Warning message for Chrome and CDN - macos

On our live systems, fellow devs who use LinuxMint and latest Chrome version (Version 63.0.3239.84 (Official Build) (64-bit)), at the time of this writing started to see following message printed in the console:
Other people with same version of Chrome on MAC don't have this message. The way I read this is that Cloudfront needs to changed something in their SSL Certificate, before the Chrome version M70 is shipped, otherwise Chrome will not load it.
Do I need to be worried, and if so... what should I do to mitigate this potential issue?

You should read the article linked in the console message:
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
Like you, I'm using the "Default CloudFront Certificate". I'm assuming at this point that AWS should resolve this before Chrome issue hits for real. If they don't then you'll need to supply your own certificate via ACM, I'd guess. I'm hoping it doesn't come to that, personally!

Related

GitLab - Secure Connection Failed error on firefox

Recently i have re-installed my GitLab application on my Linux system. When i tried to access my GitLab application link (https://gitlab.domain.com) on Windows system's Firefox browser i am getting below error.
Since the certificate generated freshly it was conflicting with existing/previous certificate, So i have followed this Link workaround. However even after system reboot also same error occurring, I can't access my GitLab application on Firefox browser.
I'm able to access it on Chrome browser without any problem.
Please let me know still where i need to clear the old certificate to make it work on firefox?
That seems to be the same error as in issue 435013 reported 13 years ago (and still open), where Firefox has an issue with routers and NSS (Network Security Services) (error -8054)
As I understand it, and from the discussion on #312732 which is the underlying issue, the problem is that the crypto uses the cert ID as a unique key in a database.
When a dupe is encountered, you can't have two primary keys in a database, so it just dies with a fatal error, hence FireFox gives up connecting to the site and passes on the fatal error to be presented.
This is not a "fundamental NSS design issue", it's a political issue, Firefox is ACTIVELY refusing to let people access their network equipment.
Check also the firmware of your router:
It seems to me that it is VERY EASY for the server-side products that
generate these certificates to more-or-less fix the problem in updated
firmware with very little effort. Even simply randomizing the serial numbers
in the certs, they would nearly completely eliminate the problem, AFAICT. In
fact, it is worth making sure that the affected server-side hardware has
up-to-date firmware, because some vendors might have already fixed it on
their end already.
Possible workaround (which would work even after FF restart)
This is hardly any fix, but I installed a new Mozilla from scratch on a VM under Virtualbox.
I than browsed to all my local systems I was getting this error. On connecting from the new Window3s sytem running on VM to each local IP, I received the warning, and created the exception.
I than went in to Preferences>Advanced, and Exported all the certificates to a share on one of my NAS units.
I proceeded back to the broken Mozilla running on my Mac OS X 10.11.1, and I Imported all the certificates.
I then restarted FF, and connected to each device I was getting the error on, and I received the "This is an untrusted connection, Get me out of here, or would you like to create an exception." YES!!
I created the exception, and finally I could get to my firewalls, and all other local devices.
Other workaround:
Run: firefox --no-remote --ProfileManager
Create a new profile there.
Open a new instance of Firefox using the new profile. To run Firefox with the profile you can use the command from 1. or: firefox --no-remote -P profile_name
Do the actions there as if it was a separate installation of Firefox

localhost chrome on catalina

I can not get localhost to work on chrome after upgrading to macOS Catalina. I spent a lot of time trying to figure out why I was getting this message
localhost normally uses encryption to protect your information. When Google Chrome tried to connect to localhost this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be localhost, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.
You cannot visit localhost right now because the website sent scrambled credentials that Google Chrome cannot process. Network errors and attacks are usually temporary, so this page will probably work later.
(I wish I had taken a screen shot)
I don't know if this is the "best" solution but it got me able to code again so I figured I would share. I was seriously stuck and couldn't find any answers and saw someone mention this solution to another issue. Go to chrome://flags/#allow-insecure-localhost and change to enable.
Hope this helps someone else. I know this isn't really a question but there's not really a way to just share this. I guess I could use twitter and reddit.
OS X Catalina increased the requirements for an SSL/TLS certificate to be acceptable around November 2019. Notably, certificates now need a "Subject Alternative Name" section, which was not previously required. Note that this is an OS-level requirement and not specific to a single browser (although it doesn't affect FireFox because Firefox doesn't use the OS security stack).
The solution to your issue is how you generate the SSL certificate, not anything you can do as a Chrome user. This particular issue can not be bypassed by clicking through a Chrome warning message.
Also note that fixing this issue for OS X may make the certificate unusable on Chrome + Linux (I have linked to WebPack Dev Server's GitHub Issue discussion of this issue).

XCode doesn't login to my account

I couldn't be able to login to XCode accounts using my apple ID. It was working before. When I tried to login it shows an error There was an error connecting to Apple ID Server. But I have logged into the same account from another mac without any issue. Please help me with this. I am using XCode version 8.3.3
try these basic ways may be it will help full
Restart your system,sometimes the simplest turning off and on can
fix this error directly.
Sometimes it happens due to the poor Internet connection, check
whether connection is working properly.
Make sure that the date, time, and time zone are set correctly.
Apple discussion says you should check your firewall and antivirus settings - there may be
a similar rule or setting blocking the ID server
In my case, I upgraded my Xcode and Mac OS to the latest version and it started working smoothly
Charles proxy was the cause for me. Make sure you disable/uncheck HTTP( WebProxy) and HTTPS( Secure Web Proxy) and give it a try

Failed to Fetch from Electron: net::ERR_INSECURE_RESPONSE

I have some trouble with using XHR in Electron. In my MacOS, it worked perfectly, but tested from another MacOS, fetch fails with:
net::ERR_INSECURE_RESPONSE
Tested with Windows 10 worked fine, but it only happens with other MacOS laptops. I goggled that error but nothing useful found.
Getting data via XHR with chrome on another MacOS was worked, but only electron fails with same error. I tested with just type fetch directly in console:
fetch('http://api.example.com')
it still fails. Looks like it only happens on Electron and I'm stuck here. Any advice will very helpful to me. Thanks!
Electron's Certificate Transparency Issue
Depending on your version of Electron, this could be related to the recent Certificate Transparency issues that affected Electron's underlying Chrome library.
The issue itself could cause certain certificates such as Symantec, GeoTrust, and Thawte to be incorrectly rejected, and thus resulting in Electron not serving your expected content after a given period of time.
You may want to ensure that you are running at least Electron 1.4.12, which is expected to have resolved the issue.

"Google API Keys are Missing" error on latest version of Chromium after upgrade

For a while I've been using Chromium on my Windows 7 system and it's been working fine. However after upgrading to the latest version at the usual location of https://download-chromium.appspot.com, when I loaded the browser I get the message "Google API Keys are Missing. Some functionality of Chromium will be disabled".
I also can't then log into my Google Account, getting the message "Uh Oh. Service Unavailable, please try again later". I assume this happens because of the issue with the API keys above.
Despite removing, re-installing and going to the latest build today (362135) I still can't make the error go away. My normal version of Chrome works fine.
Does anyone have any ideas?
Thanks,
Oliver.

Resources