Home

NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

%3CLINGO-SUB%20id%3D%22lingo-sub-419837%22%20slang%3D%22en-US%22%3ENET%3A%3AERR_CERTIFICATE_TRANSPARENCY_REQUIRED%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-419837%22%20slang%3D%22en-US%22%3E%3CP%3EI'm%20getting%20a%20privacy%20error%20attempting%20to%20connect%20to%20a%20corporate%20intranet%20page.%20The%20specific%20error%20is%26nbsp%3B%3CSPAN%3ENET%3A%3AERR_CERTIFICATE_TRANSPARENCY_REQUIRED%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20the%20domain%20added%20to%20the%20certificate%20transparency%20URL%20exclusion%20list%20as%20is%20specified%20in%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fwww.chromium.org%2Fadministrators%2Fpolicy-list-3%23CertificateTransparencyEnforcementDisabledForUrls%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.chromium.org%2Fadministrators%2Fpolicy-list-3%23CertificateTransparencyEnforcementDisabledForUrls%3C%2FA%3E%26nbsp%3Bwhich%20works%20fine%20with%20Google%20Chrome.%20However%20it%20does%20not%20appear%20that%20it's%20working%20with%20Edge.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20using%26nbsp%3B%3CSPAN%3EVersion%2074.1.96.24%20(Official%20build)%20dev%20(64-bit).%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-425778%22%20slang%3D%22en-US%22%3ERe%3A%20NET%3A%3AERR_CERTIFICATE_TRANSPARENCY_REQUIRED%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-425778%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F240421%22%20target%3D%22_blank%22%3E%40Bart%20Sipes%3C%2FA%3E%26nbsp%3BThanks%20for%20the%20report%3B%20please%20file%20this%20issue%20using%20the%20Feedback%20button%20for%20tracking.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThe%20problem%20you're%20encountering%20at%20this%20time%20is%20that%20Edge's%20policies%20are%20not%20read%20from%20Chrome's%20policy%20location.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20am%20curious%20to%20learn%20more%20details%20of%20your%20issue%2C%20however--%20What%20is%20the%20hostname%20and%20the%20CA%20in%20use%3F%20(Feel%20free%20to%20email%20me%20directly%20ericlaw%40).%20It's%20unexpected%20that%20many%20environments%20will%20hit%20this%20issue.%20In%20most%20cases%20like%20this%2C%20the%20CA%20root%20certificate%20used%20by%20the%20enterprise%20is%20considered%20a%20%22legacy%22%20root%20and%20thus%20CT%20is%20not%20enforced.%20In%20contrast%2C%20public%20CAs%20working%20under%20the%20baseline%20requirements%20should%20be%20issuing%20with%20CT%20and%20will%20not%20issue%20to%20%22dotless%22%20hostnames.%20Rare%20exceptions%20include%20Microsoft%20(which%20has%20a%20CA%20that%20is%20both%20trusted%20by%20default%20and%20issues%20our%20intranet%20certificates).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-432627%22%20slang%3D%22en-US%22%3ERe%3A%20NET%3A%3AERR_CERTIFICATE_TRANSPARENCY_REQUIRED%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-432627%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F317619%22%20target%3D%22_blank%22%3E%40ericlaw%3C%2FA%3EThanks%20Eric.%20I%20submitted%20this%20via%20the%20feedback%20button%20and%20also%20sent%20you%20an%20email.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Bart Sipes
New Contributor

I'm getting a privacy error attempting to connect to a corporate intranet page. The specific error is NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED

 

I have the domain added to the certificate transparency URL exclusion list as is specified in https://www.chromium.org/administrators/policy-list-3#CertificateTransparencyEnforcementDisabledForU... which works fine with Google Chrome. However it does not appear that it's working with Edge.

 

I'm using Version 74.1.96.24 (Official build) dev (64-bit).

2 Replies

@Bart Sipes Thanks for the report; please file this issue using the Feedback button for tracking.

 

The problem you're encountering at this time is that Edge's policies are not read from Chrome's policy location.

 

I am curious to learn more details of your issue, however-- What is the hostname and the CA in use? (Feel free to email me directly ericlaw@). It's unexpected that many environments will hit this issue. In most cases like this, the CA root certificate used by the enterprise is considered a "legacy" root and thus CT is not enforced. In contrast, public CAs working under the baseline requirements should be issuing with CT and will not issue to "dotless" hostnames. Rare exceptions include Microsoft (which has a CA that is both trusted by default and issues our intranet certificates).

@ericlawThanks Eric. I submitted this via the feedback button and also sent you an email.