SSL Notifications in Chrome

Here we would like to explain the notifications related to HTTPS connection and SSL certificates in Chrome. After installing the certificate and browsing the site via https:// one may see the following warnings in Chrome:

To check these messages in Chrome, click on the padlock or green bar.

connection.png Ctrl + Shift + J > Securitymceclip1.png

Your connection to this site is not fully secure. This page includes HTTP resources.

notfully.png

Ctrl + Shift + J > Securitymceclip0.png

This warning is related to the insecure content issue and can be easily fixed by updating the links to all images, scripts, CSS or js files to use the secure HTTPS protocol. A good alternative is creating relative URLs in HTML code of web pages. More details on this matter can be found here.

Connection - obsolete connection settings

mceclip2.png

Ctrl + Shift + J > Securitymceclip3.png

The cipher suite is used by a server to perform encryption and secure negotiation with clients. This issue is not related to the SSL certificate itself, as it is a specific server configuration that can be modified if you have root access. Otherwise, feel free to contact your server provider for assistance with this matter.

These articles on server SSL/TLS protocols and configuration may be useful:

Apache and Nginx

Windows-based servers

Your connection to this site is not secure. The certificate chain for this site contains a certificate signed with SHA-1.

mceclip4.png

Ctrl + Shift + J > Securitymceclip5.png

This warning usually appears for the web sites with the certificate installed long ago, as the Certificate Authorities used to sign certificates with SHA-1 signatures before. Now, this signature algorithm is deprecated due to its vulnerability to attacks. If you see this warning in Chrome, please reissue the certificate and reinstall it on the server.

We performed a full transition to SHA-2 in our system on November 6, 2014, so all the new and reissued certificates are signed with the latter-day sha256withRSAEncryption algorithm.

Your connection is not private. NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

Currently, it is a requirement for all trusted Certification Authorities to submit all of the certificates they issue to at least 3 Certificate Transparency logs

When the certificate records are missing in the Certificate Transparency logs for the site you are visiting, Chrome will display a security error when accessing the site.

If you're not the site owner, there's nothing you can do to fix the error, unfortunately. However, you can reach out to the site administrator and inform them about the issue providing the link to the page.

If you are the site owner, you should reissue your certificate or purchase a brand new one and install the new version on the server.

Since October 2017 all certificates we provide are added to the relevant Certificate Transparency logs automatically and immediately when the certificate is issued.