You are here

Chrome Invalid Server Certificate

8 posts / 0 new
Last post
north450
Offline
Last seen: 5 months 4 days ago
Joined: 2008-12-06 22:07
Chrome Invalid Server Certificate

https://www.mozilla.org/firefox/

www.mozilla.org normally uses encryption (SSL) to protect your information. When Chrome tried to connect to www.mozilla.org this time, www.mozilla.org returned unusual and incorrect credentials. Either an attacker is trying to pretend to be www.mozilla.org, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Chrome stopped the connection before any data was exchanged.
The certificate that Chrome received during this connection attempt is not formatted correctly, so Chrome cannot use it to protect your information.
Error type: Malformed certificate

any help will be appreciated

marcelo-ar
Offline
Last seen: 7 years 7 months ago
Joined: 2013-11-29 11:32
Workarround

Chrome depends on Windows to validate certificates.
If you ask Google, you'll get more details, for example:
https://productforums.google.com/forum/#!topic/chrome/PLc63uXeOg0
https://kb.bluecoat.com/index?page=content&id=KB6215&actp=RSS

To ignore this certificate error when running Google Chrome Portable in an outdated Windows XP sp2, or with a wrong IE SSL configuration, there is a workarround:

- Create a file named "GoogleChromePortable.ini" at same level as "GoogleChromePortable.exe".

- GoogleChromePortable.ini must have this two lines:
[GoogleChromePortable]
AdditionalParameters= --ignore-certificate-errors

If you already have a GoogleChromePortable.ini, just add 2nd line to it.
After launching Google Chrome Portable you'll get a warning about this command line, but you will access all "https" sites without errors; if certificates are not validated you will see "https" crossed on url bar.

Firefox and old Opera 12 does not have this problem, because they have there own certificate validation library.

north450
Offline
Last seen: 5 months 4 days ago
Joined: 2008-12-06 22:07
thanks that worked on the new

thanks that worked on the new opera browser
but not on chrome
chromes ini is in C:\portable\GoogleChromePortable\Other\Source
not in same level as "GoogleChromePortable.exe"

the ini is
; This file contains the Google Chrome Portable default settings.
; You can copy this file to GoogleChromePortable\ and change settings in it.
; Any settings missing from that file will have their defaults (listed here)
; used.

[GoogleChromePortable]
Google ChromeDirectory=App\Chrome-bin
; The main app directory
ProfileDirectory=Data\profile
; The profile directory
SettingsDirectory=Data\settings
; The directory containing settings. Currently only used for the master
; password hash, if enabled.
AdditionalParameters=
; More parameters to pass to chrome.exe, use to enable experimental features.
Google ChromeExecutable=chrome.exe
; The EXE name
WaitForProgram=true
; Waits for the program to run. Don't set to false as it is required for
; cleanup to avoid leaving files on the local system, and to avoid breaking
; local Google Update and Chrome.
DisableSplashScreen=false
; Disables the splash screen, if it has been compiled into the launcher.
RunLocally=false
; Forces the profile to be copied to the local computer, as if the portable app
; is run from a CD. The profile will be copied back to the portable device
; afterwards (minus cache files).
CacheInTemp=true
; If this is true, the disk Cache will be set to use the local computer, and
; will be deleted on exit, even if RunLocally is false.

; Note that using either of the previous two options can represent a risk of
; other users of the same computer discovering your internet surfing
; activities on that computer. Although Google Chrome Portable deletes the
; locally saved data when it is finished, it is possible this may not happen
; (Google Chrome Portable or the computer crashes) and even if it does, some
; of the data may be recoverable using disk recovery tools. For this reason
; it is recommended you use Incognito mode for any browsing you don't want
; others to know about. HTTPS browsing is never written to cache and thus not
; an issue.

ImportJava=false
; If true, it will import the Java plugin from a copy of Java Portable if you
; have it installed, and if you do not already have a Java plugin installed in
; Google Chrome Portable. Note that Java Portable is not yet supported; the
; plugin will attempt to use a locally installed Java.
UsePAMLanguage=true
; Forces Google Chrome to use the language selected by PortableApps.com Menu
; when it is launched from PAM. The language is only used if Google Chrome
; supports it, otherwise it falls back to the user-selected language (or
; the local system language). If "true", you won't be able to change the
; language within Google Chrome when launched from PAM since PAM will override
; it.

PortablePasswords=false
; Stores your saved passwords using a master password you select on startup,
; working around Chrome's normal mechanism of tying saved passwords to a local
; user account. This setting causes a prompt for the master password on
; every startup so it's opt-in.
EncryptPortablePasswords=true
; Uses a master password to re-encrypt passwords. If this is false, Portable
; Passwords will be insecurely stored as plaintext, but you will not need to
; use a master password. You may find setting this to false useful if you
; already use an encryption solution such as TrueCrypt to store
; GooglechromePortable.
;
; If you want to change any of the following:
; - The Portable Passwords algorithms, salts, or implementation in such a way
; that would break your existing Portable Passwords (through an upgrade of
; Google Chrome Portable that changes these).
; - Your master password, or lack of a master password.
;
; You can keep your Portable Passwords by first ensuring that your passwords
; have been successfully imported into your Google Chrome profile with the
; local user account. To do this, simply start GCP before upgrading it or
; changing your password or Portable Passwords settings. Then, delete the
; master password hash in Data\settings and the Portable Passwords files in
; your profile (by default, there is only one in Data\profile\Default. A
; power user with more than one profile will have one for each profile).
; Next, perform the upgrade, or change the settings, if you wanted to. Now
; run GCP and enter a new master password (or the same one, but it CAN be new
; if you want). Once you close Google Chrome the new Portable Passwords
; database will be constructed using your saved passwords from Google Chrome.

now what should one do to rectify the situation for chrome

marcelo-ar
Offline
Last seen: 7 years 7 months ago
Joined: 2013-11-29 11:32
GoogleChromePortable.ini must be at the same level as launcher

GoogleChromePortable.ini must be at the same level as GoogleChromePortable.exe to work

This GoogleChromePortable.ini you have at ...\Other\Source has the default settings and has no effect in this location.

Just create a new GoogleChromePortable.ini at same level as GoogleChromePortable.exe with this two lines

[GoogleChromePortable]
AdditionalParameters= --ignore-certificate-errors

north450
Offline
Last seen: 5 months 4 days ago
Joined: 2008-12-06 22:07
thanks that workson start

thanks that works
on start up
"You are using an unsupported command-line flag: --ignore-certifcate-errors. Stability and security will suffer."
any ideas how to get rid of this and what is the stability warning
must admit you give excellent advice
you even knew my os was sp2

marcelo-ar
Offline
Last seen: 7 years 7 months ago
Joined: 2013-11-29 11:32
Disable Chrome Infobars

GoogleChromePortable.ini

[GoogleChromePortable]
AdditionalParameters= --ignore-certificate-errors --disable-infobars

Use it at your own risk.
You shouldn't login to sites like HomeBanking or similar with those command lines.

north450
Offline
Last seen: 5 months 4 days ago
Joined: 2008-12-06 22:07
thanks [GoogleChromePortable]

thanks
[GoogleChromePortable]
AdditionalParameters= --ignore-certificate-errors --disable-infobars

so its best to avoid this command and use the other

John T. Haller
John T. Haller's picture
Offline
Last seen: 4 hours 15 min ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Update Windows

If you update Windows XP to SP3 and apply all certificate updates, it shouldn't have this issue. Using Windows XP now is a security risk, but using anything before SP3 with all patches is a monumental security risk.

Sometimes, the impossible can become possible, if you're awesome!

Log in or register to post comments