Ngrok: Chrome alert due to Symantec's certificate

Created on 30 Nov 2017  路  3Comments  路  Source: inconshreveable/ngrok

Chrome wont trust Symantec certificates anymore. When I open a ngrok URL on chrome/opera, I get this alert:

The certificate used to load https://xxxxxxx.ngrok.io/... uses an SSL certificate that will be distrusted in the future. Once distrusted, users will be prevented from loading this resource. See https://g.co/chrome/symantecpkicerts for more information.

ngrok uses rapidssl and geotrust certificate in its chain, but those are Symantec as well:

On January 19, 2017, a public posting to the mozilla.dev.security.policy newsgroup drew attention to a series of questionable website authentication certificates issued by Symantec Corporation鈥檚 PKI. Symantec鈥檚 PKI business, which operates a series of Certificate Authorities under various brand names, including Thawte, VeriSign, Equifax, GeoTrust, and RapidSSL, had issued numerous certificates that did not comply with the industry-developed CA/Browser Forum Baseline Requirements. During the subsequent investigation, it was revealed that Symantec had entrusted several organizations with the ability to issue certificates without the appropriate or necessary oversight, and had been aware of security deficiencies at these organizations for some time.

Most helpful comment

Although there is nothing wrong with this issue (after all, the certificate will still be hold valid until October 2018), this is especially annoying when using the Chrome Dev Console. I constantly get this nagging warning I can't get rid of.

It would be great if ngrok could upgrade its certificate soon and not wait until 2018Q3 or Q4.

All 3 comments

i can confirm this problem

Although there is nothing wrong with this issue (after all, the certificate will still be hold valid until October 2018), this is especially annoying when using the Chrome Dev Console. I constantly get this nagging warning I can't get rid of.

It would be great if ngrok could upgrade its certificate soon and not wait until 2018Q3 or Q4.

tripple confirmation - I am getting the same warnings in chrome:

The SSL certificate used to load resources from https://xyz-123.ngrok.io will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

Conansoloman picture Conansoloman  路  7Comments

alexforever86 picture alexforever86  路  5Comments

jabooth picture jabooth  路  5Comments

patcoll picture patcoll  路  5Comments

megapctr picture megapctr  路  4Comments