Forum Discussion
Your connection isn't private on edge after hardening plus no home page
I can imagine some CAs issue short-lived certificates and thus provide no means to revoke them. Letsencrypt would be an obvious example, but they *do* provide revocation means via OCSP.
Google, too, issues short-lived (3 months long) certificates for http://www.google.com but they, too, provide OCSP and CRL in their certificates, at least, for me.
Could it be you are using some middle box (e.g., PaloAlto Networks or Cisco firewall) on your network or antivirus on your computer that does https interception and substitutes certificate with their own? To confirm that, can you view the certificate you get and check if it’s really Google’s? Google certificate is issued by GTS CA which is issued by GTS Root R1. You can inspect real certificates via https://www.ssllabs.com/ssltest/
- MikeGl1963May 18, 2022Brass Contributor
Based on what you said, I looked over my parameters and found the following setting:
"Specify if online OCSP/CRL checks are required for local trust anchors" Which we had set to Enabled. As per the explanation "If Microsoft Edge can't get revocation status information, these certificates are treated as revoked ("hard-fail")." The moment I set this back to Not Configured, everything started working again.
So thank you for your excellent assistance.
Since I can't mark two posts as Best Response, and since I got the help I needed from you and from mikhailf I hope you will both accept my thanks alone in this.
Mike Glassman
- MikeGl1963May 18, 2022Brass Contributor
Hi Kevin,
So I did as you suggested and looked at the certificate, and indeed, it seems as though our systems are generating a new certificate for http://www.google.com (See attached picture).
What is odd to me is why I do not see this problem with the Chrome browser or Firefox, but only on the Edge, and I am pretty sure it has to do with one of the settings we have set, I just don't for the life of me know which one.
We are currently using a proxy from Broadcom (to be replaced in a few months) from Symantec.
Any pointers as to what setting may be causing this issue on Edge only ?
We have hardened the Chrome as well as a side note.
Thanks for the help so far,
Mike