Firefox v70.0.1 blocks access to getpaint.net

[seldenb]

When I attempt to access Paint.Net's Web site, Firefox v70.0.1 blocks access by default, complaining that it doesn't recognize Comodo as a certificate issuer, of course it should accept Comodo's certificates unless there's been a recent security breach of Comodo that I don't know about. See the attached screengrab.

 

I'll be reporting this to Comodo (I use their Windows Internet Security product) and Mozilla, but it probably would be a good idea if the getpaint.net admins reported the problem, too.

 

[Rick Brewster]

It loads fine here for me. Some have reported this before, but it seems to be due to ... some other setting on your system? I don't really know. It's not widespread though thankfully.

[seldenb]

The results of a Web search suggest that this might be a symptom of the certificate's installation not being configured properly. See, for example, https://support.mozilla.org/en-US/questions/1132690

 

Apparently Firefox and derivatives (like Waterfox Classic) are much stricter about certificates than other browsers are. For example, Comodo's own Chromium based browser (Dragon) doesn't complain. FWIW, I'm running them under Windows 10 1907.

 

P.S. I contacted Comodo about it. For some reason the person investigating was unable to find a registration for the domain getpaint.net although I suspect that's just an oversight on their part.

Edited November 21, 2019 by seldenb

[toe_head2001]

The CA certificate is not installed on the server.  So, just visit another site that uses the same Certificate Authority (Comodo). For example, arstechnica.com.

That will add the CA certificate to Firefox, and you'll then be able to visit getpaint.net.

[Rick Brewster]

Yeah something about the SSL cert isn't completely installed right. I was planning to look into it when I have to renew the cert. It's not an easy thing to figure out ... the control panel for my hosting provider is really obtuse. So it's a task that's very high effort low reward, just hasn't been a priority.

[IHaveNoName]

Now it it is known the problem is not a malicious one and the screenshot clearly shows there is an accept the risk and continue option why not just use that?

 

Certification issues are becoming a pain with every new browser update throwing up more problems. Firefox is particularly troublesome if it has not been fully updated or, more often, the web site's certification is not up to date.

 

With Firefox any web sites without the correct certification or certification it recognises are usually made inaccessible until the certification is fixed because they removed that 'accept risk.........' option a long time ago. But the screenshot suggests that might have changed.

 

It was for that reason I installed and use a different browser for use in those circumstances which has not, patronizingly, removed the user's choice. I can confirm that the latest version of Waterfox works fine.   

Edited November 22, 2019 by IHaveNoName

[seldenb]

Whenever I encounter a problem like this I like to report it to someone who might be able to do something about it. It can be risky to get into the habit of allowing invalid certificates. There's always the possibility that you might be giving your browser permission to access a site that's, shall we say, less than reliable.

 

FWIW, it's working fine for me today (23nov19). FF70 opened https://www.getpaint.net with no complaints.