maybe i'm not posting in the correct section...
I have problem to reach the forum via Chrome since a couple of hours:
The connection is not private
Malicious users could try to steal your information from
http://www.hpmuseum.org (for example, passwords, messages, or credit cards). Further information
this is the warning, did somebody meet the same problem?
It is working fine for me when I tried it with Chrome just now.
I see the link you posted has http://
and not https://
Not sure if that would trigger the response.
(09-30-2021 05:53 PM)Ren Wrote: [ -> ]I see the link you posted has http://
and not https://
Not sure if that would trigger the response.
The http:// link redirects (HTTP 301) to the https:// link.
One of the old intermediate CA certificates for Let's Encrypt (used by this site) expired today, so it may have been something to do with that. (I see the current certificate for the site was renewed today, which would also have updated the expired, intermediate CA certificates.)
Chrome caches certificates. If it is still playing up, try hitting refresh.
yes 'cause it's not trusted , probabily, from my browser
the ERROR is NET::ERR_CERT_DATE_INVALID
the certificate of the site, I've checked is still valid, so I've tried some fix tips on my browser, like clearing the cache, but unsuccesfully up to now
edit: I cleared also the SSL cache and cheched time and date settings
(09-30-2021 07:13 PM)ijabbott Wrote: [ -> ] (09-30-2021 05:53 PM)Ren Wrote: [ -> ]I see the link you posted has http://
and not https://
Not sure if that would trigger the response.
The http:// link redirects (HTTP 301) to the https:// link.
One of the old intermediate CA certificates for Let's Encrypt (used by this site) expired today, so it may have been something to do with that. (I see the current certificate for the site was renewed today, which would also have updated the expired, intermediate CA certificates.)
Chrome caches certificates. If it is still playing up, try hitting refresh.
Excuse me where di you find the expired certificate?
Chrome with the errorr message shows the following report:
Subject: hpmuseum.org
Issuer: R3
Expires on: 29 dic 2021
Current date: 30 set 2021
I just tried to access the museum with Chrome on a laptop and got the insecure warning. Then it occurred to me that I haven't run Chrome on that laptop in many months so I went to help -> about and Chrome downloaded an update. After the Chrome relaunch, access to the museum was normal.
(09-30-2021 08:09 PM)Dave Hicks Wrote: [ -> ]I just tried to access the museum with Chrome on a laptop and got the insecure warning. Then it occurred to me that I haven't run Chrome on that laptop in many months so I went to help -> about and Chrome downloaded an update. After the Chrome relaunch, access to the museum was normal.
Hi Dave, actually I have this problem with one of the laptops I use daily to connect to the forum
Using now Chrome from a smartphone, no problems.
I have still problem with the laptop also after a restart of the browser and then of the os.
But did you update Chrome first?
(09-30-2021 09:23 PM)Thomas Okken Wrote: [ -> ]But did you update Chrome first?
Yes the browser is up to date. There is no update command in the options menu
(09-30-2021 09:53 PM)aurelio Wrote: [ -> ] (09-30-2021 09:23 PM)Thomas Okken Wrote: [ -> ]But did you update Chrome first?
Yes the browser is up to date. There is no update command in the options menu
Chrome has a weird (at least I think it's weird) way to initiate an update. Under "Help" there's a section called "About" (like most sites), but clicking on "About" will update Chrome automatically.
(09-30-2021 11:30 PM)ttw Wrote: [ -> ] (09-30-2021 09:53 PM)aurelio Wrote: [ -> ]Yes the browser is up to date. There is no update command in the options menu
Chrome has a weird (at least I think it's weird) way to initiate an update. Under "Help" there's a section called "About" (like most sites), but clicking on "About" will update Chrome automatically.
Yes infact and in that section, calling "about", a window shows the version reporting that the product is up to date
(10-01-2021 06:28 AM)aurelio Wrote: [ -> ] (09-30-2021 11:30 PM)ttw Wrote: [ -> ]Chrome has a weird (at least I think it's weird) way to initiate an update. Under "Help" there's a section called "About" (like most sites), but clicking on "About" will update Chrome automatically.
Yes infact and in that section, calling "about", a window shows the version reporting that the product is up to date
Can you check the certification path in Chrome?
Right-click on the padlock symbol (or the big, red "Not secure" symbol) and click on "Certificate" to open the Certificate dialog. Then click on the "Certification Path" tab. It will show the chain of certificates, and will show the status of each certificate in the chain when you click on it. The chain is:
Code:
ISRG Root X1
R3
hpmuseum.org
Check which ones are invalid.
(10-01-2021 02:05 PM)ijabbott Wrote: [ -> ] (10-01-2021 06:28 AM)aurelio Wrote: [ -> ]Yes infact and in that section, calling "about", a window shows the version reporting that the product is up to date
Can you check the certification path in Chrome?
Right-click on the padlock symbol (or the big, red "Not secure" symbol) and click on "Certificate" to open the Certificate dialog. Then click on the "Certification Path" tab. It will show the chain of certificates, and will show the status of each certificate in the chain when you click on it. The chain is:
Code:
ISRG Root X1
R3
hpmuseum.org
Check which ones are invalid.
hpmuseum.org is valid the others are not
R3 is expired or still invalid
the first is expired or still invalid
(10-01-2021 03:40 PM)aurelio Wrote: [ -> ] (10-01-2021 02:05 PM)ijabbott Wrote: [ -> ]Can you check the certification path in Chrome?
Right-click on the padlock symbol (or the big, red "Not secure" symbol) and click on "Certificate" to open the Certificate dialog. Then click on the "Certification Path" tab. It will show the chain of certificates, and will show the status of each certificate in the chain when you click on it. The chain is:
Code:
ISRG Root X1
R3
hpmuseum.org
Check which ones are invalid.
hpmuseum.org is valid the others are not
R3 is expired or still invalid
the first is expired or still invalid
And it's definitely "ISRG Root X1" at the top? It ought to be trusted by most modern, up-to-date OSes and browsers.
I think the next step is to check the trusted root certification authorities in your browser. On the page
Chrome -> Settings -> Privacy and security ->Security (clicking on the link is blocked, but you can cut and paste the URL, or navigate through Chrome's settings manually), click the "Manage certificates" option near the bottom of the page (it is 2nd from the bottom on mine). That opens a dialog box with several tabs.
The "Trusted Root Certification Authorities" tab should include the "ISRG Root X1" certificate issued by itself with an expiry date of 2035-06-04. If it is missing, I guess you could try importing it from a file.
EDIT: The above dialog is actually interacting with Windows' certificate store if running on Windows.
(10-01-2021 04:46 PM)ijabbott Wrote: [ -> ] (10-01-2021 03:40 PM)aurelio Wrote: [ -> ]hpmuseum.org is valid the others are not
R3 is expired or still invalid
the first is expired or still invalid
And it's definitely "ISRG Root X1" at the top? It ought to be trusted by most modern, up-to-date OSes and browsers.
I think the next step is to check the trusted root certification authorities in your browser. On the page Chrome -> Settings -> Privacy and security ->Security (clicking on the link is blocked, but you can cut and paste the URL, or navigate through Chrome's settings manually), click the "Manage certificates" option near the bottom of the page (it is 2nd from the bottom on mine). That opens a dialog box with several tabs.
The "Trusted Root Certification Authorities" tab should include the "ISRG Root X1" certificate issued by itself with an expiry date of 2035-06-04. If it is missing, I guess you could try importing it from a file.
EDIT: The above dialog is actually interacting with Windows' certificate store if running on Windows.
actually at the top, now I see it's different: DST root CA X3, not the "ISRG Root X1" and in the settings, as you described I found that the certificate is expired on 29th
Thanks for the link, Ross. Have you and aurelio checked
this link to see if your systems are claimed to trust the new certificate?
(10-01-2021 06:09 PM)aurelio Wrote: [ -> ] (10-01-2021 04:46 PM)ijabbott Wrote: [ -> ]And it's definitely "ISRG Root X1" at the top? It ought to be trusted by most modern, up-to-date OSes and browsers.
I think the next step is to check the trusted root certification authorities in your browser. On the page Chrome -> Settings -> Privacy and security ->Security (clicking on the link is blocked, but you can cut and paste the URL, or navigate through Chrome's settings manually), click the "Manage certificates" option near the bottom of the page (it is 2nd from the bottom on mine). That opens a dialog box with several tabs.
The "Trusted Root Certification Authorities" tab should include the "ISRG Root X1" certificate issued by itself with an expiry date of 2035-06-04. If it is missing, I guess you could try importing it from a file.
EDIT: The above dialog is actually interacting with Windows' certificate store if running on Windows.
actually at the top, now I see it's different: DST root CA X3, not the "ISRG Root X1" and in the settings, as you described I found that the certificate is expired on 29th
OK, it seems it is Windows that caches SSL certificates.
In the Windows 10 control panel (hopefully, earlier versions will be similar!), open 'Internet Options' (IT: Opzioni Internet), click the 'Content' tab (IT: Contenuto), and press the 'Clear SSL State' button (IT: Cancella stato SSL).