[GTALUG] Certificate Error On Chrome

Bob Jonkman bjonkman at sobac.com
Wed Nov 16 22:24:16 EST 2016 

I've seen that particular error too, and many other cert errors lately. It appears to be a combination of deprecated or compromised protocols no longer being accepted by up-to-date browsers where websites haven't updated their certs or servers, or older browsers that can't handle the new protocols implemented by some sites (Oh hello, IceCat and Midori!)  

If you know and understand what's going on it may be safe to bypass the error, as in the case of the Transparency requirement - your session should still be encrypted, although there's a low risk it's encrypted with a spoofed cert. Certainly it's no more dangerous than using a browser that doesn't enforce that transparency requirement.

Long term, it requires all browsers,  servers, and cert authorities  to come up-to-date, using mutually agreed on certs and protocols. But as long as vulnerabilities are being found and vulnerable practices are being deprecated we may never reach that state of equilibrium again.

--Bob 

On November 16, 2016 9:42:51 PM EST, Michael Galea via talk <talk at gtalug.org> wrote:
>I went to pay my cell providers bill via Chromium on Debian and it
>threw 
>a "Site not secure" error at me.  That was odd as I had paid at the
>same 
>site many times before.
>
>I reported the problem to the cell provider's customer support line,
>not 
>really expecting much.  To my surprise they requested screenshots, and
>I 
>provided them.
>
>The tech came back and replied, "I have seen this error before. Click
>on 
>“ADVANCED” and you should then have an option to proceed to website and
>
>this should resolve the issue". :-)
>
>I replied that I would try paying by another means thanks, and that if
>I 
>was seeing the site warning, others were likely to as well..
>
>Google was reporting "Certificate Error : There are issues with the 
>site's certificate chain net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)." 
>Apparently, Google started following a 2013 protocol that detects 
>fraudulent certificates, and the cell providers certificate vendor does
>
>not support it.
>
>Has anyone else seen these sorts of certificate problems, and why now?
>
>-- 
>Michael Galea
>---
>Talk Mailing List
>talk at gtalug.org
>https://gtalug.org/mailman/listinfo/talk


--

Bob Jonkman <bjonkman at sobac.com> Phone: +1-519-635-9413
SOBAC Microcomputer Services http://sobac.com/sobac/
Software --- Office & Business Automation --- Consulting 
GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20161116/9eb52f5e/attachment.html>

More information about the talk mailing list