unable to access guidebook.hackweek.io from NASA network (security certificate configuration issue?) #66
Comments
This rings a bell, but I'm not finding past issues. @jpswinski do you also see these certificate errors? @maximusjstevens Are you able to access https://2024.hackweek.io without trouble? Are you able to click 'proceed to guidebook.hackweek.io ' or is it fully blocked? I'm not sure what we can do to remedy this - but let us know if NASA IT has any suggestions |
|
Another good test would be to see if https://guidebook.hackweek.io/intro.html gets also blocked. If 'yes', then NASA doesn't like the way GitHub is creating the SSL certificates for websites. We do not have any admin power over that as this is part of GitHub website hosting. |
|
@jomey @scottyhq I can access https://2024.hackweek.io/ without issue. https://guidebook.hackweek.io/intro.html is blocked. Interestingly, I can access the SnowEx Track jupyter book but the ICESat-2 and GeoSMART Track jupyter books get blocked. @scottyhq unfortunately NASA IT didn't have anything useful to provide, and didn't seem too interested in helping me troubleshoot. |
|
Hm .. 🤔 ... I can't think of something that we did different across the sites. All publish processes are pretty much identical ¯_(ツ)_/¯ |
|
@maximusjstevens, very interesting you can access some but not others. It's a tricky thing to solve. Can you let us know also what operating system and web browser you're using? These are a lot of posts out there for It seems this error can arise from github hosting issues https://github.com/orgs/community/discussions/50942. I don't really know what this stuff means, but I quickly tried pointing https://www.digicert.com at the various websites and see that the ones you can access are on IP |
|
I'm running Mac OS 13.6.4. I am getting the error with Chrome, Safari, and Firefox. It seems a bit like for now this might be above our pay grade to troubleshoot, unless you are really keen to sort it out. I also know nothing about OCSP stapling, but my quick look at what it means leads me to guess that NASA networks are configured to not trust a site were stapling is not enabled. So, my suggestion is to close the issue and hope that future hackweek sits are on 185.199.109.153 :) |
|
Yep, let's leave it open, but move on to more interesting things ;) |
|
@maximusjstevens I am at GSFC and running into this now. Can you let me know what NASA office you found to report this too? I will report my experience in hopes of bumping the issue. |
|
Here is something to add to your docs for new hackweek orgs: check any domain against the FortiGuard database using https://www.fortiguard.com/webfilter. Domains classified as "Newly Observed Domain" present as a security risk and may be blocked on some networks. You can submit a request for review and reclassification as "Education". I have just requested review for https://geosmart-2024.hackweek.io/ and will report back on the results and timing of their review. Update: It only took FortiGuard an hour to review (although they reclassified to "Information Technology" rather than "Education"), but the change did not immediately propagate to my network. |
|
Thank you for digging into this @itcarroll |
|
The NASA network is now letting me through to https://geosmart-2024.hackweek.io/. I've asked our network team if they could allow "Newly Observed Domains" from GitHub Pages. If they say no, I'll try for *.hackweek.io. |
I am unable to access the organizing team webpage (guidebook.hackweek.io) when connected to the NASA VPN. I am able to access when disconnected from the VPN. The issue seems to stem from a security certificate issue with the webpage in concert with NASA IT restrictions.
I have reached out to NASA IT to see if they can provide further information and I will update this issue if/when they respond.
The message that chrome provides is below.
The text was updated successfully, but these errors were encountered: