[ubuntu-za] Chrome secure site issues
Xandor Schiefer
me at xandor.co.za
Tue Nov 15 09:10:35 UTC 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
https://bugs.launchpad.net/ubuntu/+source/chromium-browser/+bug/1641380
Includes workaround.
Kind regards,
Xandor Schiefer
+27 79 706 5620
This communication may be unlawfully collected and stored by the
National Security Agency (NSA) and other organizations in secret. The
parties to this email do not consent to the retrieving or storing of
this communication and any related metadata, as well as printing,
copying, re-transmitting, disseminating, or otherwise using it. If you
believe you have received this communication in error, please delete
it immediately.
On 15/11/2016 10:56, Wikus Van Dyk wrote:
> I've checked the certificate details , and I can't find anything
> different from what chromium shows and what firefox shows.
> In chromium it does show this error at details though :
>
> " There are issues with the site's certificate chain
> (net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED). "
>
>
> On 15/11/2016 10:49, Xandor Schiefer wrote:
> Hmmm.
>
>
> I just checked on my debian testing box whether this issue exists. It
> doesn't.
>
> I'd indeed check proxy settings, and also DNS settings (both on your
> computer and your router).
>
> There's always the outside chance that someone has tricked your computer
> into using a hacked DNS server that points absa.co.za to their own
> server, using an SSL cert signed by a dodgy CA that's untrusted by Chromium.
>
> To be extra sure that it's a configuration issue (or trusted CA in
> Chromium) issue, inspect the certificate closely.
>
> I've attached the certificate information I get in Firefox.
>
> Kind regards,
>
>
> Xandor Schiefer
> +27 79 706 5620
>
> This communication may be unlawfully collected and stored by the
> National Security Agency (NSA) and other organizations in secret. The
> parties to this email do not consent to the retrieving or storing of
> this communication and any related metadata, as well as printing,
> copying, re-transmitting, disseminating, or otherwise using it. If you
> believe you have received this communication in error, please delete
> it immediately.
>
> On 15/11/2016 10:39, chesedo wrote:
>>>> Also check if you do not maybe have a proxy setting in Firefox or Chromium?
>>>>
>>>> Pieter
>>>>
>>>>
>>>> On 11/15/2016 10:36 AM, Wikus Van Dyk wrote:
>>>>> Hmmm , interesting. I am not behind a firewall. Private connection on
>>>>> a normal ADSL with auto ip on one machine , and Telkom mobile also
>>>>> with auto ip on the other machine.
>>>>>
>>>>> Of those sites you listed I only use takealot as well. Went in there
>>>>> now , works for me also.
>>>>>
>>>>> So seems I am just unlucky that most of the ones I use has an issue
>>>>> and the issue is server side.
>>>>>
>>>>> So now I wonder if it's safe to access problematic ones with firefox
>>>>> that don't give an error , or should I rather wait until
>>>>> chromium don't have an issue with them any more. But some I access on
>>>>> daily basis and will be difficult not to use.
>>>>>
>>>>> - Wikus
>>>>>
>>>>>
>>>>> On 15/11/2016 10:24, Charl Le Roux wrote:
>>>>>> All I try work for me, the below examples as well.
>>>>>>
>>>>>> What I found at some clients are, if you are on their network they
>>>>>> use a firewall technology that inserts itself between you and the
>>>>>> network, essentially a man in the middle attack, so that they can
>>>>>> monitor that passes through their firewall. Chromium then gives you
>>>>>> the same error. Are you behind a corporate firewall? Or maybe your
>>>>>> ISP fiddling in between.
>>>>>>
>>>>>> takelot.com <http://takelot.com>
>>>>>> yahoo.com <http://yahoo.com>
>>>>>> openwrt.org <http://openwrt.org>
>>>>>> letsencrypt.org <http://letsencrypt.org>
>>>>>> opendns.com <http://opendns.com>
>>>>>> bitx.co <http://bitx.co>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> On 15 November 2016 at 10:00, Wikus Van Dyk <mazal.wikus at gmail.com
>>>>>> <mailto:mazal.wikus at gmail.com>> wrote:
>>>>>>
>>>>>> On my pc it is ALL https sites I visit. With a very few
>>>>>> exceptions , like gmail is one that works.
>>>>>> It's defnitely not just ABSA's site that has a problem.
>>>>>> The ABSA one on the pic I just added as an example for the list
>>>>>> to see the error.
>>>>>>
>>>>>> And with firefox all https sites I visit work. Including ABSA in
>>>>>> the example and all the others that gives errors as well works.
>>>>>>
>>>>>> So does a whole bunch of sites suddenly have a certificate
>>>>>> problem ? And if so why does firefox work with them and chromium
>>>>>> not ?
>>>>>>
>>>>>> - Wikus
>>>>>>
>>>>>>
>>>>>> On 15/11/2016 09:47, Charl Le Roux wrote:
>>>>>>> There seem to be a problem with the ABSA certificate. I connect
>>>>>>> to gmail, afrihost and rmbprivatebank as an example, without a
>>>>>>> problem, so I don't think you can say 'all' https sites present
>>>>>>> a problem. Ubuntu 16.04 desktop and chromium browser.
>>>>>>>
>>>>>>> On 15 November 2016 at 09:15, Anton May <antonmay at gmail.com
>>>>>>> <mailto:antonmay at gmail.com>> wrote:
>>>>>>>
>>>>>>> Yip, also picked it up with my home Ubuntu, but with my work
>>>>>>> Mint, it's fine.
>>>>>>>
>>>>>>> On 15 November 2016 at 08:56, Wikus Van Dyk
>>>>>>> <mazal.wikus at gmail.com <mailto:mazal.wikus at gmail.com>> wrote:
>>>>>>>
>>>>>>> Hallo everyone ,
>>>>>>>
>>>>>>> Using Ubuntu 16.04 64bit , updated.
>>>>>>>
>>>>>>> The last few days chromium can't connect securely to any
>>>>>>> https site. Saying it's unsafe and connection is not
>>>>>>> private.
>>>>>>> Firefox though has none of these issues on the same
>>>>>>> sites and shows all of them secure.
>>>>>>>
>>>>>>> This happens on both my Ubuntu pc's and is not just one
>>>>>>> one specific pc.
>>>>>>>
>>>>>>> ( see attached pics for example )
>>>>>>>
>>>>>>> Has chromium developed a problem ? Or is firefox less
>>>>>>> strict ? I prefer to use chromium but this makes me nervous.
>>>>>>>
>>>>>>> - Wikus
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> ubuntu-za mailing list
>>>>>>> ubuntu-za at lists.ubuntu.com
>>>>>>> <mailto:ubuntu-za at lists.ubuntu.com>
>>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>> <https://lists.ubuntu.com/mailman/listinfo/ubuntu-za>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Regards,
>>>>>>> Anton May
>>>>>>>
>>>>>>> --
>>>>>>> ubuntu-za mailing list
>>>>>>> ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>
>>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>>> <https://lists.ubuntu.com/mailman/listinfo/ubuntu-za>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> Charl le Roux
>>>>>>> Mobile: +27834520405 <tel:%2B27834520405>
>>>>>>> Email: charl.leroux at gmail.com <mailto:charl.leroux at gmail.com>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>> --
>>>>>> ubuntu-za mailing list
>>>>>> ubuntu-za at lists.ubuntu.com <mailto:ubuntu-za at lists.ubuntu.com>
>>>>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-za
>>>>>> <https://lists.ubuntu.com/mailman/listinfo/ubuntu-za>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> Charl le Roux
>>>>>> Mobile: +27834520405
>>>>>> Email: charl.leroux at gmail.com <mailto:charl.leroux at gmail.com>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>
>>
>
>
>
-----BEGIN PGP SIGNATURE-----
iQEcBAEBCAAGBQJYKtELAAoJEBLvBEMz89HRw74H/1tA26/WYVblag0er4Z2ze3c
frZoOrn8+WBd7JVpMqLkzTo679q0lUXbbg1EalhM+oX4UOT7T6kif38Xl7w9X18Q
7KNpbUpb2SgHQePNzRb1H43ucL3G1/ofJ+cX80oKvtg29OhYY1Qm6VxwircqEuWi
1dFEqwrsHX92spTeRpaaDCUGaQ8euEKQHNRaFnmhdXSGSPpTBYmJYhUGz1b3bt9l
ks6qH1ALb2dPyk+k2FjkWfYAqyIu5BFCbhFzDKH7ORI5qxW7BF9bf14cYGbga1IW
9o/QI4Z9egcB0J7zCYXi1YjK1z33XWHTzMzQxJBcZRLc2mdffsS32xKxnGB7ITA=
=ALyp
-----END PGP SIGNATURE-----
More information about the ubuntu-za
mailing list