New issue
Advanced search Search tips

Issue 787894 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Nov 2017
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Bug



Sign in to add a comment

Authority_Invalid for Google Internet Authority G3

Reported by larrylac...@yahoo.com, Nov 22 2017 
UserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.52 Safari/537.36

Steps to reproduce the problem:
1. go mail.google.com
2. 
3. 

What is the expected behavior?
opens GMail

What went wrong?
Fails with Connection is not private, NET::ERR_CERT_AUTHORITY_INVALID

Did this work before? N/A 

Chrome version: 63.0.3239.52  Channel: n/a
OS Version: 10.0
Flash Version: 

There are user Windows cert manager failures that prevent new root certs from being installed to Trusted Root Certs.

See Eric's blog: https://textslashplain.com/2017/10/23/google-internet-authority-g3/

Until today this failure had only blocked access to GMail and a few other sites (including Eric's text/plain blog).

Yesterday 11/20 I found a user who could not pickup repair attachments in the Chrome forum: here
https://productforums.google.com/forum/#!topic/chrome/0qEgUt2fc0w

I'm creating this CR, which still uses the G2 root cert, so that affected users can communicate here.

Comment 1 by larrylac...@yahoo.com, Nov 22 2017 

Oops, since I marked this as a security item, it's not generally visible.
Creating a public companion CR next..

Comment 2 by jialiul@chromium.org, Nov 22 2017

Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Status: WontFix (was: Unconfirmed)
Thanks for reporting! 
There are a number of reason why user will see the "connection not private" interstitial, from incorrect date/time setting, to VA injects mal-configured root cert, or to malware. 

And it seems not to be a Chrome/Chromium security vulnerability.

Mark as Won'tFix due to work as intended.

Comment 3 by larrylac...@yahoo.com, Nov 22 2017 

This particular failure case has been traced to a Windows cert manager failure to update (some) root certs, on a few user Windows platforms.

It would be helpful if someone could escalate this back to MicroSoft.
I filed a user community report here, which went nowhere:
https://answers.microsoft.com/en-us/windows/forum/windows_7-networking/google-mail-connection-is-not-private-new-root/d8a08efb-090d-410b-a541-cc1fed4639a6

This bug is a drain on the Chrome Forum support network.  Looks like we're still getting a few reports everyday.  I can provide links if needed.

See also companion publicly accessible  bug 787898  for details.

Sign in to add a comment