https://drive.google.com/open?id=0B-PnHjbdw-Gwd2liV3hYWTlQUVk

Could you please provide the sample URL for testing from our end.

But I see after search, Chrome 56 block new certificat delivered by StartCom Certification Authority ? exact or no?
Chrome use windows certificat store (on windows); if block StartCom is exact, how to manage this new block list in chrome ?

and I found solution for HSTS in chrome://net-internals to delete HSTS for this URL. and after I can bypass alert.

All chain certificat seems good; Chrome never say why it's unsecure. (CERT_AUTHORITY_INVALID but all are valid)

and with recent chrome version, Chrome not display certificate, must use developer tools to display détail. Does not really help the security of hiding the root certificate; for all other browser can easy access to certificat chain. (or old chrome version)

I'd like to add a screenshot of the problem with regard to the missing certificate information. There is no place to click to examine the certificate chain unless you dig deep into the developer tools. 

Version 56.0.2924.21 beta (64-bit) on Mac OS 10.12.1 (Sierra)

Deleted: Screen Shot 2016-12-14 at 1.29.06 AM.png 115 KB

	Screen Shot 2016-12-14 at 1.29.06 AM.png 115 KB View Download

Chrome reduce security since it hides certificat information! it's more important to see chain certificat as all settings (all set by default!).
User must know CTRL+SHIF+I and go to security !!

For example: Antivirus Avast can intercept packet and replace certificat by another.. certificat is good because signed by Avast and in trust root in computer..  Why other bad software can't make same?  And because it hard to check certificat autority with chrome now, continu by trusting chrome??

And for my problem: Chrome report bad certificat chain, but it's good, root and intermediate is trusted in my computer.. if chrome will block trusted certificat that I trust, please display it! or add certificat store (same as firefox, not linked with windows computer)

Appears to be related to  Issue 663971 

partially, it's my second problem;
First: now Chrome add blacklist root certificat, not know how to access or if can manage it, and when display chain...(with windows, it's managed by system) all is good but chrome say CERT_AUTHORITY_INVALID.
Chrome block StartCom Certification Authority with new delivered certificat  

Thank you for providing more feedback. Adding requester "tkonchada@chromium.org" for another review and adding "Needs-Review" label for tracking.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

after change certificat.. must close/restart chrome to see secure.
 if not secure/why not reload all object?

How can manage trusted root CA? I trust the free certificat from Startcom root CA.
Bizarre that the only 2 browsers blocking Startcom are the major sponsor of Let'Encrypt

Deleted: chrome_secure.png 34.0 KB

	chrome_secure.png 34.0 KB View Download

Adding certificate component to the issue hence they will help to triage the issue further.

Thank you!

Marking this as WontFix.

This is part of our announcement at https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html

This is the result of nearly a year long investigation into a series of irregularities and misissuances by the combined StartCom/WoSign management. Mozilla's statement, including much of the jointly-developed details regarding this, is available at https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

And yes,  Issue 663971  is the correct bug for the UI issue.

When Chrome blocks a root certificate for misissuance, no option to override is given, which is also the same for every other browser that takes steps to protect their users.

but if display chain certificat all is OK !!
Why chrome not use an internal trusted/untrusted store? if not respect now the windows CA store

and protect users?? how? you hide certificat CA name now in address bar! (see certificat is for dev?)
Just to not see, phishing website use now Let'sEncrypt free certificat?