Google certificate problem

gryzor

gryzor

Posting here (using always latest dev) even though the problem appears only on one of my four machines... coincidentally (?) it's a Windows 10 machine, whereas the rest are Windows 7 ones.

When I visit Google (only the search engine, all other services work fine) I get the top bar saying "reduced security due to a local, non-public certificate. www.google.com". I can't sign in - if I try I remain signed out.

My laptop clock is correctly set, and although I have searched high and low I can't find what's wrong

Any help would be greatly appreciated1

gryzor

gryzor

Btw, forgot to say that though I'm on O38 now, this has been happening for quite some releases now (always on the dev channel).

donq

donq

What about other browsers (IE)? If you check cert details (both on Opera and on IE), are these same certificates or not? Have you installed some 'security suite', protecting/monitoring/spying on your https connections? These sometimes install rogue certificates to allow de/encrypt your https traffic.

gryzor

gryzor

I hadn't checked with IE, but FF and Chrome work fine. I just tried IE and Edge - strange thing, both log me out, too! FF and Chrome remain fine.

I use Avira, but the problem existed before installing it, so it's not that.

However, I just took a look and it seems like the Google Inc certificate has expired since 30 January 2016. So I guess that must be it? How do I delete it though? The "Remove" button is disabled...

Thanks for your reply!

donq

donq

What is Google Inc certificate? Visiting google.com, I can see certificate for www.google.com, issued by "Google Internet Authority G2", which is issued by trusted CA "GeoTrust Global CA".

If you open Windows certificate store (Internet Options, Content, Certificates), then can you see your trouble cert there?

gryzor

gryzor

Yes. Under "Trusted Publishers" I have Google Inc. issued by VeriSign Class 3 Code signing 2010 CA... I wonder why it's different from yours, and how I can remove it

donq

donq

You can remove it in "Manage computer certificates" MMC snippet, but I would research a bit more before removing it - how certification chain looks etc, maybe even export it for backup. Sure if it is expired, then removal it should not make any big difference.

Why I haven't got such certificate - it looks like it is some application certicate (code signing part), not https cert; I have not allowed almost any google software into my PC (Chrome excluded - it is required sometimes). Or, because my windows installation is pretty fresh, I just have not hit that cert.

Unfortunately it is hard to research further over forum here. It is possible that you are using some proxy or VPN, it is possible that your connection to google servers is somehow redirected; it could be possible that google regional switch takes you into some strange, not updated server.

gryzor

gryzor

Thanks for the MMC tip - been AGES since I used that snippet and had totally forgotten about the certificate storage there. I removed the offending certificate from there. Opened Opera, went to Google.com, imagine that, I'm now signed in! However - the message about the local certificate still appears. If I go to Manage Certificates in Opera, it's not there. This is really weird... Would deleting all the certificates would be a good idea at this point, just to see what happens?

Funny thing is, the problem appeared immediately when I set up the computer - before adding my antivirus or VPN programs. I really don't see any reason why it would occur - even if it was some malware, I've scanned my computer a zillion times...

Thanks so much for your help man!

gryzor

gryzor

Ah nah, my joy was short-lived. I just went to google again and I'm signed out again. What on earth...