Forum / Remote Desktop Manager - Support

Certificate for stream.tellmer.com couldn't be verified

  • Create an Issue
  • Cancel

I just started getting the above message when starting up Remote Desktop Manager. The certificate looks good. Any idea what's going on?

Clock4 mths

Could you post a print screen to get the context related to the certificate?

Regards

David Hervieux

signaturesignature

Clock4 mths

Hey,

sorry for jump in - we receive exact the same at RDM start - The message mention stream.tellmer.com but in the certificate details *.keen.io is shown

(I guess in our case it's related with https inspection):

image

Regards,
Min

Clock3 mths


@Min

This is really strange. Do you get this all the time or it's new?

David Hervieux

signaturesignature

Clock3 mths

We got it the first time as we upgraded RDM from 2019.1.25.0 to 2019.1.36.0 on a customer side.

Regards,
Min

Clock3 mths

Could it be related to the certificate revocation list?

https://help.remotedesktopmanager.com/kb_security_certificatevalidation.htm

David Hervieux

signaturesignature

Clock3 mths

This could be - I'm on monday again on customer side - we'll check the Ignore application certificate errors and give you feedback.

At the moment we've configured a SSL-exception for *.keen.io on the proxy

Regards,
Min

Clock3 mths

We investigated the issue and disable the option Check for server certificate revocation should be the workaround for this issue.

Option under File > Options > Security
RDM+revocation

I open a ticket with the engineering department to continue the investigation.

Please let me know if the option doesn't solve the issue.

Best regards,



David Grandolfo

OFFICE CLOSURE!
Although our various support queues will be monitored for emergencies, Devolutions' offices will be closed on October 14th 2019.

signaturesignature

RDM_revocation.png
Clock4 mths

I am having the same situation. I did a view on the certificate (see the attachment). The part in green is from our firewall (it is doing SSL inspection by creating and injecting its own intermediate cert (man in the middle). I am sure that's whats causing the error. I could request an SSL proxy exception just like Mins was able to do, but I have to be able to justify it to our security department.

Unchecking the Check for server certificate revocation isn't exactly a solution.. it's just hiding/ignoring the problem. So, what is the keen.io domain used for? (I know that's what I'll be asked).

edit: I just went to keen.io's main web page, and it looks like it is used for tracking customer usage/telemetry data. Is that correct? That could be a hard item to sell to our security department.

thank you all :-)

David F.

2019-07-23_05-28-20.png
Clock3 mths

Hello,
It's the equivalent of Google Analytics. Everything is anonymous. It's equivalent to browsing our web site. You can disable this if you want with the No Internet Connection setting in File->Options | Advanced.

You might have more issues with the Man in the Middle firewall since we validate the certificates to avoid Main in the Middle interception for the encrypted traffic (which is worse than an anonymous analytic service to me).

Regards

David Hervieux

signaturesignature

Clock3 mths

Ok, that's fair.. I know Citrix gateway's don't allow for this kind of man-in-the-middle proxying.

Thank you. :-)

David F.

Clock3 mths