Comodo Dragon browser - Possibly Missing CA Roots to Trust Let's Encrypt


#1

Ironically enough, this forum displays the same address bar warning as the site I configured the server for.

  • There is no mixed content, everything is configured to display with https.
  • A rating on ssllabs.
  • Using Comodo Dragon browser (customized version of Chrome browser, iirc).

Warning looks like this, just like on this forum:

Other secure websites like imgur, amazon, google, etc don’t have the same warning message. I’m inclined to think this is browser related because this website is showing “Not Secure” in the address bar without any other warning.


Update on Comodo Dragon and Let’s Encrypt
#2

Here is what SSL Labs looks like (would have posted this one in the OP had it not been for the one image per post for new user rule):


#3

your browser should have the root ISRG and in it’s CA trust store

This is something you should take up with Comodo as the roots needed to establish a chain of trust for let’s encrypt certificates are in all the major players bundles

A list of all the cryptography providers (browsers libraries) that trust the roots for Let’s Encrypt

image


#4

Hi @ElHefe,

I never heard of this browser before, but I like the name!

I feel like this error would be more likely to be related to something like mixed content rather than the certificate (since usually certificate errors don’t load the content of the page at all). Can you click on the “Not secure” to get any more detailed information about the reason?

Can you try browsing to some of the pages at https://badssl.com/ to see if you see similar or different security indications? That provides a set of deliberately broken HTTPS sites (with different certificate problems) so that you can test browsers’ behavior with each one.


#5

I seem to remember reading (edit: perhaps here?) that Comodo Dragon treats DV certificates as inferior to OV and EV certificates (unlike most browsers which treat DV and OV as mostly equal). Maybe they implemented that in a way that’s interacting badly with the new security warnings in Chrome 62? (it’s based on Chrome, but I don’t know what version)


#6

It has been like that for some time. https://forums.comodo.com/dragon-and-lets-encrypt-t119815.0.html


Hosting provider claims LE is unsafe en Google will stop support in July 2018
#7

Ah, so it’s another way for Comodo to try to snipe at Let’s Encrypt. All the more reason to avoid doing business with them.


#8

Are you required to use this crap Browser because of some compliance shit? That thing is a security nightmare and i would recommend to you to use something else like Chromium, even Internet Explorer would be better from a security perspective (and damn you have to go really really low to rank under Microsofts Internet Explorer) https://bugs.chromium.org/p/project-zero/issues/detail?id=704&redir=1


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.