UKC

Why is Chrome saying UKC isn't secure?

New Topic
This topic has been archived, and won't accept reply postings.

On my nearly 10 year old MacBook Pro I've mainly used Firefox as my browser, but I haven't been able to update it as newer version aren't compatible with my elderly OS. My last attempt to update Firefox has removed the older version that did work, so I'm using Chrome for the time being. Other regular use websites work fine, iPlayer, Netflix, Facebook etc. but UKClimbing and Ukhillwalking don't - Chrome telling me they're not secure (invalid certificate I think it was). If I ignore the warnings and go to site anyway it's just text - see pic. Posting this from my phone obvs! 

Any tips? Beyond time to buy a new laptop perhaps...


 squarepeg 04 Jan 2022
In reply to TobyA:

I would not worry about it, phone is going to be more secure if you keep it up to date.

I would be in a similar position if I could even get my old laptop back online. Think expenditure beckons. 

2
In reply to squarepeg:

I prefer UKCing on the laptop with a proper keyboard though, even if you can't do -> 🙂 !

 MeMeMe 04 Jan 2022
In reply to TobyA:

The laptop probably doesn't have the root SSL cert installed that UKC uses. I've go the same issue with an old iPad, only there is no option to continue.

You might be able to install the root certificate on the Mac manually...

 mondite 04 Jan 2022
In reply to TobyA:

No issues with chrome on a windows laptop. Perhaps try a reboot since looks like UKC uses LetsEncrypt and might be your laptop hasnt refreshed the certificate

In reply to TobyA:

Are there any system updates available for the Mac? there was a certificate expiration issue that affected many websites a few months ago, and an OS update fixes it for Macs

In reply to Andy Ovens - UKC and UKH:

I'll have a look Andy. Cheers. It's is getting very old and clunky though! Things that used to happen automatically don't seem to anymore, so I'll investigate. 

In reply to Andy Ovens - UKC and UKH:

> Are there any system updates available for the Mac? 

I tried using an old iPad 2, but it refuses to access UKC and other websites, with the security warning. I assumed it was some limitation of the OS being incapable of using more recent encryption. Shame; the hardware is fine, but very few apps work on it now.

 Andy Johnson 04 Jan 2022
In reply to TobyA:

The old LetsEncrypt root certificate expired in September 2021. If you're somehow running an old version of Chrome that uses the OS's certificate store, and that store hasn't been updated with the new root, then this might explain why you're seeing errors relating to certificate validity.

As far as I know, recent versions of Chrome use their own certificate store and should include the new LE root certificate. Have you tried uninstalling and re-installing Chrome?

UKC uses a Lets Encrypt site certificate that is valid from 3/12/2021 to 3/3/2022. If you right-click on the "Not Secure" element in the address bar, what does it tell you about the site certificate?

Edit: your hardware should be fine

Post edited at 12:23
 MeMeMe 04 Jan 2022
In reply to captain paranoia:

I just fixed mine by going to https://letsencrypt.org/certs/isrgrootx1.pem and following the prompts to install that root CA on my iPad.

My iPad is the same as yours, not very useful because most apps don't work and it's very slow. I mostly use it for the Chess.com app!

In reply to MeMeMe:

> I just fixed mine by going to https://letsencrypt.org/certs/isrgrootx1.pem  and following the prompts to install that root CA on my iPad.

What did you 'Open In' with on the iPad?

Ah; Safari went to the certificate installation/ Chrome tried to download it.

That got it, thanks.

<muses on the security issues about following instructions from 'randoms on the internet'...>

Post edited at 13:14
 MeMeMe 04 Jan 2022
In reply to captain paranoia:

> <muses on the security issues about following instructions from 'randoms on the internet'...>

Yes. I was going to add, "Never ever install a root certificate suggested by a random on the internet"!

In reply to TobyA:

Can you tell me what TLS versions the old browser supports please?

https://browserleaks.com/ssl

In reply to Paul Phillips - UKC and UKH:

By "old browser" do you mean the version of Firefox that I deleted when trying to update it? In which case, unfortunately not as it is deleted - I've spent some time this morning trying to re download Firefox, but found out version 78 was the last one that worked with OS X 10.11.6 which is what my laptop is running. It seems Firefox is now up to 94 and you can't download older version for security reasons.

In reply to TobyA:

Emailed you a download link for MacOS Firefox 78

In reply to Paul Phillips - UKC and UKH:

Safari: TLS 1.0, 1.1, 1.2. 1.3 is disabled.

Chrome (41.0.2272.58): all disabled...

Poor old iPad can only manage iOS 9.3.5

ps. Don't bother trying to fix it; i can't even reply to posts under the old (can't find the version: thanks, Steve...) Safari.

Post edited at 14:26
In reply to captain paranoia:

Not supporting TLS 1.0 is pretty bad. The minimum version we support is 1.2 now.

It probably wouldn't support some of the newer CSS features so the site would look weird anyway even if the connection did work.

Post edited at 14:34
In reply to Paul Phillips - UKC and UKH:

> Not supporting TLS 1.0 is pretty bad. The minimum version we support is 1.2 now.

I'm not sure quite what the problem is; I really can't see that I would have a copy of Chrome so old it doesn't support any version of TLS. I suspect it's a certificate issue, rather than a TLS issue.

The site did look very old skool under Safari until I installed the new root cert. Now it looks okay, but isn't really 'working'... That Browserleaks page shows Safari not supporting CSS.

About the only things the old iPad is still useful for are email, Facetime & Zoom.

In reply to captain paranoia:

Chrome on iOS uses the Safari engine under the hood though. If iOS Safari can't do something then iOS Chrome wont be able to either. It's really just a Safari skin with syncing to Google cloud.

In reply to Paul Phillips - UKC and UKH:

> Chrome on iOS uses the Safari engine under the hood though.

The Browserleaks reports seemed to suggest something like that, as the browser details were quite similar. But not identical... The TLS/mixed media reports for the two are very different, though...

 Doug 04 Jan 2022
In reply to TobyA:

My iMac is at least 10 years old and has been updated to OX 10.13 which does run the latest Chrome. Tried to update to 10.14 but the installation failed for some reason & I haven't tried again.

Edit to add that the iMac isn't quite as old as I thought, the info thing says 'end 2012' so only 9 years old.

Post edited at 16:51
 Mr Lopez 04 Jan 2022
In reply to TobyA:

You can download and install any old versons of Firefox yiu want directly from the mozilla site.

I run a fairly old version (3 years at least) because any later i tried freezes the browser with unresponsive scripts

Eta: i see paul is on the case. I was about to fetch the link for you so that saves the effort  

Post edited at 17:23
In reply to Paul Phillips - UKC and UKH:

Thanks very much for the link Paul, I've downloaded the 78 version and am posting on UKC again from Firefox. Amusingly, that downloaded version of firefox is possibly in Spanish, although it could be Portugese or something else Romance/Iberian...!

In reply to TobyA:

update - my better half who is annoyingly good at languages, used a few months long "fun course" in Spanish she did many years ago to navigate through the menus in Spanish, and managed to update to English. She normally just sets things into Finnish (her mother tongue) just to annoy me, so she must be in a good mood today! 

In reply to MeMeMe:

Email the root certificate to your old iPad. Open the attached certificate.  Then click on install to add. It’ll ask for your passcode. Then that root certificate will be trusted.

 Mr Lopez 04 Jan 2022
In reply to TobyA:

We used to set any unattended/unlocked phones to japanese, chinese, arabic or cyrillic. Always a good craic watching someone trying to decypher it until some spoilsports lends him a like for like phone to follow the menus as a walkthrough

 John Ww 04 Jan 2022
In reply to Mr Lopez:

Do you now have false teeth? Just wondering 🤬🥊

 digby 05 Jan 2022
In reply to TobyA:

Firefox ESR 78.15.0 (the latest release) works fine with El Capitan. The ESR series (Extended Support Release) seem to work better than normal Firefox.

Google Chrome works too.

In reply to digby:

> Firefox ESR 78.15.0 (the latest release) works fine with El Capitan.

That works, but Firefox is now up to 94 I think it was. When I downloaded that newest version, that's when I found it very definitely does not work with El Capitan! There's actually some articles I found on the Mozilla website explaining it that they were continuing to support it for a few years but that finished last year IIRC. Amazon Prime video is also telling me my browser is out of date, and I need to update it, although it still seems to work fine on that site.

In reply to TobyA:

I think I'll try installing Ubuntu on my old MacBook when it stops getting updates from Apple. It's a 2015.

In reply to Paul Phillips - UKC and UKH:

> I think I'll try installing Ubuntu on my old MacBook when it stops getting updates from Apple. It's a 2015.

Probably a good idea but a bit beyond my skill/interest levels. I'm sure my son (doing A level comp sci and hoping to study it at good uni next Sept. - he's waiting to hear the outcome from his Cambridge interview) would do it with no problems, but these days he knows he is in a strong negotiating position when it comes to being the family IT support, so it would probably cost me a lot in one way or another!

 digby 06 Jan 2022
In reply to TobyA:

This is on my desktop which absolutely won't go beyond capitan. I managed to update the OS on the Macbook Pro laptop to High Sierra 10.13.6 which makes the browsers work much better. Even Safari.

Mind you, Apple make it almost impossible to install the OS of your choice.

They should extend the 'right to repair' to include 'the right for your b****y computer to continue running your expensive software'. Which it would, if only browsers didn't muck things up.

Post edited at 09:43
In reply to TobyA:

> these days he knows he is in a strong negotiating position when it comes to being the family IT support

Teamviewer works wonders for report support. So long as my dad can open it, I can usually sort him out

Post edited at 11:54

New Topic
This topic has been archived, and won't accept reply postings.
Loading Notifications...