Why is Safari asking for three certificates and once approved will not load the site
Hello,
Can someone take a look at https://www.sls.net as when I first tried to go to it today, it asked me about three certificates:
com.apple.idms.appleid.prd.4b747336494d5531363537716548494e6278565349513d3d. The common name certainly doesn't seem to be an apple one:
I few interesting things. I have never been to this site before, but now I have a favicon for it, so it downloaded something. At some point, I clicked "continue" as I thought they were valid, and I was just looking anyway, not login in or doing anything with the company. I end up with a blank page, view source, blank too.
curl sls.net yields an empty result, adding a -v to it will get me the rolling output ( this is port 80 though, so those certs don't matter yet ):
* You can also see the redirect to the SSL site in the curl output below.
curl -v sls.net
* Rebuilt URL to: sls.net/
* Hostname was NOT found in DNS cache
* Trying 206.19.54.185...
* Connected to sls.net (206.19.54.185) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.37.1
> Host: sls.net
> Accept: */*
>
* HTTP 1.0, assume close after body
< HTTP/1.0 302 Found
< Location: https://www.sls.net
< Server: BigIP
* HTTP/1.0 connection set to keep alive!
< Connection: Keep-Alive
< Content-Length: 0
<
* Connection #0 to host sls.net left intact
Here is the SSL version:
$curl -v https://sls.net
* Rebuilt URL to: https://sls.net/
* Hostname was NOT found in DNS cache
* Trying 206.19.54.185...
* Connected to sls.net (206.19.54.185) port 443 (#0)
* SSL certificate problem: Invalid certificate chain
* Closing connection 0
curl: (60) SSL certificate problem: Invalid certificate chain
More details here: http://curl.haxx.se/docs/sslcerts.html
Now, if I go load Chrome, and put in sls.net it redirects to the SSL version, no alerts, all is well. iPhone, same, no issues there. This concerns me on a few levels. First, is chrome using a different certificate store than keychain? If so how in the heck do we keep on top of that? We need one place where we can managed and delete the bad ones that sometimes sneak in.
Are these valid certs? They say Apple all over them, but could that be forged? The actual certs name is not a apple.com domain, though to me, it looks like someone is trying to make it look that way, though this could be like a PTR records where they are reversed or it could just be the format they are set in and they need not resolve correctly: com.apple.idms.appleid.prd.4b747336494d5531363537716548494e6278565349513d3d As it is, it is either .prd is the TLD, or .4b747336494d5531363537716548494e6278565349513d3d is the TLD. Or, if it is reversed, then I guess it is ok as is.
If I approve them, I still get a blank page, any idea what gives? I played the repair keychain game and such, no luck. Can someone who knows more about certs take a look at the ones connected to sls.net?
Thank you so much.
MacBook Pro, OS X Yosemite (10.10), Added 8GB memory