Do more on the web, with a fast and secure browser!

Download Opera browser with:

  • built-in ad blocker
  • battery saver
  • free VPN
Download Opera

Updated to 43, can no longer "continue anyway" on bad certs

  • It's not that the problem is big, it's that something which was previously up to the user is now decided by someone else.
    They've taken away the choice completely, for no real apparent reason.
    There are certainly tons of ways to work around it, but it speaks to a larger mentality at the company that users must be protected from themselves.

  • Yep, I could fix 2 of the 4 services I use daily by just generating new key - the previous had expired. As these are services that are being used both by local LAN IP and by a DNS name, I think the certificate can't ever be 100% correct for both use cases?

  • As a followup, it's slightly amusing that the "concept" browser Opera Neon does the correct (previous) thing and lets the user continue anyway, while standard opera now does not. Almost makes a person wonder if this change was actually a bug rather than intentional.

    Anyhow, Vivaldi behaves properly as well, so perhaps it's time to make the move over there. It seems to have stabilized quite a bit since release. Sad, because I've been an Opera fan since almost the beginning.

  • It's still same in the latest stable bulid 991. Not sure if they are gonna fix this in the future but in the meantime this is a workaround (use at your own risk!).

    Add this at the end of the shortcut command line --ignore-certificate-errors

    eg. "C:\Program Files\Opera\launcher.exe" --ignore-certificate-errors

    Kinda defeat the purpose of supposedly increased security by not giving an option for the average user to decide that the site is safe to proceed. Now we gotta disable all certificate warnings just great!

  • I agree, surely it's up to the user if they want to take the risk of proceeding with a potentially risky operation. That choice should not be taken away, Opera are completely covered if warnings were issued.
    My Internet Security suite has a similar problem, it warns you about potentially dangerous web sites, but the latest version will not now allow you to go ahead anyway, which previous versions did.
    If you know it's a false positive, you can no longer over-ride the warning unless you switch the whole Internet Security system off completely, which is madness!
    🙂

  • That would be annoying, so I checked to see for myself. These are my findings.

    Opera 43.0.2442.991 (64-bit) on Windows 10 still offers a dialog box for:

    • Incorrect,
    • Self-signed,
    • Expired certificates.

    See these test links: https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html.

    However, for hash functions that are no longer considered safe e.g. expired SHA-1 certificates, Opera 43 no longer offers you an option to continue. See this test link: https://expired.identrustssl.com

    Hope this helps.

  • A way to force websites to update their certificates? :sherlock:

  • That would be annoying, so I checked to see for myself. These are my findings.
    Opera 43.0.2442.991 (64-bit) on Windows 10 still offers a dialog box for:

    Incorrect,
    Self-signed,
    Expired certificates.

    See these test links: https://onlinessl.netlock.hu/en/test-center/invalid-ssl-certificate.html.
    However, for hash functions that are no longer considered safe e.g. expired SHA-1 certificates, Opera 43 no longer offers you an option to continue. See this test link: https://expired.identrustssl.com
    Hope this helps.

    I hadn't bothered working out the exact problem causing it, thanks.
    In the end, they're gonna make the decisions they feel work best for the majority of people.
    I'll live.

  • After updating from 39 to 43 in Ubuntu 12.04 I now get the privacy complaint even from google.com and auth.opera.com ! Is my system compromised, or has anyone seen this problem under Linux ?

  • or has anyone seen this problem under Linux ?

    This is the 'Opera for Windows' forum, please use the 'Opera for *nix' to dicuss about Opera for Linux.

  • Desperately looking for an override function to "Your connection is not private". I don't care and I know the risks. The current step of preventing an override is making it safe for fools at the cost of utility. One cannot prevent fools from being fools.

  • Have you tried using the "--ignore-certificate-errors" switch as mentioned previously?
    🙂

Log in to reply