Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

EV ssl certs green bar not displayed with chromium version 43 but version 44 has it

I'm experiencing a weird problem with an EV ssl certificate issued by Comodo. Basically, the green bar notifying the user that the connection is encrypted with an EV certificate shows up just fine in IE, FF and Chromium version 44 but Chromium 43 shows no green bar (only the green lock). I'm not aware of this problem on other chromium versions, didn't bother testing yet.

Chromium git logs revealed no information possibly related to a fix for this issue nor google search which makes me think it may be a local problem with my server configuration. This is weird though, with all the online SSL testers giving me an A+ grade and all the other browsers working (even chromium itself 44+).

Of course, we have a lot of visitors using Chromium 43.0.XXX browsers.

Has anybody experienced this problem? Can anybody give me a hint at least on how to trace it down to its origins?
Maybe find a repository with all the chromium binaries somewhere and start testing one by one, locating the releases where the issue appeared/disappeared and dig the source code changes? Does such a repo even exist? Because I really don't want to start building all the releases one by one.

NOTE: if i follow the instructions from this ticket, filehippo will redirect me to some google download page from where my only option is to get the current stable, either I don't know how to use filehippo or that thing is broken.

NOTE: if I test with whatever browserstack says it's version 43, the green bar shows up. Assuming I trust browserstack, it may be that the green bar problem has been fixed in some later revs on 43.

like image 635
user237419 Avatar asked Aug 30 '15 10:08

user237419


2 Answers

Maybe find a repository with all the chromium binaries somewhere and start testing one by one, locating the releases where the issue appeared/disappeared and dig the source code changes? Does such a repo even exist?

The easiest way would be to download and test on portable versions. You can find them at:

PortableApps :: Google Chrome Portable

There are 313 versions on repo, 25 of them v43.0.xx, wish you luck.

like image 184
skobaljic Avatar answered Oct 13 '22 05:10

skobaljic


Google have announced that they will require Certificate Transparency (CT) for all EV certificates issued after January 1, 2015. If a CT proof is not included either in the Certificate or as part of an OCSP stapled response, the EV certificate will not display the green address bar in Chrome.

Please look into the below links for more info

http://news.netcraft.com/archives/2015/08/24/thousands-short-changed-by-ev-certificates-that-dont-display-correctly-in-chrome.html

https://blog.digicert.com/certificate-transparency-required-ev-certificates-show-green-address-bar-chrome/

I noticed that you have mentioned that it works in version 44. Still I mentioned the Certificate Transparency as this is a known issue.

There has been multiple instances reported where chrome has not shown the green bar. Some have reported this as a bug to google forums. There has been reports of such behaviour on chrome of different versions and on different Operating systems. (Windows,Ubuntu,Mac).But many of these could not be reproduced by google and hence no concrete solution is provided on these forums.

Please check below links

https://security.stackexchange.com/questions/37367/chrome-does-not-show-green-bar-with-ev-ssl-but-firefox-and-ie-does

https://code.google.com/p/chromium/issues/detail?id=226080

https://code.google.com/p/chromium/issues/detail?id=464274

like image 21
Raj Avatar answered Oct 13 '22 03:10

Raj