Issue 477627 in chromium: 'Thawte Premium Server CA' is invalid?

[chro...@googlecode.com]

Status: Unconfirmed
Owner: ----
Labels: OS-Mac Pri-2 Type-Bug

New issue 477627 by nat...@isimplify.com.au: 'Thawte Premium Server CA' is
invalid?
https://code.google.com/p/chromium/issues/detail?id=477627

Chrome Version : 44.0.2371.0
OS Version: OS X 10.9.5
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
Safari 5 (7.1.5): Complains but doesn't have a red cross
Firefox 4.x (37.01): Is ok
IE 7/8/9: n/a

What steps will reproduce the problem?
1. Go to https://email.virginaustralia.com/
2. Get 'NET::ERR_CERT_AUTHORITY_INVALID' error

What is the expected result?
Should work without error.

What happens instead of that?
Get 'NET::ERR_CERT_AUTHORITY_INVALID error'

Please provide any additional information below. Attach a screenshot if
possible.

Happens for a range of sites (eg. https://rpp.rpdata.com/rpp/login.html)

UserAgentString: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.0.2371.0 Safari/537.36




Attachments:
thawte-error.png 163 KB

--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

[chro...@googlecode.com]

Updates:
Labels: Cr-Internals-Network

Comment #1 on issue 477627 by meh...@chromium.org: 'Thawte Premium Server

CA' is invalid?
https://code.google.com/p/chromium/issues/detail?id=477627

(No comment was entered for this change.)

[chro...@googlecode.com]

Updates:
Status: WontFix
Labels: -OS-Mac OS-All

Comment #2 on issue 477627 by d...@chromium.org: 'Thawte Premium Server CA'
is invalid?
https://code.google.com/p/chromium/issues/detail?id=477627

The error for https://rpp.rpdata.com/rpp/login.html is simply a
yellow-triangle mixed-content warning.
That usually means the secure webpage https://rpp.rpdata.com/rpp/login.html
is also loading some regular/non-secure(HTTP) content.


The websites https://email.virginaustralia.com and
https://policy5.responsys.net/permission.htm have Red HTTPS X/slash because
these websites uses outdated SHA-1 security settings. That means your
connection to these websites is not secure.

Please send a support request to the website owner/admin and provide them
with this info:
https://googleonlinesecurity.blogspot.com/2014/09/gradually-sunsetting-sha-1.html

Sites with end-entity certificates that expire between 1 January 2016 and
31 December 2016 (inclusive), and which include a SHA-1-based signature as
part of the certificate chain, will be treated as “secure, but with minor
errors”.

Sites with end-entity certificates that expire on or after 1 January 2017,
and which include a SHA-1-based signature as part of the certificate chain,
will be treated as “affirmatively insecure”. Subresources from such domain
will be treated as “active mixed content”.

The current visual display for “affirmatively insecure” is a lock with a
red X, and a red strike-through text treatment in the URL scheme.


This is the expected display starting Chrome 42 and onwards and not an
error.