I went to pay my cell providers bill via Chromium on Debian and it threw a "Site not secure" error at me. That was odd as I had paid at the same site many times before. I reported the problem to the cell provider's customer support line, not really expecting much. To my surprise they requested screenshots, and I provided them. The tech came back and replied, "I have seen this error before. Click on “ADVANCED” and you should then have an option to proceed to website and this should resolve the issue". :-) I replied that I would try paying by another means thanks, and that if I was seeing the site warning, others were likely to as well.. Google was reporting "Certificate Error : There are issues with the site's certificate chain net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)." Apparently, Google started following a 2013 protocol that detects fraudulent certificates, and the cell providers certificate vendor does not support it. Has anyone else seen these sorts of certificate problems, and why now? -- Michael Galea
I've seen that particular error too, and many other cert errors lately. It appears to be a combination of deprecated or compromised protocols no longer being accepted by up-to-date browsers where websites haven't updated their certs or servers, or older browsers that can't handle the new protocols implemented by some sites (Oh hello, IceCat and Midori!) If you know and understand what's going on it may be safe to bypass the error, as in the case of the Transparency requirement - your session should still be encrypted, although there's a low risk it's encrypted with a spoofed cert. Certainly it's no more dangerous than using a browser that doesn't enforce that transparency requirement. Long term, it requires all browsers, servers, and cert authorities to come up-to-date, using mutually agreed on certs and protocols. But as long as vulnerabilities are being found and vulnerable practices are being deprecated we may never reach that state of equilibrium again. --Bob On November 16, 2016 9:42:51 PM EST, Michael Galea via talk <talk@gtalug.org> wrote:
I went to pay my cell providers bill via Chromium on Debian and it threw a "Site not secure" error at me. That was odd as I had paid at the same site many times before.
I reported the problem to the cell provider's customer support line, not really expecting much. To my surprise they requested screenshots, and I provided them.
The tech came back and replied, "I have seen this error before. Click on “ADVANCED” and you should then have an option to proceed to website and
this should resolve the issue". :-)
I replied that I would try paying by another means thanks, and that if I was seeing the site warning, others were likely to as well..
Google was reporting "Certificate Error : There are issues with the site's certificate chain net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)." Apparently, Google started following a 2013 protocol that detects fraudulent certificates, and the cell providers certificate vendor does
not support it.
Has anyone else seen these sorts of certificate problems, and why now?
-- Michael Galea --- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
-- Bob Jonkman <bjonkman@sobac.com> Phone: +1-519-635-9413 SOBAC Microcomputer Services http://sobac.com/sobac/ Software --- Office & Business Automation --- Consulting GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
I was getting that error as well.. I did a system update (MINT) and rebooted to make sure there was a clean start and the website I was having are now resolved. It's a known bug. On Wed, Nov 16, 2016 at 10:24 PM, Bob Jonkman via talk <talk@gtalug.org> wrote:
I've seen that particular error too, and many other cert errors lately. It appears to be a combination of deprecated or compromised protocols no longer being accepted by up-to-date browsers where websites haven't updated their certs or servers, or older browsers that can't handle the new protocols implemented by some sites (Oh hello, IceCat and Midori!)
If you know and understand what's going on it may be safe to bypass the error, as in the case of the Transparency requirement - your session should still be encrypted, although there's a low risk it's encrypted with a spoofed cert. Certainly it's no more dangerous than using a browser that doesn't enforce that transparency requirement.
Long term, it requires all browsers, servers, and cert authorities to come up-to-date, using mutually agreed on certs and protocols. But as long as vulnerabilities are being found and vulnerable practices are being deprecated we may never reach that state of equilibrium again.
--Bob
On November 16, 2016 9:42:51 PM EST, Michael Galea via talk < talk@gtalug.org> wrote:
I went to pay my cell providers bill via Chromium on Debian and it threw a "Site not secure" error at me. That was odd as I had paid at the same site many times before.
I reported the problem to the cell provider's customer support line, not really expecting much. To my surprise they requested screenshots, and I provided them.
The tech came back and replied, "I have seen this error before. Click on “ADVANCED” and you should then have an option to proceed to website and this should resolve the issue". :-)
I replied that I would try paying by another means thanks, and that if I was seeing the site warning, others were likely to as well..
Google was reporting "Certificate Error : There are issues with the site's certificate chain net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)." Apparently, Google started following a 2013 protocol that detects fraudulent certificates, and the cell providers certificate vendor does not support it.
Has anyone else seen these sorts of certificate problems, and why now?
--
Bob Jonkman <bjonkman@sobac.com> Phone: +1-519-635-9413 SOBAC Microcomputer Services http://sobac.com/sobac/ Software --- Office & Business Automation --- Consulting GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
--- Talk Mailing List talk@gtalug.org https://gtalug.org/mailman/listinfo/talk
Confirmed, upgrading Chromium from 53.0.2785.113-1 to 53.0.2785.143-1 fixed the problem! I'm quite surprised as I believed (as Bob suggested) that the server was at fault. But upgrading the browser fixed the problem, so I guess it was either a browser problem or Chrome relaxed some checking. On 11/17/16 10:30, Digiital aka David wrote:
I was getting that error as well.. I did a system update (MINT) and rebooted to make sure there was a clean start and the website I was having are now resolved. It's a known bug.
On Wed, Nov 16, 2016 at 10:24 PM, Bob Jonkman via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
I've seen that particular error too, and many other cert errors lately. It appears to be a combination of deprecated or compromised protocols no longer being accepted by up-to-date browsers where websites haven't updated their certs or servers, or older browsers that can't handle the new protocols implemented by some sites (Oh hello, IceCat and Midori!)
If you know and understand what's going on it may be safe to bypass the error, as in the case of the Transparency requirement - your session should still be encrypted, although there's a low risk it's encrypted with a spoofed cert. Certainly it's no more dangerous than using a browser that doesn't enforce that transparency requirement.
Long term, it requires all browsers, servers, and cert authorities to come up-to-date, using mutually agreed on certs and protocols. But as long as vulnerabilities are being found and vulnerable practices are being deprecated we may never reach that state of equilibrium again.
--Bob
On November 16, 2016 9:42:51 PM EST, Michael Galea via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
I went to pay my cell providers bill via Chromium on Debian and it threw a "Site not secure" error at me. That was odd as I had paid at the same site many times before.
I reported the problem to the cell provider's customer support line, not really expecting much. To my surprise they requested screenshots, and I provided them.
The tech came back and replied, "I have seen this error before. Click on “ADVANCED” and you should then have an option to proceed to website and this should resolve the issue". :-)
I replied that I would try paying by another means thanks, and that if I was seeing the site warning, others were likely to as well..
Google was reporting "Certificate Error : There are issues with the site's certificate chain net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)." Apparently, Google started following a 2013 protocol that detects fraudulent certificates, and the cell providers certificate vendor does not support it.
Has anyone else seen these sorts of certificate problems, and why now?
--
Bob Jonkman <bjonkman@sobac.com <mailto:bjonkman@sobac.com>> Phone: +1-519-635-9413 <tel:%2B1-519-635-9413> SOBAC Microcomputer Services http://sobac.com/sobac/ Software --- Office & Business Automation --- Consulting GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
--- Talk Mailing List talk@gtalug.org <mailto:talk@gtalug.org> https://gtalug.org/mailman/listinfo/talk <https://gtalug.org/mailman/listinfo/talk>
-- Michael Galea
participants (3)
-
Bob Jonkman -
Digiital aka David -
Michael Galea