1

I am trying to view a https site (which worked perfectly fine till yesterday) and Chrome is showing me that the site's security certificate is not trusted.

I am on a home network. How can I know if the certificate is a problem or my network ?

error message server certificate

Improve this question
3
  • Please put the Certificate details that you get the warning on.
    – AdnanG
    Commented Aug 30, 2013 at 10:28
  • @AdnanG I added the certificate in the question. Kindly help.
    – Sairam
    Commented Aug 30, 2013 at 10:46
  • I checked the site and it showed no error to me. The Chrome version I am on is 29.0.1547.62 m. I hope that you don't have a MITM and that the certificate error not vanish because the certificate was added to you store. I suggest that you check the site with firefox and if you get the error again, you need to worry.
    – AdnanG
    Commented Aug 30, 2013 at 10:54

3 Answers 3

Reset to default
3

If the Web browsers states that the certificate is not to be trusted, then, basically, you cannot trust it. If there was a simple method to validate whether a certificate is good or not, besides certificate validation, then browsers would apply it.

The above is not entirely true: there is one method to validate a certificate, that browsers cannot do. You can phone the organization which owns the expected HTTPS server; here, apparently, the Bureau of Consular Affairs, from the US Department of State. Ask to talk to a sysadmin, and have him spell out, over the phone, the SHA-1 fingerprint of his certificate (40 hexadecimal characters). Compare with what your browser shows you (it is at the end of the "certificate details"). If the values match (exactly), then the certificate is genuine and you may proceed. This validation method, of course, assumes that a phone call is trustworthy and won't be intercepted (in particular, how you obtain the correct phone number might be subject to malicious alterations), and also that a US administrative bureau will have someone to answer the phone and will accept to forward your call to a sysadmin who has time to answer, and a clue about what SSL and certificates can be (that's his job, but being assigned to a task has never guaranteed competence).

Even if you can make sure that the certificate is real, then this begs the question of why the certificate was declared incorrect by the browser. This can be the consequence of a number of possible mishaps, including a failure to renew a certificate on time, or even a bug in the browser code.

Improve this answer
3
  • I think you where close, Look at the "Not valid before" time, I think he connected too early (or at least his machine thought it was too early) for the certificate to be valid.
    – Scott Chamberlain
    Commented Aug 30, 2013 at 17:30
  • Oh yes, indeed. When the clock of your PC is off, you may encounter "invalid certificates". Make it off by a few years and the whole Web becomes "invalid". Here, the certificate was very recently renewed so it is possible that the OP's machine has a clock which is a bit late -- or configured in the wrong time zone.
    – Tom Leek
    Commented Aug 30, 2013 at 17:53
  • I could not have restarted the browser after 29 Aug which could have caused the problem. May be Chrome has a problem with trusting https certificates if launch time < 'not valid before' time ? I will need to verify if this is the problem on a recently signed cert.
    – Sairam
    Commented Aug 30, 2013 at 19:02
1

The Chrome version was few hours old. Updating my Chrome version and restarting Chrome fixed the above problem.

Improve this answer
2
  • Interesting because I believe Chrome uses the Microsoft cert trust store. Are you sure you didn't update Windows as well?
    – JZeolla
    Commented Aug 30, 2013 at 14:24
  • 1
    @SteelCityHacker This is on a Mac
    – Sairam
    Commented Aug 30, 2013 at 18:53
1

I would bet dollars to donuts that this was the problementer image description here

That was yesterday morning. They just replaced their certificate, and a number of things could have happened to make the browser think that it was before 5:30 AM yesterday morning

  • You really connected before 5:30 AM
  • The time on your machine is wrong (could be either the current time or the timezone)
  • Chrome messed up the timezone math to figure out India Standard Time

The fact that it works now but not before reenforces the idea that this is what happened.

Improve this answer
2
  • I could not have restarted the browser after 29 Aug which could have caused the problem. May be Chrome has a problem with trusting https certificates if launch time < 'not valid before' time ?
    – Sairam
    Commented Aug 30, 2013 at 18:58
  • I find that not as likely (I don't see a reason they would store the start time) however I very easily could see a math bug for calculating the correct time zone offset.
    – Scott Chamberlain
    Commented Aug 30, 2013 at 19:00

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .