Jump to content
Enpass Discussion Forum

SSL certificate validation failed.


Recommended Posts

Hello all,

I have exactly the same issue, I can't ask to my compagnie to update the firewall rule, that's really a stupid things.
As I really need to have a password manager and I really appreciate ENPASS, but if there is no fix soon, I'll move to another one.

There is no news from ENPASS teams, please can you give a feedback on this topic?

Best Regards

Link to comment
Share on other sites

I extend my sincere apologies for any inconvenience caused and want to update you that the Enpass Technical team is actively looking into the issue. As part of this investigation, I have been assigned to gather additional information from users here, enabling us to conduct a more comprehensive analysis. Your cooperation and input in this matter are highly valued and appreciated-

Can you launch https://license.enpass.io in a browser and share the certificate details? It should have same fingerprint as in the image below:
 

 

SSL.png

Link to comment
Share on other sites

  • 2 weeks later...

Our company uses Netskope Root CA's and SSL decryption which means this change prevents Enpass being used on work laptops. With this change you have just lost a large segment of your corporate customers.

Link to comment
Share on other sites

On 12/21/2023 at 4:43 PM, Mohit Thapa said:

I extend my sincere apologies for any inconvenience caused and want to update you that the Enpass Technical team is actively looking into the issue. As part of this investigation, I have been assigned to gather additional information from users here, enabling us to conduct a more comprehensive analysis. Your cooperation and input in this matter are highly valued and appreciated-

Can you launch https://license.enpass.io in a browser and share the certificate details? It should have same fingerprint as in the image below:
 

 

SSL.png

Hello @Mohit Thapa,

Thank you for helping, can you explain how yo display the certificate with edge?

By the way, for now I use the old portable version without the encryption and works better;)

Link to comment
Share on other sites

On 12/21/2023 at 4:43 PM, Mohit Thapa said:

I extend my sincere apologies for any inconvenience caused and want to update you that the Enpass Technical team is actively looking into the issue. As part of this investigation, I have been assigned to gather additional information from users here, enabling us to conduct a more comprehensive analysis. Your cooperation and input in this matter are highly valued and appreciated-

Can you launch https://license.enpass.io in a browser and share the certificate details? It should have same fingerprint as in the image below:
 

 

 

Just tell the devs to stop this malarcy with. It's redicioulus esp. with Enpass going Enterprise.

Pinning was introduced after a security audit you had done prior to Enpass Business, but surely you fixed the real issues that came to light?

Continuing SSL/TLS-pinning for now is just security by obscurity :-)

Link to comment
Share on other sites

Been using Enpass macOS on my work laptop with ZScaler for several years.

Today, I go to open my vault and am met with this same error. Tried on and off corporate VPN, same result.

If it weren't for the fact that I found the vault.enpassdbsync file on my macOS filesystem, exported it, and opened it on another machine, I would be locked out of all my critical work passwords that I rely on daily with no recourse.

Thank god I recovered my vault on another machine. Now I can export the passwords and sprint away from Enpass permanently, given several other users have reported being locked out in recent days/weeks with no apparent solution in sight.

This is the moment you learn that you would've been better off using sticky notes than trusting Enpass, regardless of how well it worked up until it didn't.

Link to comment
Share on other sites

On 12/21/2023 at 3:43 PM, Mohit Thapa said:

I extend my sincere apologies for any inconvenience caused and want to update you that the Enpass Technical team is actively looking into the issue. As part of this investigation, I have been assigned to gather additional information from users here, enabling us to conduct a more comprehensive analysis. Your cooperation and input in this matter are highly valued and appreciated-

Can you launch https://license.enpass.io in a browser and share the certificate details? It should have same fingerprint as in the image below:
 

 

SSL.png

Why should we engage in this at all? Enpass needs to stop this altogether. You advertised your software as working offline. What you are doing here is a complete rug pull  by having your softwatre call home online and refuse to start. Users will not be able to trust you. For example, I no longer trust you that Enpass doesn't send any other data home.

Either make your software work offline like you advertised it, or admit that your software does not actually work fully offline, that users can get locked out (as demonstrated in this thread), and that you cannot guarantee what data Enpass is sending back when it calls home online.

This is beyond disappointing.

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...