Your connection is not private: Google distrusting WoSign and StartCom SSL certificates

Recently we had a client run into a strange issue with their SSL certificate when Google Chrome (and Google Chrome alone) starting reporting that “Your connection is not private” (ERR_CERT_AUTHORITY_INVALID). We tested other browsers on both Windows and OS X and they worked without issue.

Google Chrome - Your connection is not private

The discussion threads we found relating to connection errors in Chrome proposed solutions for end-users (updating, reinstalling, setting up new profiles, checking the system clock, etc.), but this was obviously not a user-specific issue.

More digging around led us to this post from Google, where they announced they were no longer trusting certificates from WoSign and StartCom. Sure enough, the SSL certificate used on the server was from StartCom.

Thankfully it’s now easier than ever to acquire an SSL certificate and get it installed, so once we identified the issue, it was a relatively quick fix.

If you’re running a website that isn’t secure, it’s absolutely worth considering, not only for your visitors’ peace of mind but also because it can give your search ranking a slight boost.

Need assistance with website security or any of our other marketing and public relations offerings? Send us a note and let’s chat about ways to grow your business.