Why is my connection to Google, Gmail or HSTS Site Untrusted?

Connection to Google untrusted? Fix below!

Lately, I have had issues connecting to Google, Google Mail and other random services over the last few months. I did some digging today and fixed (I believe) the issue. If you are having problems with security messages like the below, try these steps to see if it fixes the problem. I'll put some narrative/background info below if you are curious as to my findings.

Here's an example of what I would see if I dug into the Untrusted Message:

How in the world is accuweather the actual cert for google?

Solution: Here's what I did.

In short, you need to remove the offending certificates. Your browser will re-ask for them and get the right ones

Google Chrome: (screen shots below)

  1. Click on the 3 horizontal lined Hamburger menu
  2. Click on Advanced Settings
  3. Click on HTTPS/SSL Manage Certificates
  4. Click on Untrusted Certificates Tab
  5. Remove all that said Fraudulent

Mozilla Firefox (screen shots below)

  1. Click on the 3 horizontal lined Hamburger menu
  2. Click on the Options button
  3. Click on the Advanced Menu on the right
  4. Click on the Certificates Tab
  5. Click on the View Certificates Button
  6. Click on the Servers Tab and remove the expired certificates

Google Chrome Screenshots

Mozilla Firefox Screenshots

Ok, so what is this all about?

From my research, certain sites using HSTS (HTTP Strict Transport Security) are throwing security alerts upon connection to pages on the domain. In March 2011 an HTTPS/TLS Certificate Authority (CA) was tricked into issuing fraudulent certificates. Patches to the major web browsers blacklisted a number of TLS certificates that were issued after hackers broke into the Certificate Authority. These were high value certs and likely state sponsored cyber-attacks from Iran. Below is the list of domains affected:

  • mail.google.com
  • www.google.com
  • login.yahoo.com
  • login.skype.com
  • addons.mozilla.org
  • login.live.com
  • global trustee

The weird thing about this, is my computer wasn't even manufactured in 2011. I purchased it in 2013! There must have been a recent update to either the servers matching the domains above, or to my browsers or operating system a few months ago. Regardless, connecting to the domains in the above list has been problematic with random security warnings and even blockages on my own computer.

Let me know if this fixed the problem for you!

Update: 11/21/2016

This problem has never really gone away. In fact, it drives me nuts! I did find some other things to do to help this go away.... try these steps if you are on windows:

  1. From the Control Panel, open network and sharing center
  2. On the left side- click on "Change advanced sharing settings"
  3. Click on home or work
  4. Check "turn off" for the first three questions.

Depending on the specifics you may also have to turn on password

Why my computer shut off automatically

One of my laptops used to immediately shut off. This always happened to me when I was in the middle of working on something important. Since the shutdown was immediate, not graceful, I would lose all my unsaved work.

I noticed this usually happened after the fan had been running. The fan would run at high speed for a while, then the computer would immediately shut off.

After a few months of this, my amazing powers of deduction led me to take apart the computer looking for some hardware issue. Here is what I found:

Apparently, there was a lot of dust blocking the fan exhaust. Once I removed all of this, the computer has always worked perfectly. It has not shut off automatically in 6 months.

I have no idea where this dust came from, by the way. I promise we are clean people!

Top 5 Reasons Why Twitter Is Jumping The Shark

I was an early adopter of Twitter. "How early?", you ask? Early enough to get DanWilson as my Twitter handle. Trust me, that is pretty darned early.

I used Twitter at first to keep up with the swarm at conferences. Many impromptu meetings, dinners, deals were organized over Twitter. When a particular conference ended, I'd turn off twitter notifications. Who needs the mobile going off every time someone posts "I'm waiting at a stop light" or "I like cashmere socks"... I'm sure you'll agree.

Twitter caught on. In a big way. Pretty much all large companies have Twitter accounts and social media strategies. This is just the evolution of the times I suppose. In spite of all of the growth, for me, Twitter is on the verge of jumping the shark.

[More]

Usability and Error Messages

I often consider usability when using web applications, especially when I am the user. Our lovely state of North Carolina, is very tech savvy and has a lot of online resources and help. Did you know that North Carolina was one of the first states to have it's own data center?

Today, I went online to change my address on my Driver License. Apparently there is some complication with my particular license (hopefully not a warrant out for my arrest :-) ) in the system and I need to go into a physical office for human assistance. As an application architect, I can see this is probably some poorly handled data condition. I can dig that, a computer can't handle EVERYTHING...

What prompted this post was a bit of musing on proper error messages. When humans interact with computers, by definition there is a depersonalization to the process. This depersonalization can add a level of harshness or friction into the equation, altering the perception of the organization to the user. Allow me to pontificate...

I often stay at nice hotels. Nice hotels always have extremely polite front desk staff to help check guests in. The check-in phase of the hotel stay sets the stage for perception. If the registration desk is nicely furnished, elegant and staffed with ultra-polite staff, guests perceive the hotel as a nicely furnished, elegant and ultra-polite and this perception sticks with them the entire trip. If there is some reason why a request can not be accommodated, say I ask for a room on the top floor and the top floor has already been booked, the registration staff apologize effusively and find a suitable arrangement. Even if I asked for something impossible, like a helicopter to take my bags to my room, the staff would politely and softly apologize that such a service was not available, then offer the services of a bellman for bag delivery.

Hotels definitely understand the human touch. Computers do not. Nor do the engineers that create applications. See, it was perfectly acceptable for some reason or another not to provide algorithms suitable for handling an address change with my specific type of license. The engineer probably had a meeting discussing just such an occurrence and it was deemed not critical for the application. So the engineer dutifully put in code to catch such an occurrence and then added an error message to halt the flow of the application. The engineer considered the application from the perspective of the application and this is what was implemented:


Ouch. Nothing like a BIG RED STOP SIGN.

STOP! It says.. The text, actually, isn't half bad because it attempts to explain the issue, "...Multiple Address Records..." and offer to help me find the nearest office. But, I reeled from the impact of that stop sign.

To stick with the hotel analogy, it was as if I approached the registration desk, asked for a room with a King Sized bed, and the clerk said, "We have no king beds" then slapped me across the face, WACK!

I'm sure all of this seemed rather normal for the Application Engineer, who had undoubtedly seen this error page hundreds of times before during testing and was desensitized to it. Me, however, expecting to see a helpful page allowing me to change my address, was a little taken aback by the HONKING BIG RED STOP SIGN OF DOOM CLUBBING ME LIKE A BABY SEAL.

So, I mused a little bit this morning and made a decision to pay a little more attention to the human factor and to usability. I challenge you to do the same in your applications.

Do you have a screenshot example of a ridiculously insulting error message? Submit a link of the image to me and I'll post it here for the amusement of others...

How To Use Gmail to Tame Runaway Mailing List Messages

I am on a lot of mailing lists. "How many?" You ask? I'm on 27 mailing lists as of right now. Most are low traffic so I can quickly scan the headlines and decide whether to read or remove. Some mailing lists are higher traffic and prone to extremely long (100 message) threads. These threads are rarely useful to me mostly because this exceptionally long thread count is pretty much only reached when 2 strong, anti-social personalities engage in a meaningless form of combat called Message of Attrition. Message of Attrition is like the arm-punch game you played as a kid. You know, the one where you punch someone in the arm, then they punch you in the arm. The cycle continues until one person realizes the sheer stupidity of the exercise and quits. The quitter walks away feeling intellectually superior. The 'winner' walks away feeling physically superior.

Is this the first you've heard of Message of Attrition? Can't say I blame you, I made up the term a few moments ago, mostly because I had a sentence that needed a clever ending.

So anyways, I used to get really annoyed by these long pointless message exchanges, mostly because I'm afflicted by a form of neurosis called InboxMustBeAtZeroitis. This condition affects countless numbers of our society and causes them to occasionally trigger a compulsion to unread/delete/read all email the second it comes in. We're doing a fund raiser right now to help those poor souls with the condition. To donate, please hold your credit card up to the screen...

Thankfully, the GMail folks have provides a calming balm for InboxMustBeAtZeroitis in the form of Mute. Have you ever wished your remote control worked in real life? Have you fantasized at pointing your remote control at a stubborn red light when no one is using the green side? If so, then Mute is for you. Here's how it works:

  1. Simply open a message (or use the checkboxes to select several messages)
  2. Drop down the More Actions control
  3. Select Mute
  4. Say "serenity now" three times, and feel the calming peace return to your body...

There, wasn't that easy?

And The Global Prize Of Number One Spammer Goes To

I started a blog so I could share interesting stuff I learned with others. This altruistic motive (and the thousands of adoring fans, of course) drive me to write, rewrite, edit, learn and otherwise put in work for more blogging. If there is a downside to blogging, it is comment spam.

Blog Comments themselves are wonderful outlets to continue the conversation and let others take part. Maybe some agree, maybe they disagree, maybe they have some important factual correction, Blog Comments are the blog authors way of allowing others to take part and contribute.

Blog Comment Spam is when a person or organization adds a comment to a blog article for the sole purpose of promoting some unrelated product or service. As a blog author, Blog Comment Spam on my blog feels like vandalism. Like some snot-nosed kid spray painted their name on the side of my house. In real life, if I caught the snot-nosed kid spray painting on my house, I'm turn him into a bloody-nosed kid in a New York Minute, KnowWhatIMeanVern?

I've got a number of comment spam protections on my blog and they work really well. The only thing I can do at this point to trim the spam submissions would be to block entire continents. A bit drastic, but I've definitely considered it. I mean, I know China has over a billion people, but do any of them actually read this blog?

These days, the only comment spam I actually get is promoting WoW. Apparently, people care about this video game so much they'll spend real money to get fake money so they can buy fake things for their fake character. I thought we lived in a materialistic society, but to contemplate what it means to have an entire industry around playing a video game to get fake money to sell to real people for real money so they can by fake things for their fake characters, is absolutely mind-blowing.

As an entrepreneur, I've hatched plenty of money making ventures. Had I thought about selling fake, electronic gold for real money, I'd have laughed myself out of the room. Yet, there are legions of people who troll around the Internet looking for blogs to vandalize to promote their WoW Gold.

For the record, I'll delete immediately any blog spam that happens to get through my layers of protection. So if you sell WoW gold, I recommend you get a life, a real job and get off this blog.

Libpurple I Hate You

I use both Pidgin and Adium for chat clients. Both use libpurple, which has always been a good thing... that is until 2-19-2009. Why does that day live in infamy, you ask? Well that is when Adium updated to a new version and broke my gTalk network.

The symptoms are kind of strange. I can connect Adium to gTalk and my contacts load and turn grey. When I right-click on a contact, I get an option to 'Re-request Authorization', almost like I was blocked by all 200 gTalk contacts at once. I'm one for conspiracy, but I am also one to believe in software problems. Especially when I can use the Gmail interface to talk to my gTalk clients with no problems at all. I'm fairly sure it is libpurple because that seems to be the only link between Pidgin (on windows) and Adium (on mac) and they both broke at the same time.

So, libpurple developers out there, please look upon me with grace and kindness. Fix your freaking software and let me gTalk it up once again!

Error Message FAIL

I was working on a server migration last night. In process, I set up the DNS for the mail servers. When I entered the value for the DNS server EXACTLY like Google said, I got the below error:

Alert: The domain was not added due to an error in the dns settings. Please check your dns template and verify. The message from the dns server was dns_rdata_fromtext: :26: near 'ASPMX2.GOOGLEMAIL.COM..': empty labelzone thehealthchallenge.com/IN: loading master file : empty label

Since I don't speak fluent Southern Klingon, my mistake was not immediately obvious. I, of course, tried to submit the form several more times. When I finally read the error message, I realized the Control Panel wants to be the one to add the trailing period (.). Removing my trailing period fixed it.

This is the most indirect, least helpful error message I've seen all month. I vow in 2009 to do better than these guys when alerting my users to issues.

iPhone Problems? Does the iEmperor Have No Clothes?

If you open a window and listen carefully, you can hear the moaning and wailing of the iPhone crowd as their iPhones are malfunctioning today. (This post isn't about the pure and flawless Blackberry Pearl I carry around and I promise not to bring up the fact that I've never had an update to that phone that left me stuck in 'Emergency Call Mode Only'.)

This post is about a statement of affairs on what I term 'the iPhone Crowd'. You can identify the iPhone crowd by their closely cropped hair, (a la Steve Jobs), their black turtlenecks (a la Steve Jobs), their jean pants (yep, iSteve again) and their mindless raving about how Apple products "Just Work" TM.

The iPhone crowd is in an uproar because a software update (just made available) rendered the iPhone unusable (for a little while). In modern day society, we are quite used to ubiquitous reachability. Our social and professional lives kind of depend on it. I take the pain of being out of contact seriously. My point isn't that the iPhone not working isn't a big deal, but the fact that people are surprised. Maybe to an iKoolaide swigging SteveClone this is unexpected, after all, what part of "It Just Works TM" doesn't the iPhone team understand.

To many of us, this is simply another software release that has hiccups out of the gate. I've been a part of a number of software released in my time. Most, had great intentions, a nice start, a rushed end, and some issues on deal day. This has been true across the board. From projects of 2 developers working from a napkin-spec to a developmental army augmented with a cadre of PMP certified project managers furiously tracking deliverables, timeboxing effort and managing the Critical Path.

Software development is not easy. In fact, it is downright hard. I'd be willing to bet 99.99% of all software projects have problems when they go-live. Even the best tested applications find gaps in their testing. Spots where the ugly Real World messes up their nice clean model. It is just how it is.

So, since this software 'upgrade' is going just like all other software projects, you can bet these problems are actively being worked on right now by stressed out, hyper-caffeinated people who really want to fix this problem. My iPrediction is that in a day or two, definitely by Monday, the iPhone problems will be largely forgotten. The iPhone Crowd will be back to prancing around in their black turtlenecks, jeans and closely cropped hair and spouting off marketing babble like "It Just Works" all the while sophmorically pointing and laughing at those with other handset brands...

The problem I have with it all is it doesn't "Just Work TM". Actually, it often "Just Doesn't Work", (Remember the Leopard release?) but no iSteveClone worth his black turtleneck would dare utter such a thing.

Business as usual, right?

I Hate You Adobe Updater

I usually like Adobe Updater. It runs out of my way, has options to run in the background and generally is a polite little updater. Today, the Adobe Updater politely let me know it needed my attention. Apparently there were 120MB of updates needed to keep my Creative Suite in sync.

120MB is no joke. That is 1/8 of a GB. What I find curiously annoying is, Adobe updater downloaded updates for programs I don't even have installed. Lots of programs I don't have installed. Matter of fact, I only have Fireworks installed because thats really the only Adobe Creative Suite I have any competence in. So why Adobe Updater doesn't check to see which programs are installed is beyond my comprehension.

Adobe, when you read this, please consider only downloading updates for installed products.

Seriously!