6. May 2014

If you are, like me, using the Google Chrome browser under Windows XP with Servicepack 2 installed, you were in for a surprise a couple of weeks ago: the browser refused to make a SSL connection to Twitter, Dropbox, Pinterest, WordPress.com and a few other websites, complaining about a malformed SSL certificate. This is not a virus attack or something malicious - it actually happens because Twitter.com got a new SSL certificate signed with SHA-256 on April 7th which seems to be incompatible with Windows XP SP2, the other websites seem to have similar new certificates. Chrome uses Windows' built-in SSL certificate management, which does not support SHA-256 until Servicepack 3. All browsers using Webkit/Blink seem to be affected plus, of course, the Internet Explorer, but not Firefox or the older Opera versions up to 12 because they use their own certificate management.

As far as I have found out, there is no way to fix this problem for Chrome under Windows XP without upgrading to Servicepack 3, which may be a huge problem for users with low harddisk space or programs which do not work well under SP3. But there is a way to override the message and still use Twitter with Chrome despite the malformed certificate: you have to add the command line option --ignore-certificate-errors to the shortcut on your desktop or start menu after the chrome.exe command. This overrides the message and loads the websites, but you still get the red crossed-out warning in the address bar. The main problem is that Chrome does not appear to have any other way to overrite the certificate warnings.

[Update July 1st: Since version 35, Chrome is displaying a warning message on startup that the --ignore-certificate-errors command line option is unsupported, but the fix is still working as described. Hopefully Google is not going to remove the option completely! August 28th: Still works with the latest update to version 37!]

Please note that this might be dangerous! While a website still seems to be properly encrypted with the malformed certificate, I have no idea what effects this might have. Rumours that the encryption itself does not work without the certificate seem to be wrong, but be careful if you are on SSL-encrypted websites other than Twitter, Dropbox, Pinterest or WordPress.com and the crossed-out warning on the https://-prefix shows up! You can always click on the lock icon and find out what is going on. The mobile Twitter site at mobile.twitter.com is not affected by this problem, possibly because of a separate certificate. 

I know that this is not an ideal solution, but it might be the only way to continue using Chrome on Windows XP SP2 systems.

Kategorie: WWW

Unfortunatly this solution doesn’t works for me. I’m using Windows XP SP2. Do you have another idea please!

Thanks for the heads up! Since updating to SP3 the certificate errors seemed to disappear in Chrome. If you’re stuck on SP2 for some reason, install Mozilla Firefox and use that, no certificate errors on there.

Write a Comment