L
LarryLACa
Recently, when trying to connect to mail.google.com or gmail.com some users are failing with "Connection is not private".
The problem has been isolated to a new root certificate NOT being automatically installed/updated in Trusted Root CAs.
The problem impacts both IE and Chrome.
Manually installing the new root certificate fixes the problem.
See Eric Lawrence's G3 blog article for details.
Tip for Chrome users:
A key to identifying the cause of Windows GMail failure is to
-click the NET::ERR_CERT_AUTHORITY_INVALID tag to expose some debug text
-If the Issuer is: Google Internet Authority G3
-look at the second (intermediate certificate, PEM) block.
-If it begins MIIEXDCCA0SgAwIBAg...
==> then a failed root cert update is likely the problem.
See Eric's article to install a new Google root certificate
I am trying to track down why the root cert auto update fails.
If you can help diagnose the problem, please reply.
I have sample reports from ~50 users.
The user's receive the correct root cert (see PEM block#3 below), but it fails to install in Trusted Roots.
Block 3 below is the same root cert in Eric's article above.
The problem began sometime in early October, mostly for non-US users,
when Google updated the intermediate and root certificates.
The update worked for 99.%+, but fails for a few;
even a few is sizeable number given the user base.
The root certificate update was part of the
Microsoft Trusted Root Certificate update from 6/27/17.
The problem seems to be more prevalent for Win7 users but has also been seen on Win10.
Look here for a Win7 Chrome 62.0.3202.62 user on 10/20/17 report that begins
Connection is not private
NET::ERR_CERT_AUTHORITY_
Subject: mail.google.com
Issuer: Google Internet Authority G3
Expires on: Jan 2, 2018
Current date: Oct 20, 2017
PEM encoded chain:-----BEGIN CERTIFICATE-----
MIID4jCCAsqgAwIBAgIIfssVcE7D+
Continue reading...
The problem has been isolated to a new root certificate NOT being automatically installed/updated in Trusted Root CAs.
The problem impacts both IE and Chrome.
Manually installing the new root certificate fixes the problem.
See Eric Lawrence's G3 blog article for details.
Tip for Chrome users:
A key to identifying the cause of Windows GMail failure is to
-click the NET::ERR_CERT_AUTHORITY_INVALID tag to expose some debug text
-If the Issuer is: Google Internet Authority G3
-look at the second (intermediate certificate, PEM) block.
-If it begins MIIEXDCCA0SgAwIBAg...
==> then a failed root cert update is likely the problem.
See Eric's article to install a new Google root certificate
I am trying to track down why the root cert auto update fails.
If you can help diagnose the problem, please reply.
I have sample reports from ~50 users.
The user's receive the correct root cert (see PEM block#3 below), but it fails to install in Trusted Roots.
Block 3 below is the same root cert in Eric's article above.
The problem began sometime in early October, mostly for non-US users,
when Google updated the intermediate and root certificates.
The update worked for 99.%+, but fails for a few;
even a few is sizeable number given the user base.
The root certificate update was part of the
Microsoft Trusted Root Certificate update from 6/27/17.
The problem seems to be more prevalent for Win7 users but has also been seen on Win10.
Look here for a Win7 Chrome 62.0.3202.62 user on 10/20/17 report that begins
Connection is not private
NET::ERR_CERT_AUTHORITY_
Subject: mail.google.com
Issuer: Google Internet Authority G3
Expires on: Jan 2, 2018
Current date: Oct 20, 2017
PEM encoded chain:-----BEGIN CERTIFICATE-----
MIID4jCCAsqgAwIBAgIIfssVcE7D+
Continue reading...