Guild Wars 2

Since few weeks ago that Arena.net announced their game will be available to play for free, I never could see content of the Black Lion Trading Company window with error

"net::ERR_ABORTED"

At first I thought it is because my game is in free mode, but then later when I upgraded my account to paid and still couldn’t open the window, I contacted support.

They told me "they noticed some discrepancies in the report" and ask me to follow these steps:

- Click the "Start" button to bring up the Start Menu.
- Type in CMD into the "Search programs and files" field but do not hit enter. Doing this will change your start menu to show the program "cmd.exe."
- Right-click on "cmd.exe" and select "Run as Administrator."
- Once complete, type "netsh winsock reset" without the quotes. When the command is completed successfully, a confirmation appears, followed by a new command prompt line.
- Try connecting to the game again.

Which I did and issue still exists. Then I checked game folder for a log or something to find the root cause of the issue and there was none. Then I hopelessly checked event viewer to see if there is any entries related to game in there, apparently there was none. However I noticed about 100 entries for some unknown application trying to add a certificate to ROOT or my certificate store!

Now I know the cause of this error and I’m glad that my windows refused to install the certificate. Dear game developers either:

1- Find another alternative way to secure your communications
2- Use another cert store to keep your certificates.
3- Get permission from your users to install it.
4- Hire someone who knows how to program properly, without causing issues like this.
5- Hire someone who can advise you on legal maters in software development

I am working in Finance/Banking industry as software engineer for 25 years and yet haven’t seen such a careless act come out of software development lab, pass code-review, beta-test and audit and find its way to user’s computer.

1- I believe it is SO WRONG to install a certificate in root authority of your client without them knowing (if it is not illegal) which gives whoever creating an active-x and signing with same certificate, free pass to access player’s computer.
2- If you need a certificate to connect to your market, you better get a derived certificate from already known certificate authorities. If your certificate issuer was reputable, their root certificate was already installed in there.
3- As for personnel from support team who are reading this, please make sure to send this to your next board meeting, I believe your management already know the concerns regarding this matter.

Note: To access your certificate store, you need to run MSC.exe in administrator mode and from File Menu select Add/Remove Snap-in and then in opened window from list of available snap-ins select certificate and press add button and select my account.

The certificate they use is issued by GoDaddy. It sounds like you’ve figured out that the trading post is just a website. The URL is https://tradingpost-dfw-live.ncplatform.net/. I’m assuming you can figure out the rest. bG9s

OP, you obviously have no idea how Certs work.

When a cert is legit it will get populated into your root store automatically, unless you have your system default browser locked down and ask YOU for permission on EVERY SINGLE cert for ANY website that uses SSL.

Legit, activated, and current SSL certs are automatically accepted via the Root store due to how certs work. They are held by the Cert provider (Veri sign being the biggest) and the authorization of the SSL Cert against the Certs Domain (NCsoft.com here) gets passed to them before the cert is considered activated/permitted to enter your root store.

That is the different between a publish authorized cert and a private self signed cert.

I love it when people come here and post a complaint about something they have no idea on and throw in ‘25 years of XYZ “Engineering” Experience’. Just makes you look like a jack kitten who really knows nothing.

Healix.5819,

Unfortunately I didn’t know who was the issuer of the certificate. I haven’t received a reply from support on who was the issuer of the certificate. As you can see I don’t have it in my root authorities. I don’t have Internet explorer in my computer and that website does not open in my Firefox either (Although I have godaddy certificate in my root CA of firefox)

sirsquishy.8531,
Before accusing people on lack of experience make your facts straight. From what you wrote here, I understand that your knowledge of Certificates does not go further than what you studied in may be highschool IT lab or University computer science subject. As I mentioned earlier, I am working in a Finance/Banking compnay which is under 24 hours tight audit and we have to ensure nothing gets stolen from our customer accounts via any means including impersonating.

I’m not here to lecture you about certificates and how they work. Those who actually work with certificates, already know how dangerous they can be in wrong hands.

If you are interested to learn more about certificates and why shouldn’t allow installing certificate issued by unreputable sources in your root CA I included some links below. There are reasons certificates are grouped under categories in all operating systems including mobiles. For certificate attacks read two article below on DigiNotar and GlobalSign. Also please have a look at image I posted here under column “Intended purpose”

http://superuser.com/questions/734110
https://en.wikipedia.org/wiki/Man-in-the-middle_attack
https://en.wikipedia.org/wiki/DigiNotar
https://en.wikipedia.org/wiki/GlobalSign
https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/

bobsort.4097:

I understand that your knowledge of Certificates does not go further than what you studied in may be highschool IT lab or University computer science subject.

fyi, what you followed with is covered in high school and of course in computer science.

The funny part about this thread is, as a software engineer, you should have had the knowledge to debug and resolve the problem within a few minutes after seeing “net::ERR_ABORTED”. It is a Chromium error after all, which should have made it obvious.

Healix.5819:

after seeing “net::ERR_ABORTED”. It is a Chromium error after all, which should have made it obvious.

Haha .. so this whole wall of text was just about that error ?

Beldin.5498:

Haha .. so this whole wall of text was just about that error ?

The wall of text was about jumping to conclusions, which was started by that error. From the start, the post is just a mess of incorrect assumptions, like a long math equation where an error was made on the first line.

Personally, when I first encountered an error like this back when they changed to CoherentUI, I simply used wireshark to pull the request. Problem solved. The problem back then however was that CoherentUI was stuck in a loop on auto-detect proxies.

Healix, Beldin, Thanks for help,

Last answer from support is this:

1- Make sure that “Gw2Setup.exe” is added as an exception in your antivirus and firewall.
2- Run the installer as an administrator.

And I haven’t get an answer from them about the certificate that need to be installed.

By the way, for anyone else who might have the same issue (exactly same issue from event viewer) and cannot trust GW2 to touch your ROOT CA, you can download following file and run under administrator privilages (don’t forget to unblock it first)
download is from microsoft website, so I trust it myself, although the exe file itself is not signed.

http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/rootsupd.exe

BTW Healix, I think wireshark installs WinPcap which allows remote monitoring SND/RCV packets from your computer. if this is the case you might want to remove it.

Healix,

If you don’t know what certificate is missing, how do you want to install it? and you call this one, wall of text? I had a 7 page message in WOW forums.

bobsort.4097:

If you don’t know what certificate is missing, how do you want to install it?

You find out what certificates are missing by following the chain. By using the URL I gave you earlier, which you can obtain yourself using any internet monitoring software, you can grab the certificate and see that it’s issued by Go Daddy Class 2 Certificate Authority. So you go to their website and obtain it. You can then manually check the thumbprints since you won’t be able to trust GoDaddy’s site.