0

When I want to access sites like howtogeek or khan academy on Chromium based browsers, the following privacy error occurs: Error picture

I do the first solution in this question but didn't work. I'm using latest version of chrome but I try this sites on opera and microsoft edge too, but the problem was still there. the only browser that worked for me was firefox.
Please explain why does this happen and how to solve it.

Mohammad Sadra Sharifzadeh
  • 1
  • “Please explain why does this happen and how to solve it.” - You are probably connected to a proxy or you have third-party security software scanning your HTTPS traffic. Of course in order to do that you have to be served the incorrect certificate for the website. The error in question is linked to being served an insecure SSL/TLS certificate for the website. Firefox works because it does NOT use the OS certificate store so the certificate is secure. Contact your IT Administrator if your connected to an AD domain. – Ramhound Jun 22 '21 at 13:01
  • Possible duplicate of [this](https://superuser.com/questions/1083766/how-do-i-deal-with-neterr-cert-authority-invalid-in-chrome) question – Ramhound Jun 22 '21 at 13:03
  • What OS/platform is this on? Chrome & Chromium at least normally (and now including Edge) uses the platform's truststore, while Firefox uses its own. – dave_thompson_085 Jun 22 '21 at 13:03
  • @Ramhound: usually that's the other way at least on Windows; Firefox rejects the faked interceptor cert, but Chrome/ium/Edge and IE use the Windows store which has been autopopulated by Group Policy and accept it. – dave_thompson_085 Jun 22 '21 at 13:05
  • @dave_thompson_085 - You have said exactly what I have said just in another way. Bottom line is Firefox works because of its own certificate store. Edge (Windows), Opera, and Chrome all use the Windows certificate store. Just because the certificate is there doesn’t mean it’s valid. Chrome has built in checks for Google websites. – Ramhound Jun 22 '21 at 13:07
  • @Ramhound I checked proxy setting and choose Never Dial a Connection. how do I check third-party security softwares? – Mohammad Sadra Sharifzadeh Jun 22 '21 at 13:19
  • @dave_thompson_085 Windows 7 – Mohammad Sadra Sharifzadeh Jun 22 '21 at 13:23
  • @MohammadSadraSharifzadeh - Add/Remove Programs? It’s your system what security software do you have installed and have you configured it to scan your secure HTTP traffic. Make sure you have all Windows updates installed many of the updates released before Windows 7 support ended were with regards to SSL/TLS certificate support for SHA2 – Ramhound Jun 22 '21 at 13:28
  • @Ramhound - is there any way to find which program is scanning HTTP? because I have lots of softwares and I can't check them all (maybe it's a malware?) – Mohammad Sadra Sharifzadeh Jun 22 '21 at 13:32
  • @MohammadSadraSharifzadeh - Only you would be aware if you have security software installed that scans HTTPS traffic installed on your system. – Ramhound Jun 22 '21 at 16:13
  • @Ramhound: so if there were an interceptor Chrome and Edge should accept it (because the Windows store is polluted) but Firefox should reject it. But that's the opposite of what OP has occurring: Chrome/Edge reject these connections, and Firefox accepts them. – dave_thompson_085 Jun 24 '21 at 05:31
  • Mohammad: Windows 7 is EOL and _may_ no longer get root-ca update; I don't recall for sure if it got the 'automatic cert update' feature several years ago and in any case I don't know if that feature cares about EOL. Anyway, run certmgr.msc and look in Trusted Root CAs for an entry labelled GlobalSign which if you expand it has validity 2009-03-18 to 2029-03-18 and sha1 fingerprint D69B561148F01C77C54578C10926DF5B856976AD -- i.e. [this cert](https://crt.sh/?id=443850). That is the root used by the websites you name, if your connection is _not_ intercepted. – dave_thompson_085 Jun 24 '21 at 05:32
  • Dave: I checked my certificates and there are 2 GlobalSigns: 1- GlobalSign (with validity from 2006-12-15 to 2021-12-15) 2-GlobalSign Root CA (with validity from 1998-9-1 to 2028-1-28) it seems that I don't have certificate you specified. what should I do? – Mohammad Sadra Sharifzadeh Jun 25 '21 at 06:49

0 Answers0