PayPal SSL error (ERR_CERT_COMMON_NAME_INVALID) Chrome, Opera, IE

Question

I'm running Windows 8.1 Pro, almost clean OS with Norton Internet Security v. 21.5.0.19 protected. I've strange issue on Google Chrome v. 37.0.2062.124 m and Opera 24.0 while trying to visit PayPal website. The problem is that SSL certificate common name (CN) doesn't match PayPal.

Google Chrome error page:

Opera error pop-up:

Google Chrome and Opera certificate information:

The most interesting part that Firefox v. 31.0 and Safari 5.1.7 works like a charm:

My system, router and bios date and time are correct. I've tried to use google DNS IPs as well as DNS of my internet provider. I've no extensions. Hosts file is clean. Have no idea why is the problem occurs. Help me please. Thank you! :)

UPD: Still have this issue. :( SSL "Issued to" field has different values time to time (I even had google.com when used 8.8.8.8 DNS) but PayPal doesn't open. Sometimes it let me login and even press couple buttons but after that I back again to SSL error. Same issue when using IE.

• I've no malwares;
• System, bios, router time and date are absolutely correct;
• Host file is clean;
• Cache is clean;

• Everything is up to date.

• Tried ipconfig /flushdns; - Interesting situation here. PayPal with a 50% chance open after executing this command. But after a short time, like few buttons press or let's say 3 minutes you receive SSL error and can't continue viewing a website. And the most interesting part that the "Issued to" differs time to time too. This happens both with my provider's default DNS and google DNS servers.

• I tried to completely disable Norton Internet Security;

• I tried to visit https://66.211.169.66/ instead PayPal, but I've the same error (but the "issued to" seems to be correct this time "paypal.com");

UPD: List of all Certificates under "Trusted Root Certification Authorities" tab:

Complete Norton Internet Security removal has nothing changed. But one important thing. I'm using router Asus WL520gc connected via wire. I tried to connect cable directly to my PC, set up simple VPN connection and PayPal finally start opening. My router settings are pretty simple, everything is disabled, except VPN and manual IP assign for wireless devices. I've absolutely no idea what an issue can be. Mobile devices connected through this router open PayPal perfectly. And seems like the problem is with PayPal only cause another https connections cause me no problems as I remember.

And I have no plugins for browsers at all. I do pay attention for things I install on my PC and that's why I've no plugins, toolbars etc.

Now I've the same issue with Safari browser as well. :(

I can't catch when it appears. Cause the same time it works now in Chrome but doesn't work in Safari. And in 3 minutes or so Chrome shows certificate error again.

PayPal is working for me now, please see a tracert route:

Certificates looks different for https://66.211.169.66/ and https://www.paypal.com websites:

OK, it doesn't work again! Now "Issued to" is google.com:

But the screen is still the same if I visit https://66.211.169.66/ as on previous screenshot.

Tracert looks now like this:

And nslookup looks the same for working and non-working states:

After a reconnect "Issued to" changed to ad.yieldmanager.com (I've never seen this website before):

After a couple more reconnects - PayPal works but ping looks like this:

Important UPD. Now I see the problem persist at all devices connected through my router! DNS is currently set to 8.8.8.8. And certificate is issued to google.com. If change DNS to automatic "Issued to" gonna change to any random address mentioned above. See a screenshots from Android device connected via Wi-Fi. It's a default browser.

Answer 1

I believe that your computer was somehow been hijacked, even though the antivirus cannot identify the infection.

The certificate you display for paypal.com is in fact on the name of ebayclassifieds.com, which is a legitimate website. However, checking the certificates of both these websites thru the DigiCert SSL Installation Diagnostics Tool gives normal-looking details.

While if you look in the details of the certificate you posted, you will see that the date of validation is 20 января 2013 to 20 января 2015. Now января is January in Russian, while the certificates of paypal.com and ebayclassifieds.com are issued by VeriSign and Symantec and are valid respectively from 16/Apr/2014 to 07/Jun/2016 and from 01/Dec/2014 to 21/Jan/2017.

As all your screenshots are in English, I assume that you are not from Russia, and therefore the displayed details are bogus. (If you are in fact from Russia, some of my conclusions below are incorrect.)

The certificate you posted is in fact elapsed, which is impossible for a website such as ebay, and the part in Russian is also quite suggestive.

My advise is not to use your computer for doing any financial transaction or consultation!

The virus you are infected-with has apparently Russian origin. It looks like it is trying to redirect your browser into its own Paypal-clone website using falsified certificates. Apparently the virus has some bug or is not (yet?) well-installed, which is your great luck. According to what you say, it has infected some browsers on your computer and has succeeded in infecting some additional browsers.

As the antivirus is apparently helpless to eradicate this virus, I would advise to reformat your hard disk and reinstall Windows and all your applications. Take full backups of your personal data first, of course (but no point in taking any disk-image backup).

You will need to take more precautions against infection once the situation returns to normal, but that's another story.

As other devices at your place are functioning normally, I assume that the router itself has not been hijacked.

Answer 2

Since all devices connected to the Wi-Fi router are now affected, the problem must lie with the router. A router reset might help fix the problem. If it does not, changing the DNS settings might (e.g. Google DNS or OpenDNS).

If changing the DNS settings doesn't help either (which seems to be the case), I'd assume the problem lies with the ISP's VPN connection that you're required to connect to before you can access the Internet. In that case, you'd have to contact your ISP and let them know about the issue and they'll fix it.

In the meantime, you can connect to a third-party VPN (e.g. CyberGhost VPN) after you've connected to your ISP's VPN and hopefully that'll fix the problems you're facing.

You might also want to confirm that the problem lies with your Wi-Fi connection by connecting a device you know is clean to your Wi-Fi and then visiting PayPal.com on that device. If you still get a ERR_CERT_COMMON_NAME_INVALID or similar errors, you can be sure that your router/ISP is the troublemaker.