Chrome EV SSL Certificate Error [FIXED]

Please post your problem description here

Moderator: Barb@Invincea

Post Reply
rpljhun
Posts: 203
Joined: Sat Jan 12, 2013 3:29 pm

Chrome EV SSL Certificate Error [FIXED]

Post by rpljhun » Tue Aug 02, 2016 5:17 am

Using Chrome v52, Sbie v5.13.3 and Windows 10 x64 Build 10586. Visiting the site https://www.networksolutions.com for the first time under sbie supervision produces certificate error - net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION. This site have Extended Validation SSL Certificate which I should be able to see a green bar locked icon in the address bar. The security indicator will help in identifying phishing site and MitM attack.

These applies to all EV SSL site, the workaround is to visit the site unsandboxed to successfully check revocation[which is unsafe] then running chrome sandboxed and visiting the site again will now show the green bar locked icon.
Attachments
certrevoc.jpg
certrevoc.jpg (135.92 KiB) Viewed 3358 times

Craig@Invincea
Sandboxie Support
Sandboxie Support
Posts: 3523
Joined: Thu Jun 18, 2015 8:00 pm
Location: DC Metro Area
Contact:

Re: Chrome EV SSL Certificate Error

Post by Craig@Invincea » Tue Aug 02, 2016 1:48 pm

Yes, as it cannot read the cert that is stored on your computer. You're in a sandbox.

Any changes, like this, should be done outside the sandbox first. Otherwise, it is not written to your host. This is the purpose of SBIE.

You can give direct access to your vault, but I would advise against that. If you delete something while sandboxed, then it's replicated to the host. There is no safety net.

rpljhun
Posts: 203
Joined: Sat Jan 12, 2013 3:29 pm

Re: Chrome EV SSL Certificate Error

Post by rpljhun » Tue Aug 02, 2016 3:31 pm

Yes, as it cannot read the cert that is stored on your computer. You're in a sandbox.
Due to the isolation of the sandbox, sandboxie provides its own service program. Sandboxie has it own Cryptographic Services(SandboxieCrypto.exe) to manage software signing, security certificates and software catalogs. Any certificate modification are written in the sandbox. By design sandboxie should be handling this.
Any changes, like this, should be done outside the sandbox first. Otherwise, it is not written to your host. This is the purpose of SBIE.
What's the purpose of using sandboxie if you're going to visit the site outside the sandbox. How could it protect you from zero day exploit then.
You can give direct access to your vault, but I would advise against that. If you delete something while sandboxed, then it's replicated to the host. There is no safety net.
You can't make a direct access to that or modify it because it is locked by running service.

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1600
Joined: Fri Jan 17, 2014 11:21 pm
Contact:

Re: Chrome EV SSL Certificate Error

Post by Curt@invincea » Tue Aug 02, 2016 7:50 pm

Yes this should work. We fixed this in Win 8.1 two years ago. It looks like Win 10 is doing something different.

We will fix this. For now, just use the workaround.

idefix
Posts: 4
Joined: Mon Nov 04, 2013 5:03 am

Re: Chrome EV SSL Certificate Error

Post by idefix » Tue Sep 20, 2016 4:24 am

Any progress on this?
I have the same issue with but only with Chrome (Version 53.0.2785.116 m) sandboxed (5.12) in Win10.
It seems to work with IE (11.589) sandboxed. I have always favoured Chrome over IE for security but now it looks I'll have to use IE for banking until this is resolved. I am not a security expert and rely on a green padlock to proceed.

idefix
Posts: 4
Joined: Mon Nov 04, 2013 5:03 am

Re: Chrome EV SSL Certificate Error

Post by idefix » Mon Nov 28, 2016 4:04 am

I am now running Chrome Version 54.0.2840.99 m and Sandboxie Version 5.14 (64-bit) on Windows 10 Home (Version 1607).
The problem is still there:
o Certificate Error
There are issues with the site's certificate chain
(net::ERR_CERT_UNABLE_TO_CHECK_REVOCATION).

The certificate is valid and up-to-date.
The problem is avoided by opening the same https URL in the same sandbox with IE before starting Chrome.
Unfortunately, I can not use IE only as it does not want to play ball when trying to print screen selection to pdf.

Can anyone shed some light on what is going wrong here? Any chance of a fix?

Barb@Invincea
Sandboxie Support
Sandboxie Support
Posts: 1685
Joined: Mon Nov 07, 2016 9:10 pm

Re: Chrome EV SSL Certificate Error

Post by Barb@Invincea » Mon Nov 28, 2016 8:02 pm

UPDATE: This issue will be fixed in 5.15.7 .

Hello idefix,

This is still a work in progress. If you cannot use IE, you can try the workaround listed on the first topic:
"the workaround is to visit the site unsandboxed to successfully check revocation[which is unsafe] then running chrome sandboxed and visiting the site again"

Regards.

Curt@invincea
Sandboxie Lead Developer
Sandboxie Lead Developer
Posts: 1600
Joined: Fri Jan 17, 2014 11:21 pm
Contact:

Re: Chrome EV SSL Certificate Error

Post by Curt@invincea » Fri Dec 02, 2016 11:55 pm

Fixed in 5.15.7.

idefix
Posts: 4
Joined: Mon Nov 04, 2013 5:03 am

Re: Chrome EV SSL Certificate Error [FIXED]

Post by idefix » Tue Jan 17, 2017 2:21 am

Thank you, thank you, thank you!
Just updated to 5.16 and yes it is fixed. This was bugging me having to go back to MS-IE for the odd sites not wanting to play ball.
Thank you to whoever looked into this and got it sorted. Very much appreciated. :D

Post Reply

Who is online

Users browsing this forum: No registered users and 5 guests