New issue
Advanced search Search tips

Issue 810671 link

Starred by 3 users
Status: Duplicate
Merged: issue 786732
Owner: ----
Closed: Feb 2018
Cc:
elawrence@chromium.org
ellyjo...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Mac
Pri: 2
Type: Bug



Sign in to add a comment

https connection refused ERR_CERT_INVALID on macOS 10.13.3

Reported by michael....@zalando.de, Feb 9 2018 
UserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36

Steps to reproduce the problem:
1. use macOS 10.13.3
2. use your own company CA and intermediate Certificate
3. all required Certs a trusted on the system
4. https with Safari works
5. call url with chrome - connection refused

What is the expected behavior?
in macOS 10.12 the connection works fine without any errors

What went wrong?
It seems, that Chrome can not access to the macOS Keychain Certificate Store. I have this problem on different machines and also with public Certificates. (e.q. COMODO RSA Organization Validation Secure Server CA). 
If i open the Developer Tools and go to "Security" Tab,i am not able to click the Button "View Certificate", it seems like a disabled button.

Did this work before? N/A 

Chrome version: 64.0.3282.140  Channel: stable
OS Version: OS X 10.13.3
Flash Version: 

I removed all Certificates and installed again and reinstall also Chrome.
chrome.png
142 KB View Download
Safari.png
218 KB View Download

Comment 1 by michael....@zalando.de, Feb 9 2018 

delete all preferences does also not help!

Comment 2 by elawrence@chromium.org, Feb 9 2018

Components: Internals>Network>Certificate
Labels: -Type-Bug-Security -Restrict-View-SecurityTeam Type-Bug
Please capture a network log (https://dev.chromium.org/for-testers/providing-network-details) or copy all of the "PEM encoded certificate" details from the blocking page and attach it to this issue.

In most cases, the root cause of this bug is that the certificate has been generated incorrectly in some way. For instance, the time fields in the certificate are encoded incorrectly (without a seconds field, or in the wrong ASN1 type) or the certificate is in V1 format with V3 extensions. There are other cases as well (e.g. overlong serial number, issue 786732, unknown cause Issue 763631).

Comment 3 by manoranj...@chromium.org, Feb 9 2018

Cc: ellyjo...@chromium.org

Comment 4 by elawrence@chromium.org, Feb 9 2018

Labels: Needs-Feedback

Comment 5 by michael....@zalando.de, Feb 9 2018 

ok i think we can close this issue. The debug output say also Invalid serial number length(64), must be 1…20. I am just wondering why chrome does not show this error to the user.
Project Member

Comment 6 by sheriffbot@chromium.org, Feb 9 2018

Cc: elawrence@chromium.org
Labels: -Needs-Feedback
Thank you for providing more feedback. Adding requester "elawrence@chromium.org" to the cc list and removing "Needs-Feedback" label.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by elawrence@chromium.org, Feb 9 2018

Mergedinto: 786732
Status: Duplicate (was: Unconfirmed)
RE #5: Thanks for the update. Yes, improving error handling may be helpful here, but there are so many different ways that a certificate can be invalid that it would be a significant undertaking.

Sign in to add a comment