Comodo Dragon browser - Possibly Missing CA Roots to Trust Let's Encrypt

Ironically enough, this forum displays the same address bar warning as the site I configured the server for.

  • There is no mixed content, everything is configured to display with https.
  • A rating on ssllabs.
  • Using Comodo Dragon browser (customized version of Chrome browser, iirc).

Warning looks like this, just like on this forum:

Other secure websites like imgur, amazon, google, etc don’t have the same warning message. I’m inclined to think this is browser related because this website is showing “Not Secure” in the address bar without any other warning.

Here is what SSL Labs looks like (would have posted this one in the OP had it not been for the one image per post for new user rule):

your browser should have the root ISRG and in it's CA trust store

This is something you should take up with Comodo as the roots needed to establish a chain of trust for let's encrypt certificates are in all the major players bundles

A list of all the cryptography providers (browsers libraries) that trust the roots for Let's Encrypt

image

Hi @ElHefe,

I never heard of this browser before, but I like the name!

I feel like this error would be more likely to be related to something like mixed content rather than the certificate (since usually certificate errors don’t load the content of the page at all). Can you click on the “Not secure” to get any more detailed information about the reason?

Can you try browsing to some of the pages at https://badssl.com/ to see if you see similar or different security indications? That provides a set of deliberately broken HTTPS sites (with different certificate problems) so that you can test browsers’ behavior with each one.

I seem to remember reading (edit: perhaps here?) that Comodo Dragon treats DV certificates as inferior to OV and EV certificates (unlike most browsers which treat DV and OV as mostly equal). Maybe they implemented that in a way that’s interacting badly with the new security warnings in Chrome 62? (it’s based on Chrome, but I don’t know what version)

It has been like that for some time. https://forums.comodo.com/dragon-and-lets-encrypt-t119815.0.html

2 Likes

Ah, so it’s another way for Comodo to try to snipe at Let’s Encrypt. All the more reason to avoid doing business with them.

1 Like

Are you required to use this crap Browser because of some compliance shit? That thing is a security nightmare and i would recommend to you to use something else like Chromium, even Internet Explorer would be better from a security perspective (and damn you have to go really really low to rank under Microsofts Internet Explorer) https://bugs.chromium.org/p/project-zero/issues/detail?id=704&redir=1

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.