[Ach] bettercrypto.org cert blocked in chrome 56

L. Aaron Kaplan kaplan at cert.at
Mon Nov 28 23:04:57 CET 2016

> On 28 Nov 2016, at 22:59, Laurens Vets <laurens at daemon.be> wrote:
> On 2016-11-28 13:40, Tobias Pape wrote:
>> Hi all,
>> I use Chrome 56, and can no longer open https://bettercrypto.org/.
>> The browser complains with ERR_CERT_AUTHORITY_INVALID for the StartCom
>> issued certificate for
>> bettercrypto.org. Since it uses HSTS, Chrome won't let me continue.
>> Can someone (Aaron K?) replace the Cert, eg, with a Letsencrypt one?
>> Can I do something there?
>> Best regards
>> 	-Tobias
>> PS: FireFox 50 is OK with the site.
>> PPS: So is Safari 9.1
>> PPPS:
>> https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
>> may be the reason here.
>> PPPPS: ssllabs is happy tho (A+):
>> https://www.ssllabs.com/ssltest/analyze.html?d=bettercrypto.org

That sucks.
Thanks for the heads up. I did not notice that when I re-issued the certificate.

> This will also be the case with Firefox starting with version 51 and certs signed after October 21, 2016.
> More information:
> https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/

So, this is indeed a bummer. We will have to do a let's encrypt certificate (means extra work).

Thanks for the notice.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20161128/ae0d89eb/attachment.sig>

More information about the Ach mailing list