New issue
Advanced search Search tips

Issue 868053 link

Starred by 1 user
Status: WontFix
Owner: ----
Closed: Jul 27
Cc:
eranm@chromium.org
asymmetric@chromium.org
rsleevi@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 3
Type: Bug



Sign in to add a comment

Incesure connection warning after update, althoug connection should be (is) secure

Reported by sec.el...@gmail.com, Jul 26 
Chrome Version       : 68.0.3440.75
OS Version: 10.0
URLs (if applicable) : https://nolp.dhl.de/
Other browsers tested:
  Add OK or FAIL after other browsers where you have tested this issue:
     Safari: -
    Firefox: OK
    IE/Edge: OK (IE)

What steps will reproduce the problem?
1. Open https://nolp.dhl.de/
2.
3.

What is the expected result?
See the site https://nolp.dhl.de/

What happens instead of that?
Chrome shows a full page warning for an insecure connection (NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)

Please provide any additional information below. Attach a screenshot if
possible.

UserAgentString: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.75 Safari/537.36
2018-07-26 22_00_25-Datenschutzfehler.png
52.4 KB View Download

Comment 1 by dtapu...@chromium.org, Jul 26

Components: Internals>Network>CertTrans

Comment 2 by mmenke@chromium.org, Jul 26 

From net/docs/certificate-transparency.md:

For all new certificates issued after 30 April 2018, Chrome will require that
the certificate be disclosed via Certificate
Transparency (https://groups.google.com/a/chromium.org/d/msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ).
If a certificate is issued after this date and neither the certificate nor
the site supports CT, then these certificates will be rejected as untrusted, and
the connection will be blocked. In the case of a main page load, the user will
see a full page certificate warning page, with the error code
`net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED`. If you receive this error, this
indicates that your CA has not taken steps to make sure your certificate
supports CT, and you should contact your CA's sales or support team to ensure
you can get a replacement certificate that works.

Comment 3 by vamshi.kommuri@chromium.org, Jul 27

Labels: Needs-Triage-M68

Comment 4 by viswa.karala@chromium.org, Jul 27

Labels: Needs-Feedback Triaged-ET
Unable to reproduce the issue on chrome reported version# 68.0.3440.75 using Windows-10 with steps mentioned below:
1) Launched chrome reported version and navigated to URL: https://nolp.dhl.de/
2) Able to navigated to the page 

@Reporter: Please find the attached screenacast for your reference and provide your updates on comment# 2.

Thanks!
868053.mp4
1.3 MB View Download

Comment 5 by agwa-bugs@mm.beanwood.com, Jul 27 

nolp.dhl.de is now serving a new certificate, issued yesterday, which complies with Chrome's CT policy.

For reference, this is the non-compliant certificate which I previously observed: https://crt.sh/?sha256=638A5A1ADBA2192A861253480E0D57DE94C4B10B47BE1ED5110CC36C8F670EB2

Comment 6 by mmenke@chromium.org, Jul 27

Status: WontFix (was: Unconfirmed)
Closing issue, per comment 5.

Sign in to add a comment