New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
link

Issue 867979: Symantec PKI Distrust Impact Tracking

Reported by asymmetric@chromium.org, Jul 26 2018 Project Member

Issue description

All remaining certificates issued from the Legacy Symantec PKI are being distrusted starting in M70 ( crbug.com/796230 ). As of the point this code landed, there are many top sites using certificates that are impacted by this change.

This bug is to track impact and site breakage and coordinate outreach to ensure affected site operators replace the distrusted certificates in time.

Original announcement:
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html

Instructions for affected site operators:
https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html
 

Comment 1 by asymmetric@chromium.org, Jul 26 2018

Description: Show this description

Comment 2 by awhalley@google.com, Jul 27 2018

Cc: awhalley@chromium.org

Comment 3 by rsleevi@chromium.org, Jul 28 2018

 Issue 868378  has been merged into this issue.

Comment 4 by rsleevi@chromium.org, Jul 28 2018

Cc: abdulsyed@chromium.org ligim...@chromium.org ajha@chromium.org gov...@chromium.org rsleevi@chromium.org nyerramilli@chromium.org
 Issue 868334  has been merged into this issue.

Comment 5 by rsleevi@chromium.org, Aug 1

Issue 869201 has been merged into this issue.

Comment 6 by rsleevi@chromium.org, Aug 1

Issue 869174 has been merged into this issue.

Comment 7 by mattm@chromium.org, Aug 2

 Issue 870334  has been merged into this issue.

Comment 8 by mattm@chromium.org, Aug 3

Cc: allendam@chromium.org geohsu@chromium.org vsu...@chromium.org avkodipelli@chromium.org posciak@chromium.org
 Issue 870911  has been merged into this issue.

Comment 9 by a...@chromium.org, Aug 5

 Issue 870778  has been merged into this issue.

Comment 10 by wanderview@chromium.org, Aug 5

Cc: wanderview@chromium.org

Comment 11 by cthomp@chromium.org, Aug 7

Cc: cthomp@chromium.org
 Issue 871282  has been merged into this issue.

Comment 12 by gl...@pilot.com, Aug 8

https://accounts.intuit.com/ is affected by this issue; can't access it in M70 canary.

Comment 13 by qq605231...@gmail.com, Aug 10

it seems a lot of sites is affected, is there a temporary way or some special flag to bypass the check?

Comment 14 by wanderview@chromium.org, Aug 10

This issue affects the bill-pay feature on bankofamerica.com.  Login required from main site, but the internal failing origin is:

https://billpay-ui.bankofamerica.com/

The main BoA sites seem unaffected.

Comment 15 by nhar...@chromium.org, Aug 13

 Issue 873446  has been merged into this issue.

Comment 16 by rsleevi@chromium.org, Aug 14

 Issue 874052  has been merged into this issue.

Comment 17 by rsleevi@chromium.org, Aug 14

 Issue 874049  has been merged into this issue.

Comment 18 by nhar...@chromium.org, Aug 14

Issue 874137 has been merged into this issue.

Comment 19 by craigtumblison@chromium.org, Aug 14

Labels: Hotlist-ConOps

Comment 20 by aska...@chromium.org, Aug 14

Issue 867830 has been merged into this issue.

Comment 24 by posciak@chromium.org, Aug 15

 Issue 870897  has been merged into this issue.

Comment 26 by ajha@chromium.org, Aug 17

Same error in paypal.com as well  Issue 839935 , C#7.

Comment 27 by nepper@chromium.org, Aug 17

www.paydirekt.de - online payment provider endorsed/promoted by major German banks

Comment 28 by rsleevi@chromium.org, Aug 17

Cc: viswa.karala@chromium.org
 Issue 874480  has been merged into this issue.

Comment 29 by rsleevi@chromium.org, Aug 17

 Issue 874505  has been merged into this issue.

Comment 35 by dtapu...@chromium.org, Aug 22

 Issue 874507  has been merged into this issue.

Comment 36 by eroman@chromium.org, Aug 22

Japan Airlines:  https://www121.jal.co.jp/

Comment 37 by aidrees@chromium.org, Aug 23

Labels: Hotlist-ConOps-CrOS

Comment 38 by go...@goerisch.net, Aug 26

German Railway https://www.bahn.de

Comment 41 by asvitk...@chromium.org, Aug 29

Air Canada and United are affected. Can't book flights.

Comment 45 by srikanthg@chromium.org, Aug 31

Are we adding the list of all sites that are effected to this change? If yes, here is one more. https://appleinsider.com/
Its better to share a Google Form and collect all the URLs into a spreadsheet.

Comment 46 by rsleevi@chromium.org, Oct 3

Cc: asymmetric@chromium.org
 Issue 891522  has been merged into this issue.

Comment 49 by rsleevi@chromium.org, Oct 15

Cc: susan.boorgula@chromium.org
 Issue 893513  has been merged into this issue.

Comment 52 by dtapu...@chromium.org, Oct 16

 Issue 895848  has been merged into this issue.

Comment 53 by jim.dan...@gmail.com, Oct 17

Possible interaction with OpenDNS and/or Netgear C7000 parental controls features and settings. This was reported by a user on Chromebook Central.

User was blocked from accessing Google services (Gmail, YouTube. Google Docs and Google Sheets) and Facebook, with the error NET::ERR_CERT_AUTHORITY_INVALID

https://productforums.google.com/forum/#!topic/chromebook-central/3kn9cDwb0FA

Removal of OpenDNS and turning off router's parental controls solved the issue. Further investigation is ongoing.

Sign in to add a comment