Issue #6139 resolved

Certificate not trusted on Chrome

Ricardo Campos
created an issue

Does anyony knows why this happens? I have to open bitbucket.org on Firefox or Safari then go back do Chrome to make it work.

Something in my network?

"The site's security certificate is not trusted! You attempted to reach bitbucket.org, but the server presented a certificate issued by an entity that is not trusted by your computer's operating system. This may mean that the server has generated its own security credentials, which Google Chrome cannot rely on for identity information, or an attacker may be trying to intercept your communications. You cannot proceed because the website operator has requested heightened security for this domain."

Opening in Firefox or Safari also makes a security dialog appears, but it lets me accept the exception and go forward.

Thanks!

Comments (30)

  1. Charles McLaughlin

    Would you please click the lock icon in Chrome's URL bar, then copy and paste the text there? For instance, I don't get a warning in Chrome and this is what I see:

    The identity of Atlassian, Inc. at San Francisco, CA US has been verified by DigiCert High Assurance EV CA-1.
    
    Your connection to bitbucket.org is encrypted with 128-bit encryption.
    
    The connection uses TLS 1.0.
    
    The connection is encrypted using RC4_128, with SHA1 for message authentication and RSA as the key exchange mechanism.
    
    The connection is not compressed.
    

    Thanks,

    Charles

  2. Sean Hill

    I'm having the same issue. Interestingly enough my chrome browser doesn't trust both github and bitbucket. I'm running mountain lion my Mac. Everything was working great until this morning, now both github and bitbucket are not trusted. However, on the same network, other devices such as my iPhone can access them just fine. Strange...

  3. Brodie Rao staff

    Hi everyone,

    Could you post screenshots of the exact errors you're seeing? If you could click on the padlock and screenshot the popover dialog, and also take screenshots of everything under "certificate information", that'd be helpful.

    Also, could all of you list the exact OS version and Chrome version you're running? And for those of you that use GitHub, were you previously able to access GitHub until today, or has GitHub not worked for a while now? Also, do you see the same error in Firefox or Safari? If you do, could you post screenshots? If not, please make note of that.

    Yesterday we made changes to our SSL configuration to enable more secure ciphers with forward secrecy (so your traffic can't be decrypted after the fact by a man-in-the-middle if our private keys are ever compromised). We also enabled SPDY support. It's possible one of those issues is related, but I'll need more information to determine that.

    Thanks!

  4. Jude Hansen

    Thanks Brodie. Attached are screens of the Chrome (33.0.1750.46 beta), Safari (7.0.1) and Firefox (26.0) that I receive. I'm on Mac 10.9.1

    In Chrome, I get "This certificate was signed by an untrusted issuer" and I'm prevented from entering the site.

    I get the same error in Safari but it doesn't block me from the site and it doesn't report it as insecure.

    I do not receive this error in Firefox.

    This occurs for me for GitHub too. My workaround was to go into Keychain Access (mac) and manually override the Trust setting to 'always trust' (very bad habit surely).

    Thanks Brodie, I hope this helps.

    ChromeSafariFirefox

  5. Brodie Rao staff

    Hi Jude,

    Thanks for the detailed information!

    I think what's happening in your case is that your system either doesn't have DigiCert's root certificate, or you've got an extra DigiCert-related certificate installed on your machine that's confusing Chrome/OpenSSL and making it incorrectly think our certificate has been revoked.

    Can you load up Keychain Access.app, type digicert into the search box, and post a screenshot of the results?

  6. Brodie Rao staff

    Hi Jude,

    Could you try deleting the 3 DigiCert certificates that are in your "login" keychain? I'm no 100% sure, but I think doing that will fix the validation error.

  7. Jude Hansen

    that worked! If deleting them causes any adverse issues elsewhere, I'll report it here but so far so good. I figured it had to be something on my system, thanks for helping me chase that down Brodie. much appreciated. I hope it helps others.

  8. Martin-Pierre Roy

    Hi all, Just as an FYI, had the same issue. I just deleted the 3 DigiCert certificates and it also worked for me. I dont know if it is linked but I had this issue right after update OSX to 10.9.2.

  9. Michael Ewald

    Hi, I have deleted the DigiCert certificates from Keychain and it didn't fix the problem, in fact now I the same error when I go to my JIRA and Confluences instances. Safari and Firefox complain but let me in but Chrome is a no no.

  10. Mark Snyder

    Same issue persist, I was using chrome for a while without any issues on the bitbucket site - but then about 3 weeks ago this same issue popped up. I think it began after being on a hotel network.

    Here's the error that I get:

    bitbucket-bug-2014-07-31_12-31-29.jpg

  11. Ted Cowan

    I tried deleting certificates until it started causing other sites not to load. I deleted and reinstalled Chrome. Nothing worked.

    I fixed the problem by resetting my keychain. This is a drastic step that might have other consequences but no more than if I were to buy a new computer and need to collect all new certificates.

    Hope this helps.

  12. Ted Cowan

    Update: although resetting my keychain on Mac OS X Mavericks did solve my bitbucket.org load problem, I then noticed that certain pictures were not loading on my Facebook news feed, on all of my browsers. This may or not be directly related to my keychain problem but this is the first I have noticed it. I created a test account on the same machine and logged into my Facebook account: same result. I ended up reloading Mavericks. This procedure does not touch my personal files or accounts, it just refreshes the OS.

    Now my Facebook pictures load on all browsers and I can log into bitbucket.org from Chrome.

    Hope this helps.

  13. Log in to comment