SSL Certificates in Google Chrome

Nice review article, although I don't see it as a bad thing if EV extensions are ignored they generally do very little, the following quote comes from a post on one of the XMPP lists:

"Have a look at the latest black hat. They had certs for big corporate sites from some of the bigger CAs. They even rerouted the traffic there and nobody noticed. They showed logs of this at the end of the conference."

i have an internal host path to a webserver that i access with a cert that doesn't match the webserver's cert. this is *normal* for people who do web work. it's also *normal* for a non ecommerce site, like an open source site, to have a cert for "www" but not for every sub domain. by not allowing exceptions, they make it VERY hard to work with chrome... which made me, just today, put firefox BACK as my default browser

In fact, Chrome is not applying all my certificates at all. I suppose this is some kind of a bug. I've imported my banking P12 certificates. When a virtual banking site needs the appropriate certificate, Firefox and IE are applying Crypto API as is needed, but the Chrome doesn't. I hope someday Google will fix this AWFUL issue...

That's true, doc. It would be nice to have it remember whether you've trusted a certificate before. Of course, for ecommerce sites that doesn't help because customers will be scared away before adding it as an exception. The solution for ecommerce sites is to redirect traffic to www (or vice versa) or get a certificate with both names in it (a SAN/UC certificate)

Duane,

That quote was talking about normal SSL certificates. The whole point of EV certificates is to standardize and make it almost impossible for someone to get a certificate unless they are authorized to do so which will prevent these "black hat" hackers from getting a certificate for a big company or any company that they don't own. It is important for there to be a noticeable difference in the web browser between a normal certificate and an EV certificate or hackers will be able to continue using normal certificates and get away with it.

All it takes is for one vendor to issue a certificate by mistake and all vendors cop the blame because there is nothing on the browser interface that effectively communicates who the CA responsible is.

The only websites this is useful for are companies like amazon.com, if the snakeoil sales men hadn't gotten things their way we could easily check the certs our banks use are the right ones based on the information on their stationary.

EV isn't the be all and end all everyone seems to be pushing it as, neither is SSL for that matter, which I wouldn't trust for anything other than credit card transactions especially since a Verisign rep said they would issue duplicated certs to government agencies if compelled, although I'd be interested to know which governments they'd comply with. Then of course no one is going to yank Verisign roots from browsers because their certs are too prolific, the whole thing is a big house of cards waiting to come crashing down, it's not a matter of if, but when.

Georgi, I believe this is due to the fact that Chrome doesn't yet support client certificates. I'm sure support for it will be added before the final product is released, though.

I much prefer google chrome but will have to use Internet Explorer( which keeps crashing on me) at the income tax site because of problems related to encryption and SSL signing as discussed above. The site does not support Google Chrome.

just adjust the date and time!!!!!!!!!!!!!

thanxx I just adjusted the date & time..and nw it is running properly

Thanx for this helpful article

Na brskalniku Google Crhrome bi želel koristiti tudi storitev "abanet"; dostop do ban?nih storitev Abanke katere komintent sem. Za to storitev banke imam registriran certificat "sigenca".
Program Google Chrome pa me ne spusti na program, ker ne najde certifikata, ?eprav ga pod možnosti in naprednimi storitvami programa najdem.
Kaj storiti?
Druga?e pa je brskalnik Google Chrome zelo dober.

I had adjusted the date on my computer to take advantage of an trial offer on a software and that was causing the problem. Thank bilal for the suggestion.

Yes, good old Firefox allows me to add an exception. But chrome still doesn't, which is very annoying.
And there is no extension to solve this problem of chrome.
I know the site very well, it's mine, but every time i have to do this ugly procedure of pretending security.

thank you for posting some helpful things i adjust the time of my PC

thanx, i have encountered this mssge many times. now i know! adjust the date and time...

I cant believe that i waited for zanga games to fix my problem with the game not loading properly. But all it was, was the date had to be changed. OMG how simple was that.

thanks guys and girls

It was the date and time. Thanks! I reset it and everything was working fine!

Wow! A big thanks to you buddy!. It helps me.. Thanks a lot. :)

Can't believe that changing date sort my security problem lol
Thanks

How do I send a digitally signed email that is secure and can be encrypted? I have already tried StartCom and Comodo, and neither supports Google Chrome email.

BTW - At least I can read the security code. NICE! :o}

How do I examine (or download) a security certificate when the certificate is *good*? In the Chrome browser, and it lets me save bad certificates, but it won't let me save good ones. Help!

Does anyone know why even secured sites sometimes shows up as insecured (Usually refreshing the page fixes it, but sometimes it changes to dangerous statuss even though the site is verified as safe and has a sertificate)? Is this some sort of a bug? Or does it take time for Chrome to load each sertificate and that is why it shows "insecured" at first? Was just curious, yes, refreshing the page actualy fixes it in the most cases, but still :/

By adjusting time and time it fixed

As an end user of Chrome (and IE)I have been getting error messages when trying to access certain secured sites in which the Chrome error states "Cannot connect to the real ***.com"; *** being the name of the real name of the site. Clicking the "more" button reveals the reason as being a malformed certificate, stating that Chrome will not access the site because of this. It shows the subject as the url of the site I'm trying to access and it shows the Issuer of the certificate (I guess). I can access the site with other computers using the same network or my iPad; it's only my desktop that has the problem. The other computers are also using Chrome. Can you tell me what could be causing this to only occur on this one computer? I've searched the internet through and have yet to find a solution. I would appreciate your input.

Thanks for give such an easy and great solution.
I thought some critical settings I need to change.

Could you please tell How SSL related to Date and time.

i spent whole noon to figure it out. I'm luckily here to view this!!! just change the date and time!!! I am so sorry being rude and said wtf end up with laughed. Ha-ha!

thanks the date and time settings change really works

Thanks a Ton All Dosto.... will try the solution within some mins..

Thanks Bilal...That was great. I just adjusted the date and time!!

Hi All,



I need to perform Mutual authentication in chrome headless browser in LINUX system. I have imported the SSL(.p12 format) cert using "pk12util -d sql:$HOME/.pki/nssdb -i .p12" command. It was imported successfully but when i try to access the URL, i am unable to access. The log says timed out. Could any one here please tell me from which location does the chrome picks the certificate info and proceed with the request.



to avoid the prompting, i have also added the chrome policy setting into /opt/google/chrome/policies/ folder. The JSON added had the below content.



{

"AutoSelectCertificateForUrls": &#91"{\\\"pattern\\\"":\\\""https://*.example.com\\\""