Jump to content
mjan

Bug under chrome padlock broken

Recommended Posts

Hello,

 

The provider of the template I use write me the problem of broken padlock under chrome browser is a problem of security of prestashop 1.6.0.9.

You can see that at that adress :

 

https://jcorporate.fr/authentification?back=my-account

 

Because it said the search module runs correctly. Has Prestashop team can fix that ?

 

Thank you for your answer

Share this post


Link to post
Share on other sites

The problem of the broken padlock with Google Chrome has nothing to do with Prestashop.

The problem is with your certificate. As far as I can guess, you are using a certificate from GeoTrust, included in a 1and1 Unlimited Hosting package, right ? Problem : these certificates use SHA-1 cypher encryption, which is totally out-dated. Google has decided to drop SHA-1 support in the next monthes, and has begun to show a broken padlock in Chrome-dev when such a certificate is detected. Next step : use this broken padlock in Chrome-beta, then in a few weeks, in Chrome vanilla.

So if you are hosted by 1and1, ask them to generate new certificates.

 

I have this problem too, with my website hosted by 1and1, (Unlimited Linux Hosting package), and I already have asked them, on Twitter, for a new certificate. Their answer was : "Buy a dedicaced 1and1 server, and you will be free to manage your certificates by yourself". This is the polite words for "Go to hell, you cheap webmaster", I suppose…

Edited by Orphee (see edit history)

Share this post


Link to post
Share on other sites

Mais mais mais… On est dans le forum français, ici… Pourquoi j'ai répondu en anglais, moi ?!?

Share this post


Link to post
Share on other sites

Merci mais a priori 1&1 indique que c'est chrome qui a un soucis, que google sait est travaille à réparer avec une nouvelle version sous peu. Voilà. A quel saint se vouer

Share this post


Link to post
Share on other sites

Et en plus je peux pas mettre chrome à jour puisque windows 8.1 indique : L'administrateur a désactivé les mises à jour. lol

Un ordi tout neuf

Share this post


Link to post
Share on other sites

Merci mais a priori 1&1 indique que c'est chrome qui a un soucis, que google sait est travaille à réparer avec une nouvelle version sous peu. Voilà. A quel saint se vouer

Faux et archi-faux.

Google a officiellement communiqué sur leur abandon des certificats signés en SHA-1 :

http://googleonlinesecurity.blogspot.fr/2014/09/gradually-sunsetting-sha-1.html

et une très bonne analyse ici : https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1

1and1 ment, et il FAUT exiger qu'ils nous mettent à jour nos certificats, sinon les gens vont mettre en doute les boutiques.

 

Je vais bientôt commencer à les harceler sur Twitter avec cette question.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More