1.0, TLS 1.1, TLS 1.2 are the options in order; e.g., if you set TLS 1.1, SSL v3 and TLS 1.0 will not be used by Chrome.

Alistair Baird

unread,
Feb 25, 2015, 9:18:57 PM2/25/15
to techies-f...@googlegroups.com
Other possible problems areas are wrong timezone setting and/or date.
Alistair Baird
IT Manager
St Peters College 
p 06 354 4198
m 021 990 259

Andrew Godfrey

unread,
Feb 25, 2015, 9:53:33 PM2/25/15
to techies-f...@googlegroups.com
Our Chromebooks notify us that the certificate is not trusted but we can still click the advanced link and get through.

Inline images 1
Inline images 3




_______________________________________
 
Andrew Godfrey  |  Network Manager  |  Burnside High School  |  Christchurch | New Zealand



On 26 February 2015 at 12:30, trevor storr <tre...@storr.org.nz> wrote:

--

Andrew Godfrey

unread,
Feb 25, 2015, 10:10:58 PM2/25/15
to techies-f...@googlegroups.com
Better contact e-asttle. Looks like the techs didn't finish testing properly. This from http://sslinstallcheck.entrust.net/SIC/jsp/MainWebAddress.jsp

Inline images 1

_______________________________________
 
Andrew Godfrey  |  Network Manager  |  Burnside High School  |  Christchurch | New Zealand



On 26 February 2015 at 12:30, trevor storr <tre...@storr.org.nz> wrote:

--

trevor storr

unread,
Feb 26, 2015, 1:26:57 AM2/26/15
to techies-f...@googlegroups.com
Cheers and yep same error as us.  You can follow it through as an exception, but it's not the sort of thing we want to encourage our users to do.

TZ etc is correct - I've seen that before and is often fixed by using 8.8.8.8 as the dns.

I called easstle this afternoon and am awaiting a callback as they are um 'busy'.

I need to verify this but it seems to be working on some of our older chromebooks,
Reply all
Reply to author
Forward
0 new messages