Site NOt secure

[Briansaund]

When I try to login on my Imac the site is labelled as Not Secure. I cannot enter because"critical files" fail to load.

[barmar]

What version of iOS? A security certificate that old versions of iOS and MacOS rely on has expired, and they can no longer access many web sites.

[mycroft]

One of Let's Encrypt root certificates expired over the weekend. Many SSL libraries (including, it seems, not completely up to date Macs) are set up to test the first certificate in the chain it can find, and when it fails, stop. So it doesn't find the valid root certificate. So it says it can't trust the trust chain, and the site is not secure. Also, older devices that have not received upgrades in a while may not have the new certificates.

 

From TechCrunch:

Users running older versions of macOS 2016 and Windows XP (with Service Pack 3) are likely to face issues, along with clients dependent on OpenSSL 1.0.2 or earlier, and older PlayStations that haven’t been upgraded to newer firmware.

smartphones running years-old software releases.

More information from the first place I heard about it (jwz complaining, only to find that it's linux/openSSL/libreSSL's fault) (note: the thread is *really technical*, I'm trying to quote out the relevant OS versions so people can check theirs)

Though, I am guessing since macOS also uses LibreSSL these days, we'll maybe be seeing Apple playing catch up eventually? It appears as if this bug existed in older versions of OpenSSL (and since LibreSSL was forked older versions of OpenSSL, they inherited it). LibreSSL 3.3.5 released on October 1st, 2021 rectifies it. It appears as if this was also rectified in OpenSSL 1.1.x (for reference, OpenSSL 1.1.1 was released in 2018).

 

However, macOS 11.6 (Big Sur) uses LibreSSL 2.8.3 (wow, they are really far behind. But then, I tend to rely on LibreSSL from macports, because I am not a masochist). Even if you are running LibreSSL from macports, it is only up to 3.2.3. It appears as if homebrew (yuck) is using 3.2.4, so contact your uhhh, port maintainers I guess?

Client-wise for older distributions, both CentOS 7 and Debian 9 have ca-certificate and gnutls/openssl updates that fixes the issue. Do note that apt-get for https://deb.debian.org/ won't work until the security update have been installed on Debian 9 [ed: oh that's just bundles of joy]. Furthermore, I thought all hope was lost with CentOS 6, but CloudLinux have now provided updated openssl packages for EL6 as well.

For all admins called in this weekend to do updates, and for all support having to deal with the X000'th call from non-technical Mac users and having to explain it isn't their fault, get Apple to fix SSL, my sympathy.

[MY45]

When I try to login on my Imac the site is labelled as Not Secure. I cannot enter because"critical files" fail to load.

Doesn't work on mine either. Technician from Apple store here in Edinburgh says it is the BBO App as my Ipad is working all right. Hope it can be fixed as I use my IPad for BBO.

[mesurina]

My partner had this problem trying to log in with an "old mac". She reports that MacKeeper solved the problem.

[ted356]

1) Download the up-to-date root certificate (ISRG Root X1) from https://letsencrypt.org/certs/isrgrootx1.der

 

2) Using the KeyChain Access app, import the certificate into your 'login' or 'system' chain

 

3) Find the certificate ISRG Root X1 in the chain where you placed it, double click on it, open the "Trust" area and set "When using this certificate" to "Always Trust" (you will be asked for your login password when doing this).

 

I have done this on an old iMac running El Capitan, and it solved the problem.

 

For more info / confirmation of this approach by Old Unix Geek, see https://mjtsai.com/blog/2021/09/24/some-web-sites-will-stop-working-with-el-capitan-and-older/#comment-3538503

 

Ted

[kernsy]

Do you have good virus protection like Norton 360 good for 5 devices. ?? And do you have Norton VPN loaded.