I've just tried three browsers - Google Chrome, Firefox, and Brave. All block access.
The Brave browser actually gave half a page of reasons why it has done this.
The Chrome and Firefox browsers both display messages from Eset.

My guess is the anti virus / security software in use is doing this.

In reply to a post by dect:

I am sure their must be a reason why its working for some and not others but I have't got a foggy why it would be.

I'm assuming Apple users aren't seeing the site because Safari is strict about letting you view dodgy sites, in this case one where the certificate has been revoked.

It isn't down to AV/security software, the certificate does appear to have been revoked https://www.ssllabs.com/ssltest/analyze.html?d=https...

In reply to a post by Woolwich:

In reply to a post by dect:

I am sure their must be a reason why its working for some and not others but I have't got a foggy why it would be.

I'm assuming Apple users aren't seeing the site because Safari is strict about letting you view dodgy sites, in this case one where the certificate has been revoked.

You're almost certainly correct. Using my iPad the first link gave the site but no map. The second gave the long explanation about the peer's certificate revoked.

Using my laptop, on Chrome in Windows no problem.

Edited by pluralist (Sat 08-Jan-22 16:47:35)

In reply to a post by pluralist:

You're almost certainly correct. Using my iPad the first link gave the site but no map. The second gave the long explanation about the peer's certificate revoked.

Using my laptop, on Chrome in Windows no problem.

Managed to get the certificate issue on an old version of Internet Explorer, it does raise the question why Chrome and the latest version of Edge doesn't highlight it as well.

In reply to a post by clyde123:

Surprised Openreach aren't right on to this.

They're quite probably blissfully unaware...expect virtually all of their corporate and back-office staff are on Windows-based builds.

[bit of a first world problem, but possibly need to ping them a note that won't get buried or ignored].

everything seems to be working fine on PC's my end Checked on windows 11, macs however do have an issue in safari, certificate issue, PC says secure mac not so much.

Has anyone sent an email over to the OR team to let them know of the problem.

Fails in Firefox, Safari, on any platform. Works in Chrome, Edge on any platform.

What worries me is why it works in Chrome & Edge, when the cert has been revoked. Implies the Chromium code base they both rely on is not checking for certificate revocation, which means both the browsers are flawed in their security handling. Ugh!

In reply to a post by jchamier:

Fails in Firefox, Safari, on any platform. Works in Chrome, Edge on any platform.

What worries me is why it works in Chrome & Edge, when the cert has been revoked. Implies the Chromium code base they both rely on is not checking for certificate revocation, which means both the browsers are flawed in their security handling. Ugh!

Ugh indeed!

Edit: That's with the latest Chrome update 97.0.4692.71. Supposed to fix 37 serious bugs including many Use-After-Free (UAF) bugs that hackers have apparently been exploiting.

Edited by pluralist (Sat 08-Jan-22 18:43:36)

In reply to a post by RR_The_IT_Guy:

everything seems to be working fine on PC's my end Checked on windows 11, macs however do have an issue in safari, certificate issue, PC says secure mac not so much.

Has anyone sent an email over to the OR team to let them know of the problem.

As above - I would not describe it as an “issue in safari”. It’s the exact opposite - an actual security issue in chrome and edge - which aren’t flagging the revoked certificate.

Though a sense of proportionality of the “issue” is required, at least in this specific instance. The issue is of a wider security flaw in those browsers that could lead to an exploit. Just happens that it’s a revoked certificate on the Openreach main site.

Edited by Pheasant (Sat 08-Jan-22 19:31:17)