Getting Chrome warnings that https not available.
Google is starting to require sites to be secure with a certificate “forcing” more or all all with a website to get an SSL certificate. This site is not running behind such a certificate, therefore you get the warning.
We do have a certificate but maybe it has just expired. I am sure David will be on the case soon.
https://www.euroga.org/ works for me now.
The issue is that the site uses a certificate issued by the Israeli StartCom authority. They have recently been blacklisted by all major browser vendors because they got acquired in a dubious transaction by a fraudulent Chinese company that has been faking certificates.
The only solution is to procure a certificate from another authority. StartCom was popular because it offered free of charge certificates. As issuing certificates is making money out of thin air, I would not rule out a conspiracy against the price breaker StartCom…
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
https://support.apple.com/en-us/HT204132
Yes, we’re well aware thanks Achimha. We’re slowly moving away from startcom certificates, but we have many of them and it’s taking a while.
Actually that’s not the only issue; we also use fairly permissive SSL settings to support the very oldest of browsers, but that means that some modern browsers are more inclined to complain. Again, we’re slowly moving away from those. Soon we will support HTTPS only, with HSTS.
Aeroplus I think you’re mixing two things together there. Google are reducing search ranking results for sites which don’t use HTTPS, thereby effectively “forcing” many people to move to HTTPS if they want to maintain their search rankings. That’s unrelated to the Google Chrome browser though, which (for now at least) does support using HTTP without complaint.
It would be astonishingly arrogant for a browser vendor to not support HTTP. The web is full of really informative little noncommercial websites whose owners are not going to “upgrade” especially if it is a couple of hundred quid periodically, like we pay at work on an online shop.
I doubt they’ll stop supporting HTTP completely, but it might get to a point where they issue a dire-sounding warning if you use it.
There is no need to pay for certificates these days. Letsencrypt is a widely-trusted issuer and charges nothing for certificates. There is a burden of getting them setup though.
Hey,
I just wanted to let you know that Chrome no longer seems to accept the certificate issuer you use, thus shows the big warning screen before asking if you really really want to continue to this dangerous website :) I don’t know if your CA is connected to the Symantec smackdown in some way.
Error is NET:ERR_CERT_AUTHORITY_INVALID
Since the certificate expires in 1 month, perhaps you can change the provider then?
Cheers,
Martin
I moved your post Martin to the existing thread.
For some reason I don’t see this error, despite running latest Chrome under win7-64 right here.
A quick google reveals some fixes.
My take on this is that for a browser to complain is silly, because trusted websites (like EuroGA) are, ahem, trusted, and dodgy websites will infect your computer (and your phone, etc, by planting popups into the browser) regardless of certificates being valid, and to a large extent regardless of antivirus software being on the computer. IMHO the browser developers need to – to a large extent – get themselves a life and stop being so patronising 
