I am trying to view a https site (which worked perfectly fine till yesterday) and Chrome is showing me that the site's security certificate is not trusted.
I am on a home network. How can I know if the certificate is a problem or my network ?
I am trying to view a https site (which worked perfectly fine till yesterday) and Chrome is showing me that the site's security certificate is not trusted.
I am on a home network. How can I know if the certificate is a problem or my network ?
If the Web browsers states that the certificate is not to be trusted, then, basically, you cannot trust it. If there was a simple method to validate whether a certificate is good or not, besides certificate validation, then browsers would apply it.
The above is not entirely true: there is one method to validate a certificate, that browsers cannot do. You can phone the organization which owns the expected HTTPS server; here, apparently, the Bureau of Consular Affairs, from the US Department of State. Ask to talk to a sysadmin, and have him spell out, over the phone, the SHA-1 fingerprint of his certificate (40 hexadecimal characters). Compare with what your browser shows you (it is at the end of the "certificate details"). If the values match (exactly), then the certificate is genuine and you may proceed. This validation method, of course, assumes that a phone call is trustworthy and won't be intercepted (in particular, how you obtain the correct phone number might be subject to malicious alterations), and also that a US administrative bureau will have someone to answer the phone and will accept to forward your call to a sysadmin who has time to answer, and a clue about what SSL and certificates can be (that's his job, but being assigned to a task has never guaranteed competence).
Even if you can make sure that the certificate is real, then this begs the question of why the certificate was declared incorrect by the browser. This can be the consequence of a number of possible mishaps, including a failure to renew a certificate on time, or even a bug in the browser code.
The Chrome version was few hours old. Updating my Chrome version and restarting Chrome fixed the above problem.
I would bet dollars to donuts that this was the problem
That was yesterday morning. They just replaced their certificate, and a number of things could have happened to make the browser think that it was before 5:30 AM yesterday morning
The fact that it works now but not before reenforces the idea that this is what happened.