1

If I try to access a number of websites including main stream banking sites like https://bank.barclays.co.uk on my Linux Mint PC, Google Chrome reports that the certificate has been revoked and will not let me access the site. I've tried in an incognito window (thereby disabling all extensions) and it does exactly the same.

I've also tried Chromium and Firefox - these both work fine, so as far as I can tell it can't be anything to do with the computer's configuration (e.g. the time).

I've compared the certificate fingerprints reported as okay by Chromium and the one reported as not okay by Chrome - they are the same. I've also compared the certificate with the one reported on https://www.grc.com/fingerprints.htm and that matches too.

I've also tried going into the settings and clearing all browsing data, but this didn't make any difference either.

Interestingly, some websites like https://youtube.com work correctly.

Having proven I'm not being hacked on my home wifi and that the computer is set up properly (due to Chromium and Firefox being okay), I'm really struggling to see what the problem with Chrome is.

I'm using Google Chrome version 47.0.2526.106 (64-bit) on Linux Mint 16 Petra.

Improve this question
4
  • Could you show a screenshot of this "revoked" message please?
    – Matthew
    Commented Dec 17, 2015 at 20:46
  • Same here with Chromium 37.0.2062.120 on Debian Wheezy. First noted on twitter.com around 20:00 Dec 17th 2015 UTC.
    – malclocke
    Commented Dec 17, 2015 at 22:29
  • Here's an example from a Gandi cert: bit.ly/1RrXZc7 I first got the error with the Comodo cert on news.ycombinator.com.
    – xn.
    Commented Dec 17, 2015 at 22:46
  • Common factor for all failing certs for me seems to be the top level CA Builtin Object Token: VeriSign Class 3 Public Primary Certification Authority - G5 with SHA256 fingerprint 9A CF AB 7E 43 C8 D8 80 D0 6B 26 2A 94 DE EE E4 B4 65 99 89 C3 D0 CA F1 9B AF 64 05 E4 1A B7 DF
    – malclocke
    Commented Dec 17, 2015 at 23:53

2 Answers 2

Reset to default
3

An explanation for this is listed here - https://code.google.com/p/chromium/issues/detail?id=570892

To quote:

There are >10 versions of the "VeriSign Class 3 Public Primary Certification Authority - G5" certificate. Some of them are signed by the certificate being removed ( https://googleonlinesecurity.blogspot.com/2015/12/proactive-measures-in-digital.html ), while others are "self-signed". OS X has trusted the self-signed version for some time; however, if you have locally installed one of the "cross-signed" versions, then it will take precedence.

The following steps fixed this for me:

  • Go to chrome://components
  • If CRLSet is lower than 2698 click on 'Check for update'
  • I then had to restart Chromium, YMMV.
Improve this answer
1
  • Brilliant, that seems to have fixed it for me. Thanks!
    – Al.
    Commented Dec 21, 2015 at 18:29
0

The root cause is that Google decided not to trust the root cert. They seems rollbacked the change already though.

Google official states as follows,

Proactive measures in digital certificate security https://googleonlinesecurity.blogspot.com/2015/12/proactive-measures-in-digital.html

Improve this answer
2
  • 1
    Although this may answer the question, you should give a more detailed description of the linked content and explain how it relates to the question. This will help ensure that this answer remains useful in the event the linked page is removed or goes offline. For more information, see this Meta Stack Exchange post.
    – bwDraco
    Commented Dec 18, 2015 at 0:35
  • The CA cert listed in this link does not appear to be the one causing the issue for me, it has a different fingerprint.
    – malclocke
    Commented Dec 18, 2015 at 2:49

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .