With our updated ssl certificate purchased from rapidssl for another 2 years, our green padlock disappeared from chrome replaced by the warning message instead.
We installed the certificates as usual and tested on all other major browsers, Firefox, Internet Explorer and Safari. The result in those browsers was the normal padlock secure connection.
Why in chrome was it not working? I contacted rapidssl support via their chat, upon testing the certificate initial tests showed nothing wrong.
They thought it may be my own browser i am using
Version 39.0.2171.71 (64-bit)
We left the error with them and they have emailed back with this reply as of Monday the 1st December 2014.
"The course of the error is domain Vetted SSL
certificates. The only certificate type that will not come
up with that Error message are EV certificates.
This is Chrome pushing this.
The choice going forward will be that everyone will
need to have an EV certificate or have that error message
in Chrome.
There is nothing wrong with the certificate itself and
the connection is secure and Trustico as stated in Chrome.
Just that it gives more information to the customer about
the connection now."
and a follow up reply to to my reply
"At the moment just leave it with me in regards to the upgrade and I will
certainly let you know the procedure. We are waiting for more
information from Chrome and Symantec on the issue before we start
forcing customers to upgrade to the EV certificates."
For the moment we are having to wait on the solution i will post as soon as we get a reply, hopefully this may help with anyone else suffering the same fate .
Not all chrome browsers will be displaying this error just the very latest chrome updated versions.
A Further thought has just occurred to me looking at the bigger picture, Google have in 2014 stated that using https or a ssl website will have a ranking boost for a website.
The question that has gone unanswered is to what level of security would benefit?
Is this the first indication that a website using EV ssl (Extended Validation Certificate) will gain higer ranking and trust than those that do not?
An EV Certificate is where you will actually have your certificate verified by phone confirming your address and company name etc.
This does feel like it is an opportunity for Google to start streamlining out a business owner who are not serious about their website, thus demoting their website easily, compared to someone that is prepared to go the "whole hog".
It is an easy algorithm for them, a verified website paid for by the owner, a "we are who we say we are" algorithm.
Quote from chrome
"HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome’s user interface."
*2015 update*
Latest chrome is now displaying a green padlock will keep an eye on it over coming months, not sure if it has been fixed by chrome or rapidssl
A Further thought has just occurred to me looking at the bigger picture, Google have in 2014 stated that using https or a ssl website will have a ranking boost for a website.
The question that has gone unanswered is to what level of security would benefit?
Is this the first indication that a website using EV ssl (Extended Validation Certificate) will gain higer ranking and trust than those that do not?
An EV Certificate is where you will actually have your certificate verified by phone confirming your address and company name etc.
This does feel like it is an opportunity for Google to start streamlining out a business owner who are not serious about their website, thus demoting their website easily, compared to someone that is prepared to go the "whole hog".
It is an easy algorithm for them, a verified website paid for by the owner, a "we are who we say we are" algorithm.
Quote from chrome
"HTTPS sites whose certificate chains use SHA-1 and are valid past 1 January 2017 will no longer appear to be fully trustworthy in Chrome’s user interface."
*2015 update*
Latest chrome is now displaying a green padlock will keep an eye on it over coming months, not sure if it has been fixed by chrome or rapidssl
