[GTALUG] Certificate Error On Chrome

Michael Galea michael at galeahome.ca
Thu Nov 17 14:13:12 EST 2016 

Confirmed, upgrading Chromium from 53.0.2785.113-1 to 53.0.2785.143-1 
fixed the problem!  I'm quite surprised as I believed (as Bob suggested) 
that the server was at fault.  But upgrading the browser fixed the 
problem, so I guess it was either a browser problem or Chrome relaxed 
some checking.

On 11/17/16 10:30, Digiital aka David wrote:
> I was getting that error as well.. I did a system update (MINT) and
> rebooted to make sure there was a clean start and the website I was
> having are now resolved. It's a known bug.
>
> On Wed, Nov 16, 2016 at 10:24 PM, Bob Jonkman via talk <talk at gtalug.org
> <mailto:talk at gtalug.org>> wrote:
>
>     I've seen that particular error too, and many other cert errors
>     lately. It appears to be a combination of deprecated or compromised
>     protocols no longer being accepted by up-to-date browsers where
>     websites haven't updated their certs or servers, or older browsers
>     that can't handle the new protocols implemented by some sites (Oh
>     hello, IceCat and Midori!)
>
>     If you know and understand what's going on it may be safe to bypass
>     the error, as in the case of the Transparency requirement - your
>     session should still be encrypted, although there's a low risk it's
>     encrypted with a spoofed cert. Certainly it's no more dangerous than
>     using a browser that doesn't enforce that transparency requirement.
>
>     Long term, it requires all browsers, servers, and cert authorities
>     to come up-to-date, using mutually agreed on certs and protocols.
>     But as long as vulnerabilities are being found and vulnerable
>     practices are being deprecated we may never reach that state of
>     equilibrium again.
>
>     --Bob
>
>     On November 16, 2016 9:42:51 PM EST, Michael Galea via talk
>     <talk at gtalug.org <mailto:talk at gtalug.org>> wrote:
>
>         I went to pay my cell providers bill via Chromium on Debian and it threw
>         a "Site not secure" error at me.  That was odd as I had paid at the same
>         site many times before.
>
>         I reported the problem to the cell provider's customer support line, not
>         really expecting much.  To my surprise they requested screenshots, and I
>         provided them.
>
>         The tech came back and replied, "I have seen this error before. Click on
>         “ADVANCED” and you should then have an option to proceed to website and
>         this should resolve the issue". :-)
>
>         I replied that I would try paying by another means thanks, and that if I
>         was seeing the site warning, others were likely to as well..
>
>         Google was reporting "Certificate Error : There are issues with the
>         site's certificate chain net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)."
>         Apparently, Google started following a 2013 protocol that detects
>         fraudulent certificates, and the cell providers certificate vendor does
>         not support it.
>
>         Has anyone else seen these sorts of certificate problems, and why now?
>
>
>
>     --
>
>     Bob Jonkman <bjonkman at sobac.com <mailto:bjonkman at sobac.com>> Phone:
>     +1-519-635-9413 <tel:%2B1-519-635-9413>
>     SOBAC Microcomputer Services http://sobac.com/sobac/
>     Software --- Office & Business Automation --- Consulting
>     GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
>
>
>     ---
>     Talk Mailing List
>     talk at gtalug.org <mailto:talk at gtalug.org>
>     https://gtalug.org/mailman/listinfo/talk
>     <https://gtalug.org/mailman/listinfo/talk>
>
>


-- 
Michael Galea

More information about the talk mailing list