Trust No Program

Chrome EV SSL Certificate Error [FIXED]

Please post your problem description here

Chrome EV SSL Certificate Error [FIXED]

Postby rpljhun » Tue Aug 02, 2016 5:17 am

Using Chrome v52, Sbie v5.13.3 and Windows 10 x64 Build 10586. Visiting the site https://www.networksolutions.com for the first time under sbie supervision produces certificate error - net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION. This site have Extended Validation SSL Certificate which I should be able to see a green bar locked icon in the address bar. The security indicator will help in identifying phishing site and MitM attack.

These applies to all EV SSL site, the workaround is to visit the site unsandboxed to successfully check revocation[which is unsafe] then running chrome sandboxed and visiting the site again will now show the green bar locked icon.
Attachments
certrevoc.jpg
certrevoc.jpg (135.92 KiB) Viewed 1732 times
rpljhun
 
Posts: 203
Joined: Sat Jan 12, 2013 3:29 pm

Re: Chrome EV SSL Certificate Error

Postby Craig@Invincea » Tue Aug 02, 2016 1:48 pm

Yes, as it cannot read the cert that is stored on your computer. You're in a sandbox.

Any changes, like this, should be done outside the sandbox first. Otherwise, it is not written to your host. This is the purpose of SBIE.

You can give direct access to your vault, but I would advise against that. If you delete something while sandboxed, then it's replicated to the host. There is no safety net.
Craig@Invincea
Sandboxie Support
Sandboxie Support
 
Posts: 3524
Joined: Thu Jun 18, 2015 8:00 pm
Location: DC Metro Area

Re: Chrome EV SSL Certificate Error

Postby rpljhun » Tue Aug 02, 2016 3:31 pm

Yes, as it cannot read the cert that is stored on your computer. You're in a sandbox.

Due to the isolation of the sandbox, sandboxie provides its own service program. Sandboxie has it own Cryptographic Services(SandboxieCrypto.exe) to manage software signing, security certificates and software catalogs. Any certificate modification are written in the sandbox. By design sandboxie should be handling this.

Any changes, like this, should be done outside the sandbox first. Otherwise, it is not written to your host. This is the purpose of SBIE.

What's the purpose of using sandboxie if you're going to visit the site outside the sandbox. How could it protect you from zero day exploit then.

You can give direct access to your vault, but I would advise against that. If you delete something while sandboxed, then it's replicated to the host. There is no safety net.

You can't make a direct access to that or modify it because it is locked by running service.
rpljhun
 
Posts: 203
Joined: Sat Jan 12, 2013 3:29 pm

Re: Chrome EV SSL Certificate Error

Postby Curt@invincea » Tue Aug 02, 2016 7:50 pm

Yes this should work. We fixed this in Win 8.1 two years ago. It looks like Win 10 is doing something different.

We will fix this. For now, just use the workaround.
Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
 
Posts: 1538
Joined: Fri Jan 17, 2014 11:21 pm

Re: Chrome EV SSL Certificate Error

Postby idefix » Tue Sep 20, 2016 4:24 am

Any progress on this?
I have the same issue with but only with Chrome (Version 53.0.2785.116 m) sandboxed (5.12) in Win10.
It seems to work with IE (11.589) sandboxed. I have always favoured Chrome over IE for security but now it looks I'll have to use IE for banking until this is resolved. I am not a security expert and rely on a green padlock to proceed.
idefix
 
Posts: 4
Joined: Mon Nov 04, 2013 5:03 am

Re: Chrome EV SSL Certificate Error

Postby idefix » Mon Nov 28, 2016 4:04 am

I am now running Chrome Version 54.0.2840.99 m and Sandboxie Version 5.14 (64-bit) on Windows 10 Home (Version 1607).
The problem is still there:
o Certificate Error
There are issues with the site's certificate chain
(net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION).

The certificate is valid and up-to-date.
The problem is avoided by opening the same https URL in the same sandbox with IE before starting Chrome.
Unfortunately, I can not use IE only as it does not want to play ball when trying to print screen selection to pdf.

Can anyone shed some light on what is going wrong here? Any chance of a fix?
idefix
 
Posts: 4
Joined: Mon Nov 04, 2013 5:03 am

Re: Chrome EV SSL Certificate Error

Postby Barb@Invincea » Mon Nov 28, 2016 8:02 pm

UPDATE: This issue will be fixed in 5.15.7 .

Hello idefix,

This is still a work in progress. If you cannot use IE, you can try the workaround listed on the first topic:
"the workaround is to visit the site unsandboxed to successfully check revocation[which is unsafe] then running chrome sandboxed and visiting the site again"

Regards.
Barb@Invincea
Sandboxie Support
Sandboxie Support
 
Posts: 389
Joined: Mon Nov 07, 2016 9:10 pm

Re: Chrome EV SSL Certificate Error

Postby Curt@invincea » Fri Dec 02, 2016 11:55 pm

Fixed in 5.15.7.
Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
 
Posts: 1538
Joined: Fri Jan 17, 2014 11:21 pm

Re: Chrome EV SSL Certificate Error [FIXED]

Postby idefix » Tue Jan 17, 2017 2:21 am

Thank you, thank you, thank you!
Just updated to 5.16 and yes it is fixed. This was bugging me having to go back to MS-IE for the odd sites not wanting to play ball.
Thank you to whoever looked into this and got it sorted. Very much appreciated. :D
idefix
 
Posts: 4
Joined: Mon Nov 04, 2013 5:03 am


Return to Problem Reports

Who is online

Users browsing this forum: Barb@Invincea, Bing [Bot], matrixebiz, paraxyz and 3 guests