Is Chrome Still Showing Certificate Warning for Outdated Security Settings?

  • Thread starter Thread starter Jonathan Scott
  • Start date Start date
  • Tags Tags
    Chrome
Click For Summary

Discussion Overview

The discussion revolves around a warning message in Chrome regarding outdated security settings and certificate issues. Participants explore the presentation of the warning, the implications of using different versions of Chrome, and the potential need for updates to security certificates, particularly concerning SHA-1 and SHA-2 algorithms.

Discussion Character

  • Technical explanation
  • Debate/contested
  • Exploratory

Main Points Raised

  • Some participants report seeing a warning in Chrome related to outdated security settings and certificate verification.
  • Others describe the warning's presentation, noting it appears when clicking on the lock icon in the address bar.
  • One participant mentions using a development version of Chrome and speculates that the warning may be a bug in that release.
  • Several participants confirm that they do not see the warning in other browsers, such as Firefox, Opera, or Safari.
  • There is mention of a recent change in Chrome regarding the deprecation of SHA-1 for certificates, which may relate to the warning being experienced.
  • Some participants discuss the need to update to SHA-2 certificates due to Google's phasing out of SHA-1 support.
  • One participant shares their experience with acquiring SHA-2 certificates from Symantec and expresses hope for a smooth process.
  • There are updates on the status of certificate warnings after participants attempt to switch to SHA-2 certificates.

Areas of Agreement / Disagreement

Participants generally agree that the warning is related to outdated security settings and the transition from SHA-1 to SHA-2 certificates. However, there is no consensus on whether the warning is a bug in the Chrome development version or a legitimate security concern, as some do not experience the warning at all.

Contextual Notes

Participants express uncertainty regarding the implications of the changes in Chrome and the specific reasons for the warnings. There are references to potential bugs in the development version and the need for updates to security certificates, but no definitive conclusions are reached.

Jonathan Scott
Gold Member
Messages
2,349
Reaction score
1,196
Chrome is giving the following warning:

The identity of this website has been verified by RapidSSL CA but it does not have public audit records.

The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it.
 
Computer science news on Phys.org
How is that message being presented? I am using the latest Chrome and only see that text if I click the lock in the address bar and go to the connection tab.
 
The triangle warning sign comes up on the lock in the address bar, and if I click on it to see what the problem is, I see that message.
 
I'm using the dev level of Chrome, which seems to have recently updated itself: 40.0.2188.2 dev-m
 
Jonathan Scott said:
The triangle warning sign comes up on the lock in the address bar, and if I click on it to see what the problem is, I see that message.
Interesting. I'm using 38 at the moment. Do you see such an error using any other browser?
 
No warning here, with FF 32.0.2 Read the certificate file, all looks good.
 
Thanks Doug. It could be a bug in the Chrome dev release. When 40 goes to release then we can try to diagnose if the warning appears.
 
I don't see any problem in Firefox, Opera or Safari. I think I saw some recent news item that said someone had recently demonstrated that it was possible to fake a certificate chain and that something was being tightened up in Chrome to prevent that, so it might be something to do with that. Apart from that, it could of course be a Chrome bug. I use the dev version on my personal laptop to try to get some advance warning of what they will break next in the stable version!
 
  • Like
Likes   Reactions: Greg Bernhardt
I've found the description of the change in the Chrome issues: https://code.google.com/p/chromium/issues/detail?id=401365

The title is "Deprecate SHA-1 for certificates".

I haven't fully understood it, but I think they are trying to move people off SHA-1 signing of certificates because it has been demonstrated that it can be faked, and that matches the recent news item.
 
  • #10
Greg Bernhardt said:
Thanks Doug. It could be a bug in the Chrome dev release. When 40 goes to release then we can try to diagnose if the warning appears.
It's definitely a move by Google with Chrome. I received notices from Symantec for my sites at the beginning of September:

"We would like to inform you of Google's intent to phase out support for certificates using a SHA-1 hashing algorithm via degraded visual indicators and warnings in the Chrome™ browser. These changes are expected to take effect in the production version of Chrome version 39 in November 2014."

Acquiring the SSH-2 update certificates from Symantec was easy. Plan to install at Hostgator next week.

(Last month I had to diagnose a PDF issue with Chrome and found that Google had replaced Adobe PDF support with their own. Had to contact almost a dozen reps in the field because Chrome couldn't accept a date with a year earlier than 1969!)
 
  • Like
Likes   Reactions: Greg Bernhardt
  • #11
Thanks TD, looks like I need to get a new certificate already. What a PITA.
 
  • #12
FWIW, Symantec provided the SHA-2 update certs for free and provided an easy website process to acquire. Hope you're experience goes as well or better.
 
  • #13
I'm updating to SHA-2. There may be some certificate warnings while I'm doing this.
 
  • #15
Lookin' good, Greg!

pf-cert.png
 
  • Like
Likes   Reactions: Greg Bernhardt
  • #16
Greg Bernhardt said:
@Jonathan Scott do you still get the warning? The connection should be SHA-2 now.

Warning triangle has gone, thanks.
 
  • Like
Likes   Reactions: Greg Bernhardt

Similar threads

Need a fix for Firefox SEC_ERROR_INADEQUATE_KEY_USAGE error
  • · Replies 7 ·
Replies
7
Views
15K
Current and Future AI Threats to Humanity and the Human Response
  • · Replies 10 ·
Replies
10
Views
5K
Carrier IQ Your cell phone's secret big brother
  • · Replies 1 ·
Replies
1
Views
2K
Advice on site access: firewall/cookies
  • · Replies 2 ·
Replies
2
Views
3K
Graduate Is DCQE erasing information or resetting the system?
  • · Replies 10 ·
Replies
10
Views
3K
Graduate Shinichi Mochizuki's ABC Conjecture and Replication Crisis in Maths
  • · Replies 33 ·
2
Replies
33
Views
9K
Rapid Aid Delivery and Distribution System
  • · Replies 7 ·
Replies
7
Views
3K
[Special Relativity] Lorentz Transformation and Boosts
  • · Replies 4 ·
Replies
4
Views
3K
Admissions How Can I Enhance My Statement of Purpose for a PhD Program?
  • · Replies 5 ·
Replies
5
Views
4K
My review of Coursera's "Intro to Mathematical Thinking"
  • · Replies 1 ·
Replies
1
Views
6K