Security Certificate - no cause for alarm


#1

Google: meaning certificate not secure

“The following warnings are presented by web browsers when you access a site that has a security certificate installed (for SSL/TLS data encryption) that cannot be verified by the browser. … If this is the case, the browser will warn you that the Certificate Authority (CA) who issued the certificate is not trusted.”

“Certificates are proof of identify. When you see the SSL padlock in the browser’s address bar or at the bottom of the browser it means that a secure connection between your browser and the website has been established. … This warning appears when the website is using an invalid SSL certificate.”

See
https://www.digicert.com/ssl-support/certificate-not-trusted-error.htm

I’ll send this over to tech.
@Jon_Saints


#2

Which browser are you using?


#3

Hi, mostly I use Chrome, and now also Edge,
A while back, I began to notice, it stopped with writing,
wait while we establish a secure connection.
Now I have begun to pay attention to that lock in the url,
some sites got the green lock
some sites got the grey lock
and some none.
As I get it, some different sites/names are used to identify the different sites/certificate and soo on.
But maybee its no big deal?
2 examples.


#4

Also a bit complicated.
How to fix ‘err_cert_authority_invalid’ error on PC - Windows Report


Sep 20, 2017 - Your connection is not private chrome error fix … That’s why you should always use an antivirus program, the firewall … when using Google Chrome, we will focus on listing the troubleshoot steps for this particular web browser. … idea: you need to turn off ‘HTTPS Scanning’ or the ‘HTTPS protection’ feature.

If thats the case to the problem, its not smart, I would say.

Step 4: Temporarily turn off your antivirus. You’ll see this error if you have antivirus software that provides “HTTPS protection” or “HTTPS scanning.” The antivirus is preventing Chrome from providing security. To fix the problem, turn off your antivirus software.
Fix connection errors - Google Chrome Help - Google Support
https://support.google.com/chrome/answer/6098869?hl=en


#5

info

In Google Chrome, you can specify whether you want only secure pages (https) or not (http). ALL your pages will be in the one you choose.

So if Tomnod platform does not use https (which it does not have to do *), the Browser is going to complain if you only want https. *Https security is used mostly for banking sites, or for people like me who like seeing the red lock on the https url.

But security cert and setting an https preference are not the same thing. Setting the https preference will just play games with your mind (lol) especially when you see how many sites (even edu) that don’t have https delivery.

The Cert security is fairly easy to fix, from my understanding. It’s just a registration thingie, a declaration… And Jon will know how to fix it if the Tn platform really must have it. :wink:


#6

Ok, it was just because I read somewhere, that some adware could prevent establishing a secure connection, which it have stopped with, here in my end, after I had bought a Lenovo comp.


#7

Three years ago, Lenovo began shipping laptops quietly bundled with software called VisualDiscovery, a version of Superfish’s ad-injector WindowShopper, customized for Lenovo. When Lenovo customers browsed the web and hovered over an image, the software would inject a popup ad for a similar product sold by one of Superfish’s retail partners.

The customization incorporated the Komodia SSL interjection module, in order to allow VisualDiscovery to inject ads into https and http browsing sessions by replacing websites’ digital certificates with a self-signed root certificate.

“This allowed VisualDiscovery to act as a man-in-the-middle, causing both the browser and the website to believe that they had established a direct, encrypted connection, when in fact, the VisualDiscovery software was decrypting and re-encrypting all encrypted communications passing between them without the consumer’s or the website’s knowledge,” the FTC complaint says.


#8

The adware problem sounds horrid.


#9

Jon, don’t know if you realise this but I think cagey generated this post in relation to this member’s issue here:-


#10

This is a Mystery too :tophat:
Atleast something may have changed.
Maybee the browsers are all :wrench: nowadays.
Back in time, there were no problem running on ie.
Now ie 11 shows the http and lock, but black screen.