I have been using my Duo V2 with chrome without any problems for sometime... I followed the examples about importing a certificate and all has been well for years. I have no problem with IE 11 but the latest version of Chrome 42.0.2311.90 m now displays a broken line through the https when I access my Duo on the local network. I have tried importing the certificate but have had no luck. Is anyone else experiencing this. When I click on the crossed padlock it tells me the identity cant be verified and that future versions of chrome will prevent me accessing it.......WTF
I can't cut and paste it won't let me in chrome.....I updated the browser on another computer too and am getting the same warning only using Chrome not IE 11
192.168.1.4 identity not verified It says the identity of the website has been verified by 192.168.1.4 but does not have public audit records The site is using outdated security settings that may prevent future versions of Chrome from being able to safely access it Your connection to 192.168.1.4 is encrypted with obsolete crytography The connection uses tls 1.0
5.3.12 beta should fix the outdated security settings warning. You can find that here: viewtopic.php?f=148&t=72267. The public audit record warning might also disappear (not sure). A self-signed cert won't have public audit records.
Note that there is also a 4.1.x firmware beta for duo v1 (I mention this because many v1 owners mistakenly think they have a v2).
I'm already using 5.3.11 it's not a beta though....I have a v2 and a v1. I haven't tried the v1 yet. I've just followed your suggested link and now assume that it's 5.3.12 beta. I've always had problems with betas not being stable, any idea when it might be a general release. Thanks for your help StephenB
Ok I have bitten the bullet and updated both Duo's the V1 and the V2 with RAIDiator 4.1.15-T3 and RAIDiator 5.3.12-T3 respectively and the warnings are still exactly the same in Chrome.
I've never added the certs to the root store, so I always click through the warnings (which are not what you are seeing). From the wording of your error, I thought it was about PHREAK, but apparently not.
I have now narrowed this down to the latest build of chrome......I found another PC with an older version and this isn't flagging any errors...... So I guess Google have altered something or there is a bug in the latest version.
Well, there is general agreement that sha1 needs to be deprecated for PKI certficates. However, they aren't used in self-signed or root certificates in the same way.
There are four basic ways it could play out: -Google changes the behavior of Chrome with self-signed certs -Netgear decides to generate self-signed certs with sha256 -you uninstall the cert, and revert to the warning I am seeing. -People stop using Chrome with the NAS (using IE or Firefox instead).
If its an outdated certificate....surely it would be in Netgears interest to stop the units being hacked Does this problem still exist with the new breed of NAS with iOS 6. Is it a case of going on bended knee and asking Netgear to consider upgrading to sha256
To be very clear - (a) The SHA256 change is certainly needed for PKI certs. Those certificates are verified with the certificate authority using the sha signature. SHA1 will not be strong enough for that relatively soon (due to dropping costs of cloud computing). (b) But self-signed certificates (like all root certificates) aren't verified with the sha signature at all. Instead they are simply installed.
So changing the self-signed cert to SHA256 doesn't improve the security (e.g., make the units "more hackable").
Google is (for unknown reasons) choosing to needlessly apply the sha256 check with a self-signed cert. Going to sha256 in the NAS avoids the error message from Chrome, but that is all it does.
