ronmanp 2 Posted July 3, 2015 Posted July 3, 2015 (edited) Following these hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3724steps I can now encrypt traffic to/from the web console. In IE it is trusted without any warnings which is what I want: In Chrome I get this warning with a red streak through. I have many other web services and they don't have that issue with Chrome. Anyone experiencing something similar? Thanks, Edited July 3, 2015 by ronmanp
Solution centrex 1 Posted July 6, 2015 Solution Posted July 6, 2015 Thats part of Google's crusade against weak ciphers etc. For example they are phasing out SHA-1 Summary The use of SHA-1 within TLS certificates is no longer sufficiently secure. This is an intent to phase them out (in 2-3 years). In order to make such a phase-out execute smoothly, rather than be an Internet flag day, we will be degrading the experience when these certificates are used in the wild. The following changes to Chromium's handling of SHA-1 are proposed: - All SHA-1-using certificates that are valid AFTER 2017/1/1 are treated insecure, but without an interstitial. That is, they will receive a degraded UI indicator, but users will NOT be directed to click through an error page. - Additionally, the mixed content blocker will be taught to treat these as mixed content, which WILL require a user action to interact with. - All SHA-1-using certificates that are valid AFTER 2016/1/1 are treated as insecure, but without an interstitial. They will receive a degraded UI indicator, but will NOT be treated as mixed content.
ronmanp 2 Posted July 6, 2015 Author Posted July 6, 2015 Thats part of Google's crusade against weak ciphers etc. For example they are phasing out SHA-1 Summary The use of SHA-1 within TLS certificates is no longer sufficiently secure. This is an intent to phase them out (in 2-3 years). In order to make such a phase-out execute smoothly, rather than be an Internet flag day, we will be degrading the experience when these certificates are used in the wild. The following changes to Chromium's handling of SHA-1 are proposed: - All SHA-1-using certificates that are valid AFTER 2017/1/1 are treated insecure, but without an interstitial. That is, they will receive a degraded UI indicator, but users will NOT be directed to click through an error page. - Additionally, the mixed content blocker will be taught to treat these as mixed content, which WILL require a user action to interact with. - All SHA-1-using certificates that are valid AFTER 2016/1/1 are treated as insecure, but without an interstitial. They will receive a degraded UI indicator, but will NOT be treated as mixed content. Oh that's why other services I have running don't have that issue. It's because they expire before 2017/1/1. Thanks for that info. Looks I'll have to upgrade my CA then.
Recommended Posts