I've seen that particular error too, and many other cert errors lately. It appears to be a combination of deprecated or compromised protocols no longer being accepted by up-to-date browsers where websites haven't updated their certs or servers, or older browsers that can't handle the new protocols implemented by some sites (Oh hello, IceCat and Midori!)
If you know and understand what's going on it may be safe to bypass the error, as in the case of the Transparency requirement - your session should still be encrypted, although there's a low risk it's encrypted with a spoofed cert. Certainly it's no more dangerous than using a browser that doesn't enforce that transparency requirement. Long term, it requires all browsers, servers, and cert authorities to come up-to-date, using mutually agreed on certs and protocols. But as long as vulnerabilities are being found and vulnerable practices are being deprecated we may never reach that state of equilibrium again. --Bob On November 16, 2016 9:42:51 PM EST, Michael Galea via talk <[email protected]> wrote: >I went to pay my cell providers bill via Chromium on Debian and it >threw >a "Site not secure" error at me. That was odd as I had paid at the >same >site many times before. > >I reported the problem to the cell provider's customer support line, >not >really expecting much. To my surprise they requested screenshots, and >I >provided them. > >The tech came back and replied, "I have seen this error before. Click >on >“ADVANCED” and you should then have an option to proceed to website and > >this should resolve the issue". :-) > >I replied that I would try paying by another means thanks, and that if >I >was seeing the site warning, others were likely to as well.. > >Google was reporting "Certificate Error : There are issues with the >site's certificate chain net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED)." >Apparently, Google started following a 2013 protocol that detects >fraudulent certificates, and the cell providers certificate vendor does > >not support it. > >Has anyone else seen these sorts of certificate problems, and why now? > >-- >Michael Galea >--- >Talk Mailing List >[email protected] >https://gtalug.org/mailman/listinfo/talk -- Bob Jonkman <[email protected]> Phone: +1-519-635-9413 SOBAC Microcomputer Services http://sobac.com/sobac/ Software --- Office & Business Automation --- Consulting GnuPG Fngrprnt:04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA
--- Talk Mailing List [email protected] https://gtalug.org/mailman/listinfo/talk
