Hi,
I’m trying to create a new account using the Chromium browser on Ubuntu 18.04.3 LTS but after submitting the create account page (email address + 2 x passwords) Chromium reports a NET::ERR_CERT_COMMON_NAME_INVALID and refuses to load the page.
Is this a problem with the setup.garadget.com site, an issue with my browser, or a real live man-in-the-middle attack attempt?
Any suggestions of how I can work around this and create my account?
Cheers,
Rob Hills
Waikiki, Western Australia
Rob, it sounds like the issue is related to the (reasonable) insistence of Chromium to only use TLS connection. At one point the page has to communicate with a page served by Garadget directly and implementing the HTTPS server on embedded processor is not practical. We’ll look into it to see if any workaround is possible.
If you unable to use a regular setup process with the Android or iOS app, you can try Particle CLI for that. Though with smartphone is an easy one time process.
Hi Denis, thanks for your reply.
It may be a bigger issue than I’ve indicated above as I encountered the same problem with my initial attempt to reply to this thread. I received an email alert for your response and I clicked on the “Visit Topic” link in the email (http://url655.garadget.com/wf/click?upn={xxxx - deleted - xxxx}) and had exactly the same error.
The annoying thing about it is that Chromium usually offers a way of bypassing this kind of problem, hidden beneath its “Advanced” button. However, in this instance, when you tap the “Advanced” button, you get the following message:
url655.garadget.com normally uses encryption to protect your information. When Chromium tried to connect to url655.garadget.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be url655.garadget.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chromium stopped the connection before any data was exchanged.
You cannot visit url655.garadget.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
So I’m not even given the option to say “Yes, I know what I’m doing, just let me access this site anyway” 
Meanwhile, I used the phone app to install my friend’s garadget, but it would be good to sort out this problem anyway.
I’m the person responsible for domain management and I have no recollection of registering url655 sub-domain. Also, all the links should be to https protocol. Can you forward me the email you received and I’ll investigate. My email address is denis@garadget.com
I’ve researched the issue and it turned out that nothing nefarious is going on. The link is for tracking by Sendgrid (SMTP service provider). TSL is now enabled on it and there should be no more error messages.