Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


WoSign SSL working in Chrome?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

WoSign SSL working in Chrome?

I get NET::ERR_CERT_REVOKED in Chrome - but in FF and Safari cert seems to work...

Comments

  • joepie91joepie91 Member, Patron Provider
    edited April 2017

    See here: https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

    TL;DR: Use a different, more trustable certificate provider. Let's Encrypt provides automated free certificates.

  • @joepie91 - I know about that, but that affects new certs only - this is an old cert and has been working up until today. Possibly I may be hitting a local firewall or security device, but then I don't understand why my other browsers would still work.

  • @jeromeza said:

    Possibly I may be hitting a local firewall or security device, but then I don't understand why my other browsers would still work.

    Yup chrome completely block wosign ssl, few of my domain affected by this. My cert created 1 year before ban.

  • @jeromeza said:
    @joepie91 - I know about that, but that affects new certs only - this is an old cert and has been working up until today. Possibly I may be hitting a local firewall or security device, but then I don't understand why my other browsers would still work.

    One by one my Startcom certificates are not being trusted in chrome either.

    The block isn't at the OS level, windows still marks the certificate as valid. Chrome made the decision of blocking old certificates. They made an announcement on how they were going to do it, if I wasn't on mobile I would link it.

    Other companies also said they weren't going to trust them, Apple and firefox made statements but not sure if they are going to block old certs as well.

  • rokokrokok Member

    One of my old cert still working fine

  • BopieBopie Member

    @jeromeza said:
    @joepie91 - I know about that, but that affects new certs only - this is an old cert and has been working up until today. Possibly I may be hitting a local firewall or security device, but then I don't understand why my other browsers would still work.

    As far as i have read you are wrong, they decided to completely block all of the certs just to do it in waves and not all at once

  • joepie91joepie91 Member, Patron Provider

    @jeromeza said:
    @joepie91 - I know about that, but that affects new certs only - this is an old cert and has been working up until today. Possibly I may be hitting a local firewall or security device, but then I don't understand why my other browsers would still work.

    Read the article I linked carefully:

    In subsequent Chrome releases, these exceptions will be reduced and ultimately removed, culminating in the full distrust of these CAs. This staged approach is solely to ensure sites have the opportunity to transition to other Certificate Authorities that are still trusted in Google Chrome, thus minimizing disruption to users of these sites. Sites that find themselves on this whitelist will be able to request early removal once they’ve transitioned to new certificates.

    The acceptance of old certificates was a grace period, intended for you to use to move away to a different certificate provider.

  • TheKillerTheKiller Member
    edited April 2017

    They started distrusting Wosign in Chrome v57. Already moved to Let's Encrypt.

    Edit: They distrusts all certificates issued before/after Oct 2016.

  • Thanks guys - guess i'm updating my certs then ;) I understood it to be all NEW certs would be penalized and all old certs would remain valid.

Sign In or Register to comment.