OT: why does Chrome and Edge show my certificate as invalid
267 views
Skip to first unread message
Mike Leone
Aug 17, 2021, 11:12:43 AM8/17/21
to NTSysAdmin
a bit OT. On a site we own, we have a certificate (this site is basically a reverse proxy for our email.) If I access the site in Chrome, it comes up invalid, even though the certification path shows as valid. What I get is:
--
Mike. Leone, <mailto:tur...@mike-leone.com>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
This space reserved for future witticisms ...
NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED.
Mind you, I don't get that error from Firefox. Nor does the SSL Checker at sslshopper.com see any errors with the cert.. But Chrome and Edge (and iPads, apparently) do complain. And from what I've read, the only solution is to replace the cert from a different provider, one who maintains "transparency logs".
Can anybody shed any light? Is there nothing I can do to fix this? (besides renewing the cert from a different provider, I mean)
(This cert was issued by Entrust Certification Authority - L1K)
Mike. Leone, <mailto:tur...@mike-leone.com>
PGP Fingerprint: 0AA8 DC47 CB63 AE3F C739 6BF9 9AB4 1EF6 5AA5 BCDF
Photo Gallery: <http://www.flickr.com/photos/mikeleonephotos>
This space reserved for future witticisms ...
Micheal Espinola
Aug 17, 2021, 11:21:34 AM8/17/21
to ntsys...@googlegroups.com
As I understand it, this is a newer Chromium browser issue. I believe you can disable the check in the browser, or better still get your cert re-issued and registered for Certificate Transparency
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CAHBr%2B%2BgRmZem6M0_0jzQCOGsuwo4S1G-0mNTYa1Fn9%3DmK2iGPQ%40mail.gmail.com.
Kurt Buff
Aug 17, 2021, 11:24:33 AM8/17/21
to ntsys...@googlegroups.com
This seems like a useful checklist:
https://www.rapidsslonline.com/ssl/net-err-certificate-transparency-error-in-google-chrome/
Kurt
https://www.rapidsslonline.com/ssl/net-err-certificate-transparency-error-in-google-chrome/
Kurt
Mike Leone
Aug 17, 2021, 11:27:25 AM8/17/21
to NTSysAdmin
Well, the cert is due to expire in 4 months or so (December), and we do use a different cert issuer these days. So hopefully the problem will go away then.
How can you tell if an issuer is enrolling your cert in the Certificate Transparency logs? Besides getting an error like I am getting, that is. LOL
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CAAfzEuzWL7rAuyqJ3doSNOyGMH6XQtDmPOt6mFie444SeRWQeQ%40mail.gmail.com.
Kurt Buff
Aug 17, 2021, 11:44:42 AM8/17/21
to ntsys...@googlegroups.com
Mike Leone
Aug 17, 2021, 12:38:12 PM8/17/21
to NTSysAdmin
That says my cert is actually in a CT log. LOL ...
google_argon2021
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CADy1Ce4L4RZjvsrfr7poRSVQof8fm4vkePpHtZ29-YtiQjsL2g%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages