[GTALUG] Certificate Error On Chrome
Michael Galea
michael at galeahome.ca
Thu Nov 17 14:13:12 EST 2016
Confirmed, upgrading Chromium from 53.0.2785.113-1 to 53.0.2785.143-1
fixed the problem! I'm quite surprised as I believed (as Bob suggested)
that the server was at fault. But upgrading the browser fixed the
problem, so I guess it was either a browser problem or Chrome relaxed
some checking.
On 11/17/16 10:30, Digiital aka David wrote:
> I was getting that error as well.. I did a system update (MINT) and
> rebooted to make sure there was a clean start and the website I was
> having are now resolved. It's a known bug.
>
> On Wed, Nov 16, 2016 at 10:24 PM, Bob Jonkman via talk <talk at gtalug.org
> <mailto:talk at gtalug.org>> wrote:
>
> I've seen that particular error too, and many other cert errors
> lately. It appears to be a combination of deprecated or compromised
> protocols no longer being accepted by up-to-date browsers where
> websites haven't updated their certs or servers, or older browsers
> that can't handle the new protocols implemented by some sites (Oh
> hello, IceCat and Midori!)
>
> If you know and understand what's going on it may be safe to bypass
> the error, as in the case of the Transparency requirement - your
> session should still be encrypted, although there's a low risk it's
> encrypted with a spoofed cert. Certainly it's no more dangerous than
> using a browser that doesn't enforce that transparency requirement.
>
> Long term, it requires all browsers, servers, and cert authorities
> to come up-to-date, using mutually agreed on certs and protocols.
> But as long as vulnerabilities are being found and vulnerable
> practices are being deprecated we may never reach that state of
> equilibrium again.
>
> --Bob
>
> On November 16, 2016 9:42:51 PM EST, Michael Galea via talk
> <talk at gtalug.org <mailto:talk at gtalug.org>> wrote:
>
> I went to pay my cell providers bill via Chromium on Debian and it threw
> a "Site not secure" error at me. That was odd as I had paid at the same
> site many times before.
>
> I reported the problem to the cell provider's customer support line, not
> really expecting much. To my surprise they requested screenshots, and I
> provided them.
>
> The tech came back and replied, "I have seen this error before. Click on
> “ADVANCED” and you should then have an option to proceed to website and
> this should resolve the issue". :-)
>
> I replied that I would try paying by another means thanks, and that if I
> was seeing the site warning, others were likely to as well..
>
> Google was reporting "Certificate Error : There are issues with the
> site's certificate chain net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)."
> Apparently, Google started following a 2013 protocol that detects
> fraudulent certificates, and the cell providers certificate vendor does
> not support it.
>
> Has anyone else seen these sorts of certificate problems, and why now?
>
>
>
> --
>
> Bob Jonkman <bjonkman at sobac.com <mailto:bjonkman at sobac.com>> Phone:
> +1-519-635-9413 <tel:%2B1-519-635-9413>
> SOBAC Microcomputer Services http://sobac.com/sobac/
> Software --- Office & Business Automation --- Consulting
> GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
>
>
> ---
> Talk Mailing List
> talk at gtalug.org <mailto:talk at gtalug.org>
> https://gtalug.org/mailman/listinfo/talk
> <https://gtalug.org/mailman/listinfo/talk>
>
>
--
Michael Galea
More information about the talk
mailing list