certificate issue and red crossed https

Question

Hello, For the past few days, when I try to log into my bank's website, I get a message saying "Your connection is not private, hackers may be trying to steal your information from the secure-nom de la banque.fr site" NET::ERR_CERT_AUTHORITY_INVALID  I tried connecting via Safari (instead of Chrome) > same problem.  But there's no issue with my husband's PC > so it must be my computer.  I called the bank, it seems I'm not the only one, they were informed of the problem, they advised me to uninstall and reinstall Chrome, clear the browsing history, and delete cookies, which I did but it didn't change anything. (Which seems logical to me since the problem is the same with Safari, so it's not a Chrome issue)  I was able to display the certificate details, which is valid from June 13 to June 30 (and there are many other details). I thought that waiting until July 1st would be the simplest and that it would fix itself, but .... I would like to get your opinion!!   Thank you for your help.   Configuration: Mac OS X Snow Leopard (10.6.8) / Chrome 49.0.2623.112

*_Francis_* · Answer

Hello,  There must be an expired certificate in the Keychain Access.  Try opening Applications / Utilities / Keychain Access...  and there, in the different sections, but probably in "Login" or "System Roots," there is probably a certificate named something like:  Verisign Class 3 Public Primary Certification Authority  which has an expired validity date.  Delete it and test...  Best regards.  Have a nice day :-) - Francis “Work group: A group of people incapable of doing anything by themselves who collectively decide that nothing can be done!” Wins

mariep17 · Answer

Thank you Francis, always quick to respond! I did find what you mentioned (not in "session", but in "system roots"), but there is no certificate named Verisign Class 3 Public Primary Certification Authority that is expired....  Any other possibilities?  P.S.: Is it really dangerous to connect despite this HTTPS crossed out in red? Will everything be fine after June 30th?  Re P.S.: I love your phrase: “Working group: A group of people incapable of doing anything on their own who collectively decide that nothing can be done!” Wins

*_Francis_* · Answer

Try something,  log in as a different user, if necessary, create a new blank user, and in that session, perform the test. If it works, then the issue is indeed in your keychain, and we'll see later how to fix the problem...     -- Have a nice day :-) - Francis “Working group: A group of people incapable of doing anything by themselves who collectively decide that nothing can be done!” Wins

mariep17 · Answer

It's the same with the "guest" session, same response ("your connection is not secure...").

*_Francis_* · Answer

It means that either the site is presenting an outdated certificate for the Mac OS system and it is accepted by your husband's PC, or exactly the opposite, Mac OS X 10.6 being an old system, and Safari that goes with it as well... However, the latest version of Chrome (51) should work.  You need to try to check the certificate first:  When a communication is secure, there is a small padlock in the address bar of Safari in front of the https://, and by clicking on this padlock, you get this, for example, for the bank Crédit Mutuel:    And if you ask to see this certificate,    That said, you can bypass this warning if you wish, but you are warned that there is a risk. (I have often read this error, but on Chrome on PC)    -- Have a Good Day :-) - Francis “Working group: A group of people unable to do anything by themselves who collectively decide that nothing can be done!” Chur

mariep17 · Answer

Thank you, Francis  Actually, I believe I don't have the latest version of Chrome because it displays a message on startup saying it can no longer update with Mac OS X 10.6, and the same for Safari. I have version 49 for Chrome.  Do you recommend I install Firefox instead? Or another browser?  I don't really want to install Yosemite instead of my old Leopard; my son who did that had a lot of bugs.... And I'm very happy with it as it is....  Regarding the certificate, do you need me to send you a screenshot of it?  Thank you for your help.

mariep17 · Answer

I'm off to work too, so I'll catch up later. Thanks.

gab1 · Answer

It can't be related to the date and time of the machine?  -- sorry for my spelling :/ certified Apple iOS/OSX technician

dede74000 · Answer

Hello everyone,  Francis, you know that it's no longer possible to insert an image from SL, I just tried again to check, so you have to go through an image host (Zimagez, casimages, hosting...) and put the link here.  Best regards  -- When it's urgent, it's already too late (Talleyrand)

mariep17 · Answer

I don't know if my image capture works??  Thank you.  PS the date and time are correct on my computer.

*_Francis_* · Answer

Hello everyone,  my opinion is that this certificate is a problem for the system because it is signed by an unknown authority. Probably a misuse by the bank. But it seems to come from a legitimate site. I have several certificates in my keychain that are similar, but whose signatures are validated. For example:     I think that in reality, there is no risk in ignoring this message. The question remains why there is different behavior between 2 computers... there I simply think that one of the systems is more tolerant than the other.  If the link to the bank is not inappropriate, I would be willing to test it, but I don't think there is any risk...  :)   -- Have a nice day :-) - Francis “Working group: A group of people unable to do anything by themselves who decide collectively that nothing can be done!” WCh

mariep17 · Answer

Thank you, Francis, for your response. So I can continue to access my bank's website according to you. I don't understand why all of a sudden the certificate has become "invalid" when I have been going there for years. The site is "ingdirect.fr" or "secure.ingdirect.fr", if you could try from your computer. Thank you. (The red crossed-out https appears when you click on "client area" at the top right)  Can I delete this certificate (Entrust Certification Authority L1M) from the keychain following the procedure you indicated to me at the start of this topic (for Verisign Class 3 Public Primary Certification Authority)?? Is that a bad idea?  Another question: when I click on the little red crossed-out padlock, it shows this (I can't do a screenshot): secure.ingdirect.fr your connection to this site is not private And in the "connection" tab, there are 2 parts: 1) red crossed padlock: the identity of this website has not been verified. - the server's certificate is not trusted - unable to verify the server's certificate 2) green padlock: your connection to secure.ingdirect.fr is encrypted using a recent encryption method. The connection uses TLS 1.2. The connection is encrypted and authenticated with the AES_128_GCM key. The key exchange method used is ECDHE_RSA  Does that make sense to you??  Thank you for your help.

*_Francis_* · Answer

Hello Marie,  the deal with the red or green padlock is just an explanation of the differences between authenticated and valid certificates and those considered insecure.  I can log in to this site and click on "My client area" without Safari making a fuss. I haven't tried starting my Mac from Mac OS X 10.6 yet, but I will.  Here's the window I get when I click on the green padlock:    try first to move the certificate in your keychain by selecting it, then export, and then delete this certificate. (for my part I have 5 certificates from Entrust.  Then test...  on my side, I will test from Mac OS X 10.6   .../...  -- Have a nice day :-) - Francis “Working group: A group of people incapable of doing anything by themselves who decide collectively that nothing can be done!” WCh

*_Francis_* · Answer

I am on 10.6 and just tested; Under 10.6, my keychain contains 4 Entrust certificates, and all are valid.  But when I connect to my "Client Area," I have exactly the same issue as you.  So, don’t delete any valid certificates from the keychain.   However, we can modify the behavior to avoid being bothered by changing the rules for the following points: :            -- Have a nice day :-) - Francis “Working group: A group of people incapable of doing anything by themselves who collectively decide that nothing can be done!” WCh

*_Francis_* · Answer

You also have this box:       -- Have a Good Day :-) - Francis “Working group: A group of people unable to do anything by themselves who collectively decide that nothing can be done!” WCh

mariep17 · Answer

Thank you, Francis, for all these elements. I'll look at it tomorrow; I didn't have time today.  You must have spent a lot of time on it, especially trying it out with 10.6. Thank you very much! I'll keep you updated.  Have a good evening.

mariep17 · Answer

Good evening again Francis, I did what you suggested in Safari (because Chrome didn't offer me the "trust" section like in your image) by checking "always trust secure.ingdirect" and now it's unlocked!!  Thank you so very much.  Side question: do you think I should use Safari instead of Chrome? I've never tried to get used to it, but why not?  PS I already added a memory stick on your advice some time ago (you mentioned it regarding the transition from Leopard to El Capitan... that's something I'll think about)

*_Francis_* · Answer

As for Safari, (and this applies to all web browsers), older versions are always less secure than the current versions. The risks of phishing, malware, hacking, etc. increase on the web, and browsers need to be more and more secure. In short, regardless of personal preferences for a specific web browser, the most recent one will be the best. It's better to have a recent Chrome than a very old Safari, and vice versa to have the lowest vulnerability.  On my side, for example, I haven't installed Flash Player for several years, as it's a gateway to unwanted things. I use Chrome, (in the latest version), but only when I need to watch a Flash video from the internet, (but these videos are becoming increasingly rare), because Chrome includes its own Flash player. And in Chrome I haven't installed any ad-blockers, no extensions, which allows me to test sites that require the disabling of ad-blockers.  I don't install Java, which is also an open door to unwanted things. In older versions of Mac OS, Java is pre-installed, but in this case, I disable Java in the web browser. I only keep Javascript enabled (not to be confused with the two things).  But generally speaking, as far as I am concerned, I prefer Safari, especially in its current version, for its practical aspects that I am used to. I also sometimes use Firefox, always in its latest version.  So there are, on one side personal tastes, and on the other the security that is essential right now. There are vulnerability tests, like Pwn2Own, and in these tests, Safari was not the highest rated during the tests in March 2015.  https://www.zdnet.com/article/pwn2own-2015-the-year-every-browser-went-down/  These tests were redone in 2016: https://spikes.com/blog/pwn2own-2016-results.html  Since I do not go to dubious sites, that I have a firewall and third-party antivirus, Safari works well for me especially since security has been reinforced recently since El Capitan. Chrome also made a leap forward in security from 2015 to 2016.  https://threatpost.com/pwn2own-day-two-safari-microsoft-edge-go-down-winner-crowned/116877/  That's why I always advise to update one's OS and browsers.  But if Chrome or Firefox are well secured currently, this is on the condition of having taken the time to delve into the settings of the various parameters.  In short, one can say that no current browser is perfect, and that fairly old browsers are all obsolete from a security standpoint.  Have a good evening :)  -- Have a nice day :-) - Francis “Working group: A group of people incapable of doing anything by themselves who decide collectively that nothing can be done!” WCh

mariep17 · Answer

Thank you Francis for all these details and information. I will think about it and maybe switch to El Capitan when I have enough time (is it complicated?) I had added a 4 GB stick, so I now have 5 in total, is that enough?  Thank you infinitely for your help and advice.  Have a good end of the day.  MarieP.

mariep17 · Answer

Good evening Francis No, no, I really have 5 GB, last summer I followed your advice and replaced a 1 GB stick with a 4 GB one, which is why I have a total of 5 GB. (You can find my post from August 2015 called "mac ralenti", where you already helped me a lot!). I'm wondering if I really need to upgrade to a higher OS, given the usage I have: a bit of simple games online, a bit of word processing on Open Office, and of course emails. And I'm afraid I'll be overwhelmed by the tasks to do... I'm a 61-year-old dinosaur, you know!! In any case, thank you very much for your advice that has helped me on several occasions. Have a good evening. MarieP.

mariep17 · Answer

Good evening Francis  Thank you for these tips. So for now I'm going to stick with my 10.6, I don't watch streaming movies and I don't download weird stuff, just Chrome or Open Office for example. And I usually get them from "commentçamarche," which seems like a trustworthy site to me ;).  It's true that my Chrome is version 49 and not 51, and that might be what caused issues with my bank, but thanks to my friend Francis's quick response, I'm back on track!  Thanks again and have a good evening.  Next time, I might come to bother you because I'm struggling to download El Capitan, who knows?  MarieP.

Certificate issue and red crossed https

21 réponses

Texture issues in enshrouded

Announcement: online source code archive

Samsung tv music on startup

Écrire o barré avec un clavier azerty

Application extension issue on ps4

Orange unlimited numbers

Text messages from 36111

Tomb raider anniversary on wii

Notice shows wr30 m

Search for a song in the series foudre