ninjette.org - View Single Post

Alex · April 17th, 2020, 12:25 PM

The reason the TOR browser worked is likely because it's running in incognito mode, and isn't storing HSTS data. If you opened up another browser that you've never used to connect to ninjette before, it would likely have worked as well. The way that setting works between web servers and clients is like this: Once you go to a site, and it has a legitimate SSL certificate, the browser says "OK" and keeps track of it. Forevermore, if you use that browser to go to that site, it confirms there is a valid cert, and if there isn't, it hard fails it and will not allow you to bypass. If you open up a completely new browser and go to the site, it may warn you that the site has a bad cert, but it will let you bypass the warning.

You can go into an existing browser, and there are ways to delete the HSTS stored data. I've had to do that a few times when I do screw up the SSL cert and still have to get to a site with the same browser.

April 17th, 2020, 12:25 PM	#17
Alex ninjette.org dude Name: 1 guess :-) Location: SF Bay Area Join Date: Jun 2008 Motorcycle(s): '13 Ninja 300 (white, the fastest color!), '13 R1200RT, '14 CRF250L, '12 TT-R125LE Posts: Too much. Blog Entries: 7	The reason the TOR browser worked is likely because it's running in incognito mode, and isn't storing HSTS data. If you opened up another browser that you've never used to connect to ninjette before, it would likely have worked as well. The way that setting works between web servers and clients is like this: Once you go to a site, and it has a legitimate SSL certificate, the browser says "OK" and keeps track of it. Forevermore, if you use that browser to go to that site, it confirms there is a valid cert, and if there isn't, it hard fails it and will not allow you to bypass. If you open up a completely new browser and go to the site, it may warn you that the site has a bad cert, but it will let you bypass the warning. You can go into an existing browser, and there are ways to delete the HSTS stored data. I've had to do that a few times when I do screw up the SSL cert and still have to get to a site with the same browser. __________________________________________________ Montgomery Street Motorcycle Club / cal24.com / crf250l.org / ninjette.org ninjette.org Terms of Service Shopping for motorcycle parts or equipment? Come here first. The friendliest Ninja 250R/300/400 forum on the internet! (especially Unregistered)
	1 out of 1 members found this post helpful.