Why is one of three browsers (Chromium) reporting an invalid HTTPS certificate?

Question

A few days ago, Chromium started to report Flickr's certificate as problematic:

The server presented a certificate that was not publicly disclosed using the Certificate Transparency policy. This is a requirement for some certificates, to ensure that they are trustworthy and protect against attackers.

There are issues with the site's certificate chain (net::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED).

Since the problem persisted since then, I tried to open the website in other browsers, and to my surprise, on the same machine, both Firefox and Google Chrome open the HTTPS version of this site successfully.

What does this imply in terms of security? Is someone doing nasty things to me? In other words, could it be that the certificates used by Chromium were changed by a virus? If yes, what's the point?

score 12 · Accepted Answer · answered Nov 14 '16 at 04:02

12

I suspect this bug: https://bugs.chromium.org/p/chromium/issues/detail?id=664177

It's harmless - this is not an evidence that someone is attacking your connection.

Next update of Chromium should fix this.

They'll shake out all the bugs in CT before the October 2017 date of CT becoming mandatory for all newly issued certificates.

answered Nov 14 '16 at 04:02

Z.T.

7,768
1
20
35

FWIW I checked and Flickr.com is running a Symantec cert, which is what the referenced bug says is impacted. – gowenfawr Nov 14 '16 at 12:57

Why is one of three browsers (Chromium) reporting an invalid HTTPS certificate?

1 Answers1

Linked

Related