Hello guys, I'm new to all this, some of my users are complaining because it throws them the NET: ERR_CERTIFICATE_TRANSPARENCY_REQUIRED certificate error, for now it seems that it only happens in windows users and with chrome, because with other browsers it works. I use mac and it works for me.
I don't know if it has anything to do with it, but I currently live in Chile and days ago it should have updated its schedule but it didn't, the time change will take place on Saturday, do you think it has anything to do with it?
Chile should change the time days ago but it did not do it due to a political event, now the official time change will be this next Saturday, the error happens when you are in Windows, Chrome and you have the current time of the country, but if you advance it one hour (like will be on Saturday) stop happening. What should I do?
LE certificates are backdated one hour to account for misconfigured times. It could be the browser has its own opinion of time with regard to its calculation from UTC to local time and is not complient with the very specific political situation? In that case it would have been mere minutes or even seconds to get an incorrect certificate I guess..
Guys now it seems that everything works correctly, after an hour or maybe a little more everything is normalized and I don't touch anything, it's very strange, does that time difference have something to do with it?
Though uncommon, websites can also use certificates to identify clients (e.g., users) connecting to them. Besides ensuring it is well-formed, Chrome passes this type of certificate to the server, which then evaluates and enforces its chosen policy. The policies on this page do not apply to client authentication certificates.
Chrome Root Program Participants MUST satisfy the requirements defined in this policy, including taking responsibility for ensuring the continued compliance of all corresponding subordinate CAs and delegated third parties participating in the Public Key Infrastructure (PKI).
Google includes or removes self-signed root CA certificates in the Chrome Root Store as it deems appropriate at its sole discretion. The selection and ongoing inclusion of CA certificates is done to enhance the security of Chrome and promote interoperability. CA certificates that do not provide a broad service to all browser users will not be added to, or may be removed from the Chrome Root Store. CA certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion.
Chrome Root Program Participants MUST accurately describe the policies and practices of their CA(s) within a Certificate Policy (CP) and corresponding Certification Practice Statement (CPS), or preferably, a single document combined as a CP/CPS.
The automated solution MUST minimize "hands-on" input required from humans during certificate issuance and renewal. Acceptable "hands-on" input from humans includes initial software installation and configuration, applying software updates, and updating subscriber account information as needed. Routine certificate issuance and renewal SHOULD NOT involve human input except as needed for identity or business document verification related to IV, OV, or EV certificate issuance.
If at any point a self-signed root CA certificate is accepted into the Chrome Root Store after these requirements take effect and the CA Owner intends to issue a Baseline Requirements certificate policy OID not previously disclosed to the Chrome Root Program, the requirements in this section MUST be satisfied before issuing certificates containing the OID to Subscribers from the corresponding hierarchy, with the exception of automation test certificates.
To phase-in these requirements in a manner that reduces negative impact to the ecosystem, affected root CA certificates included in the Chrome Root Store will be removed according to the schedule in the table below.
To further reduce negative impact to the ecosystem, the Chrome Root Store may temporarily continue to include a root CA certificate past its defined term-limit on a case-by-case basis, if the corresponding CA Owner has submitted a Root Inclusion Request to the CCADB for a replacement root CA certificate at least one year in advance of the approximate removal date.
Other circumstances may lead to the removal of a root CA certificate included in the Chrome Root Store before the completion of its term-limit (e.g., the future phase-out of root CA certificates included in the Chrome Root Store that are not dedicated to TLS server authentication use cases).
* while existing CA certificates trusted by Chrome MAY have EKU values as described in this table, Applicant PKI hierarchies MUST remain dedicated to only TLS server authentication use cases
** accepted on a discretionary basis
When deemed necessary, the Chrome Root Program may require Chrome Root Program Participants undergo additional ad-hoc audits, including, but not limited to, instances of CA private key destruction or verification of incident remediation.
CA Owners with certificates included in the Chrome Root Store MUST complete and submit an annual self-assessment to the CCADB. Instructions for completing the self-assessment are included in the required assessment template.
A single self-assessment MAY cover multiple CAs operating under both the same CP and CPS(s), or combined CP/CPS. CAs not operated under the same CP and CPS(s) or combined CP/CPS MUST be covered in a separate self-assessment.
Chrome Root Program Participants SHOULD always use the latest available version of the self-assessment template. CA Owners MUST NOT use a version of the self-assessment template that has been superseded by more than 90 calendar days before their submission.
Chrome Root Program Participants MUST publicly disclose and/or respond to incident reports in Bugzilla, regardless of perceived impact. Reports MUST be submitted in accordance with the current version of this CCADB incident report format and timelines.
While all Chrome Root Program Participants MAY participate in the incident reporting process, the CA Owner whose corresponding certificate is included in the Chrome Root Store is encouraged to disclose and/or respond to incidents on behalf of the Chrome Root Program Participants included in its PKI hierarchy.
If the Chrome Root Program Participant has not yet publicly disclosed an incident, they MUST notify chrome-root-program [at] google [dot] com and include an initial timeline for public disclosure. Chrome uses the information in the public disclosure as the basis for evaluating incidents.
The Chrome Root Program will evaluate every incident on a case-by-case basis, and will work with the CA Owner to identify ecosystem-wide risks or potential improvements to be made that can help prevent future incidents.
Due to the incorporation of the Baseline Requirements into CA policy documents, incidents may include a prescribed follow-up action, such as revoking impacted certificates within a certain timeframe. If the Chrome Root Program Participant does not perform the required follow-up actions, or does not perform them in the expected timeframe, the Chrome Root Program Participant SHOULD file a secondary incident report describing any certificates involved, the expected timeline to complete any follow-up actions, and what changes they are making to ensure they can meet these requirements consistently in the future.
At any time, the Chrome Root Program may request additional information from a Chrome Root Program Participant using email or CCADB communications to verify the commitments and obligations outlined in this policy are being met, or as updates to policy requirements are being considered. Chrome Root Program Participants MUST provide the requested information within 14 calendar days unless specified otherwise.
Vamos a explicarte cmo importar y exportar un certificado digital en Google Chrome, para que si quieres usar uno que tienes en otro navegador o guardar el que tengas en Chrome para usarlo en otro lado puedas hacerlo. Se trata de un proceso muy sencillo que puedes hacer desde sus propias opciones, en el men de ajustes, y muy parecido al que te enseamos a hacer en Firefox.
Por lo general, para instalar un certificado digital suele ser suficiente con hacer doble clic en l dentro de Windows y elegir si instalarlo en el sistema operativo o en un navegador concreto. Pero si por alguna razn, fallo, o por usar otro sistema operativo, necesitas hacerlo a mano, esta es la manera en la que puedes hacerlo. Adems, exportarlo ser til para no tener que volverlo a descargar si lo quieres instalar en otro sitio.
Entrars a la pgina de configuracin, donde tienes todas las opciones y ajustes del navegador. En ella, baja hasta el apartado de Privacidad y seguridad, y dentro de l pulsa en la seccin de Seguridad, que aparecer con el icono de un escudo.
Una vez hayas entrado en las opciones de Seguridad, tienes que bajar hasta abajo del todo. All, ahora pulsa en la opcin de Gestionar certificados, con la que puedes administrar los certificados que tienes instalados en tu navegador.
Cuando pulses en Gestionar certificados, se abrir una ventana llamada Certificados. En ella, tendrs varias pestaas en las que puedes ver los diferentes tipos de certificado digital que tienes instalados en el navegador. Para aadir uno nuevo, tienes que pulsar en el botn Importar que tienes en esta ventana.
Irs a la ventana del Asistente para importar certificados. Este asistente te guiar paso a paso en el proceso donde tienes que seleccionar la ubicacin del certificado que quieres instalar dentro de tu ordenador. Esto quiere decir, que primero tendrs que haber bajado o exportado el certificado que quieras aadir despus a Chrome.
Una vez hayas seleccionado el certificado que quieres importar, tienes que seleccionar el almacn o la pestaa donde quieres catalogarlo. Esto lo puedes hacer a mano o dejar que Chrome lo catalogue automticamente. Cuando lo tengas, en el ltimo paso del asistente tendrs un resumen de toda la operacin de importar, y si ests conforme pulsa en Finalizar y se instalar el certificado.
d3342ee215