RSS

Tags

air application architecture coldfusion conferences flex javascript model-glue personal random rapid development server configuration software development stupidity tacfug tutorials wow

Why is my connection to Google, Gmail or HSTS Site Untrusted?

Posted By : Dan Wilson     February 14, 2016 10:20 AM

Connection to Google untrusted? Fix below!

Lately, I have had issues connecting to Google, Google Mail and other random services over the last few months. I did some digging today and fixed (I believe) the issue. If you are having problems with security messages like the below, try these steps to see if it fixes the problem. I'll put some narrative/background info below if you are curious as to my findings.

Here's an example of what I would see if I dug into the Untrusted Message:

How in the world is accuweather the actual cert for google?

Solution: Here's what I did.

In short, you need to remove the offending certificates. Your browser will re-ask for them and get the right ones

Google Chrome: (screen shots below)

  1. Click on the 3 horizontal lined Hamburger menu
  2. Click on Advanced Settings
  3. Click on HTTPS/SSL Manage Certificates
  4. Click on Untrusted Certificates Tab
  5. Remove all that said Fraudulent

Mozilla Firefox (screen shots below)

  1. Click on the 3 horizontal lined Hamburger menu
  2. Click on the Options button
  3. Click on the Advanced Menu on the right
  4. Click on the Certificates Tab
  5. Click on the View Certificates Button
  6. Click on the Servers Tab and remove the expired certificates

Google Chrome Screenshots

Mozilla Firefox Screenshots

Ok, so what is this all about?

From my research, certain sites using HSTS (HTTP Strict Transport Security) are throwing security alerts upon connection to pages on the domain. In March 2011 an HTTPS/TLS Certificate Authority (CA) was tricked into issuing fraudulent certificates. Patches to the major web browsers blacklisted a number of TLS certificates that were issued after hackers broke into the Certificate Authority. These were high value certs and likely state sponsored cyber-attacks from Iran. Below is the list of domains affected:

  • mail.google.com
  • www.google.com
  • login.yahoo.com
  • login.skype.com
  • addons.mozilla.org
  • login.live.com
  • global trustee

The weird thing about this, is my computer wasn't even manufactured in 2011. I purchased it in 2013! There must have been a recent update to either the servers matching the domains above, or to my browsers or operating system a few months ago. Regardless, connecting to the domains in the above list has been problematic with random security warnings and even blockages on my own computer.

Let me know if this fixed the problem for you!

Update: 11/21/2016

This problem has never really gone away. In fact, it drives me nuts! I did find some other things to do to help this go away.... try these steps if you are on windows:

  1. From the Control Panel, open network and sharing center
  2. On the left side- click on "Change advanced sharing settings"
  3. Click on home or work
  4. Check "turn off" for the first three questions.

Depending on the specifics you may also have to turn on password

16506 Views Print Print Comments (0) Stupidity, Random
del.ico.us del.icio.us Digg It! Digg It! Linking Blogs Linking Blogs

There are no comments for this entry.

Add Comment Subscribe to Comments

BlogCFC was created by Raymond Camden. This blog is running version 5.9.5.004. Contact Blog Owner