Preventing Chrome from flagging CT vulnerability for end-users
78 views
Skip to first unread message
Gregory L. Wei
Apr 22, 2016, 1:29:29 PM4/22/16
to certificate-transparency
At my company, We use an internal CA (we use self-signed certs).
-We will eventually implement CT but haven't yet.
-Until then, I don't want my users to see the warning.
How can I configure Chrome to not warn in the meantime?
THANKS IN ADVANCE for the workaround.
Ben Laurie
Apr 22, 2016, 1:58:23 PM4/22/16
to certificate-...@googlegroups.com
On 22 April 2016 at 18:28, Gregory L. Wei <grego...@gmail.com> wrote:
At my company, We use an internal CA (we use self-signed certs).-We will eventually implement CT but haven't yet.-Until then, I don't want my users to see the warning.
I don't think that warning is caused by CT. What does the connection tab say if you click on the padlock?
How can I configure Chrome to not warn in the meantime?THANKS IN ADVANCE for the workaround.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Gregory L. Wei
Apr 29, 2016, 6:10:10 PM4/29/16
to certificate-transparency
Ben, thanks so much for the reply and offer of help.
Here's what I'm seeing:
On Friday, April 22, 2016 at 10:58:23 AM UTC-7, Ben Laurie wrote:
On 22 April 2016 at 18:28, Gregory L. Wei <grego...@gmail.com> wrote:At my company, We use an internal CA (we use self-signed certs).-We will eventually implement CT but haven't yet.-Until then, I don't want my users to see the warning.I don't think that warning is caused by CT. What does the connection tab say if you click on the padlock?
How can I configure Chrome to not warn in the meantime?THANKS IN ADVANCE for the workaround.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
Pierre Phaneuf
May 3, 2016, 9:20:07 AM5/3/16
to certificate-transparency
My guess is that it might be the "obsolete cipher suite" that's making Chrome "angry"? The HMAC-SHA1 is not allowed, I think?
On Fri, Apr 29, 2016 at 11:10 PM, Gregory L. Wei <grego...@gmail.com> wrote:
Ben, thanks so much for the reply and offer of help.Here's what I'm seeing:
On Friday, April 22, 2016 at 10:58:23 AM UTC-7, Ben Laurie wrote:
On 22 April 2016 at 18:28, Gregory L. Wei <grego...@gmail.com> wrote:At my company, We use an internal CA (we use self-signed certs).-We will eventually implement CT but haven't yet.-Until then, I don't want my users to see the warning.I don't think that warning is caused by CT. What does the connection tab say if you click on the padlock?
How can I configure Chrome to not warn in the meantime?THANKS IN ADVANCE for the workaround.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
Eran Messeri
May 3, 2016, 10:10:07 AM5/3/16
to certificate-transparency
Gregory, the best way forward is to file a Chrome bug (crbug.com) so we can investigate, as a lot of data is missing for us to provide useful advice.
On Tuesday, 3 May 2016 14:20:07 UTC+1, Pierre Phaneuf wrote:
My guess is that it might be the "obsolete cipher suite" that's making Chrome "angry"? The HMAC-SHA1 is not allowed, I think?
On Fri, Apr 29, 2016 at 11:10 PM, Gregory L. Wei wrote:
Ben, thanks so much for the reply and offer of help.Here's what I'm seeing:
On Friday, April 22, 2016 at 10:58:23 AM UTC-7, Ben Laurie wrote:
On 22 April 2016 at 18:28, Gregory L. Wei <grego...@gmail.com> wrote:At my company, We use an internal CA (we use self-signed certs).-We will eventually implement CT but haven't yet.-Until then, I don't want my users to see the warning.I don't think that warning is caused by CT. What does the connection tab say if you click on the padlock?
How can I configure Chrome to not warn in the meantime?THANKS IN ADVANCE for the workaround.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transparency+unsub...@googlegroups.com.
Gregory L. Wei
May 5, 2016, 1:08:04 PM5/5/16
to certificate-transparency
Thank you, Eran. doing now...
Peter Bowen
May 5, 2016, 1:25:51 PM5/5/16
to certificate-...@googlegroups.com
Are you referring to the sentence "The server did not supply an Certificate Transparency information." as the warning or do you mean the grey lock icon with yellow warning triangle as the warning?
On Fri, Apr 29, 2016 at 3:10 PM, Gregory L. Wei <grego...@gmail.com> wrote:
Ben, thanks so much for the reply and offer of help.Here's what I'm seeing:
On Friday, April 22, 2016 at 10:58:23 AM UTC-7, Ben Laurie wrote:
On 22 April 2016 at 18:28, Gregory L. Wei <grego...@gmail.com> wrote:At my company, We use an internal CA (we use self-signed certs).-We will eventually implement CT but haven't yet.-Until then, I don't want my users to see the warning.I don't think that warning is caused by CT. What does the connection tab say if you click on the padlock?
How can I configure Chrome to not warn in the meantime?THANKS IN ADVANCE for the workaround.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "certificate-transparency" group.
To unsubscribe from this group and stop receiving emails from it, send an email to certificate-transp...@googlegroups.com.
Eran Messeri
May 6, 2016, 7:30:35 AM5/6/16
to certificate-...@googlegroups.com
By the way, starting from Chrome M50 (which is the stable version and should be the one you have) the SCT information is shown in greater detail in the Security panel of DevTools - once the Security panel is opened and the page is re-loaded, for each origin you'll see the number of SCTs and their breakdown.
Reply all
Reply to author
Forward
0 new messages