Hi today I’m running into a security threat where my browser says it can’t open Chat GPT4 because it has a security policy called HTTP Strict Transport Security (HSTS), meaning my browser can only connect to it securely. And when I try to sign into my ChatGPT4 account on another browser, it asks me to pay while I already have a subscription and I’m in my account… Why am I paying for Chat GPT4 when I can’t access or use it half of the time?
I’ve gotten this in the Prompts playground. Firefox, after the browser locks up for a while during streaming a response.
This is what Firefox says today when trying to open ChatGPT4:
Did Not Connect: Potential Security Issue
Firefox detected a potential security threat and did not continue to chatgpt.com because this website requires a secure connection.
What can you do about it?
chatgpt.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site.
The issue is most likely with the website, and there is nothing you can do to resolve it. You can notify the website’s administrator about the problem."
When I click for more details it says:
Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for chatgpt.com. The certificate is only valid for retesicurastation.vodafone.it.
Error code: [SSL_ERROR_BAD_CERT_DOMAIN]
And when I click on the error code, it gives me this:
Unable to communicate securely with peer: requested domain name does not match the server’s certificate.
HTTP Strict Transport Security: true
HTTP Public Key Pinning: false
Certificate chain:
-----BEGIN CERTIFICATE-----
MIIGxzCCBa+gAwIBAgIQC5n4Yb0Li7WfzphthLN6qTANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMScwJQYDVQQDEx5E
aWdpQ2VydCBTSEEyIFNlY3VyZSBTZXJ2ZXIgQ0EwHhcNMjUwMTMxMDAwMDAwWhcN
MjYwMTMwMjM1OTU5WjBxMQswCQYDVQQGEwJHQjEQMA4GA1UEBxMHTmV3YnVyeTEo
MCYGA1UEChMfVm9kYWZvbmUgR3JvdXAgU2VydmljZXMgTGltaXRlZDEmMCQGA1UE
AxMdcmV0ZXNpY3VyYXN0YXRpb24udm9kYWZvbmUuaXQwggEiMA0GCSqGSIb3DQEB
AQUAA4IBDwAwggEKAoIBAQCvgb2rtvewak/my4fMBYprGnOg18lzw8SLI0nJtUDc
PXeuUmGjaTumdXCuey7Ba55xpQ/aXM5FJzfOhA+S4I1wAkAGC4RveYDNX5qlF72B
OHGFcgcTMPUGbO/FQBXU5O+qWpHkn/38StUyQn1nrLRPskvjyKu1BIW87ZdOpSLz
F8pW2tpHKqDAz7KmX2yk5jApS3RCtqDrjkQ+dwTKmcQMtvKrNMgOK8o7XYqNOOJ7
dUIUNcmfZIiQvaxkYLuVDsRG6KWW9XLkkRAMWMDz6CWVvPDJFLniX4PmMfxyenPr
OFUneZBfKusdJfkVyu7RreltRAEMllnJDjBwPUQ1NAg9AgMBAAGjggN9MIIDeTAf
BgNVHSMEGDAWgBQPgGEcgjFh1S8o541GOLQs4cbZ4jAdBgNVHQ4EFgQU5FyFVXb/
KaaiBsZMWSJbfjWMaLkwKAYDVR0RBCEwH4IdcmV0ZXNpY3VyYXN0YXRpb24udm9k
YWZvbmUuaXQwPgYDVR0gBDcwNTAzBgZngQwBAgIwKTAnBggrBgEFBQcCARYbaHR0
cDovL3d3dy5kaWdpY2VydC5jb20vQ1BTMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUE
FjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwgY0GA1UdHwSBhTCBgjA/oD2gO4Y5aHR0
cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2ljZXJ0U0hBMlNlY3VyZVNlcnZlckNB
LTEuY3JsMD+gPaA7hjlodHRwOi8vY3JsNC5kaWdpY2VydC5jb20vRGlnaWNlcnRT
SEEyU2VjdXJlU2VydmVyQ0EtMS5jcmwwfgYIKwYBBQUHAQEEcjBwMCQGCCsGAQUF
BzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wSAYIKwYBBQUHMAKGPGh0dHA6
Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFNIQTJTZWN1cmVTZXJ2ZXJD
QS0yLmNydDAMBgNVHRMBAf8EAjAAMIIBfgYKKwYBBAHWeQIEAgSCAW4EggFqAWgA
dQAOV5S8866pPjMbLJkHs/eQ35vCPXEyJd0hqSWsYcVOIQAAAZS7TLP+AAAEAwBG
MEQCIBckNjmowab9wnS2+Su9D1btmH57C8llOAoJJnWuZRZWAiBWdQncqWbkhk3s
9rqzx3fPMVlyRWtaZz80V3KhyL2TmgB3AGQRxGykEuyniRyiAi4AvKtPKAfUHjUn
q+r+1QPJfc3wAAABlLtMs6kAAAQDAEgwRgIhAOsdMakAyCWr9Fqy3aiGQtv26OlZ
QS+psozGVxVLP7c5AiEAqfEssLhnR7FP8JqgWWQiFo/5UDnshydb6hDVCoxgm6UA
dgBJnJtp3h187Pw23s2HZKa4W68Kh4AZ0VVS++nrKd34wwAAAZS7TLO4AAAEAwBH
MEUCIFuoegu+N5QCUKPur9YMQ4AfzXfC1fHUC35ehoGzSztOAiEAm8LvIt5K+I9p
41UbknjM4z2Zl9b0+oaV4OIlJEhQgIQwDQYJKoZIhvcNAQELBQADggEBAClGvETg
OwWYZ/bJMbp8oidN2C2w6ctU9LflxYarKiVh1Mmsgvz8BQ7dueDwzSxkOudFNa2d
Y1Y/liIs76bMajzQhKl0P8+6SCFuaRzBOZKg5jQHyYn5KidA4e9kAbdwKfMIg4/U
0s4QZmLymtk3nmfBKOpOtlOlSw4nUFLPULipzYoDZPnz7hwPAtcZyLZPjBmpm62m
+A5nCV0heOslrq2AtdPy7cVNwGFAExSwXiFd9+b8QVq6TcqjymsWau8E5NNmqPlP
3qVNEjOrA6jQoX5QX/Cy7jQDUoXnV3JWnMTJGdqbCg1eYqiIEmRGIJH8tMoqrAP9
/7LyjEoMZwJyWKc=
-----END CERTIFICATE-----
Hi all,
Problem solved on both browsers, thanks to the very helpful support from an AI support agent over email (support@openai.com). It turned out to be my network that was creating the security issue on Firefox, while on Chrome it was google that was refusing to give all the login data.
I am having the same issue with vodafone, can you help me please?
It sounds like you share something in common: a man-in-the-middle attack on OpenAI via a phone provider that likely relies on pushing its own certificate into your mobile device with its app, OTA updates, etc, one that is not in the trust chain of an independent connection on an uncompromised device, thus allowing the entity to decrypt the contents and re-encrypt the connection themselves. Or evidence of further security breach.
It’s more sketch because Vodafone Italy was acquired by Swisscom AG, which itself is a root CA. You’ll likely want to click on the the “unlocked” security icon, and follow further to see who’s certificate is being served, if it is self-signed or if it is a root that Firefox, where Mozilla manages its own CA root store (also certifi) doesn’t trust.
For background on MITM (with Vodafone in the mix), Man-in-the-middle Attack
Certificate info:
This topic was automatically closed after 12 hours. New replies are no longer allowed.