New issue
Advanced search Search tips

Issue 672275 link

Starred by 1 user
Status: Fixed
Owner:
eroman@chromium.org
Closed: Dec 2016
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

Security Certificate / Privacy Error ERR_CERT_AUTHORITY_INVALID

Reported by persepsi...@gmail.com, Dec 7 2016 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.75 Safari/537.36

Steps to reproduce the problem:
1. Go to any web address with the Symantec Symantec Class 3 Secure Server CA - G4 Security Certificate
2. 
3. 

What is the expected behavior?
Page to load

What went wrong?
Page does not load. Chrome displays a "Your connection is not private / ERR_CERT_AUTHORITY_INVALID" error. 

Did this work before? N/A 

Chrome version: 55.0.2883.75  Channel: stable
OS Version: OS X 10.9.5
Flash Version: Shockwave Flash 23.0 r0
net-internals-log (1).json
153 KB View Download

Comment 1 by awhalley@google.com, Dec 8 2016

Owner: eroman@chromium.org

Comment 2 by eroman@chromium.org, Dec 8 2016

Components: Internals>Network>Certificate
Per comment https://bugs.chromium.org/p/chromium/issues/detail?id=664177#c75, I believe the problem was your removal of the Symantec G5 root.

This means not just Chrome is impacted, but other browser on the system too (is that correct?)

To verify that the certificate is missing, open up Keychain:
On the left select "System Roots"; then under "Categories" select "All Items".
In the search box type G5.

On a default setup Mac you should get a result for:
   VeriSign Class 3 Public Primary Certification Authority - G5

My expectation is that on your system there is nothing.

If this is the case, the resolution is to add back G5 as a trusted certificate.

I am not a Mac expert, but I believe the best approach is to restore /System/Library/Keychains/ from a backup.
This is the safest approach, and doesn't require trusting me.

If you don't have a backup, you can try adding the certificate to your keychain manually.

I have attached the certificate to this bug thread, it should be sufficient to download and open it.

That said, installing a root certificate is a very security sensitive action, so I wouldn't advise users to follow such instructions (of randomly downloading and installing a certificate).

So consider the certificate a template for what to look for. But ideally you should obtain it from a verified source (if you have another computer you can copy it out of its keychain for instance).

Hope that helps,
Cheers

Comment 3 by eroman@chromium.org, Dec 8 2016 

Here is the root certificate I believe you deleted, and are now missing.
VeriSign Class 3 Public Primary Certification Authority - G5.cer
1.2 KB Download

Comment 4 by persepsi...@gmail.com, Dec 8 2016 

Success! You, my friend, are both a genius and supremely appreciated. 

Glad I have jussst enough tech savvy to ask for help in the right place. 

Thank you. <3

Comment 5 by eroman@chromium.org, Dec 8 2016

Status: Fixed (was: Unconfirmed)
Great, glad to hear it!
Project Member

Comment 6 by sheriffbot@chromium.org, Dec 8 2016

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify

Comment 7 by awhalley@google.com, Dec 13 2016

Labels: -Type-Bug-Security Type-Bug
Project Member

Comment 8 by sheriffbot@chromium.org, Mar 16 2017

Labels: -Restrict-View-SecurityNotify allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment