The Computer Corner
By Charles Miller
Why Can’t Google Chrome or Firefox Browsers Open Certain Websites?
As with many Internet-related questions, the answer is not simple and this time involves business and politics more than technology.
A Certificate Authority (CA) is an organization that issues SSL certificates (certs for short). Certs are used by secure websites, such as your bank, to ensure that your connection between you and the bank is secure and that nobody snoops into your business while online. Certificate Authorities are charged with the responsibility of verifying that websites receiving a cert are legitimate.
A Certificate Authority could be compared to a school that teaches pilots how to fly. When an airline hires a pilot they trust that the Acme Flight School gave its students the proper training. If it came to light that the Acme Flight School is a diploma mill, then the airlines would no longer trust that pilots trained at that school have the proper credentials to fly. Trust is very important.
The web browser in your computer or tablet (Internet Explorer, Chrome, Firefox, Safari, etc.) works the same way. It is impossible for your browser to verify the legitimacy of millions of individual websites, so it trusts that if a bank or other website has been issued a cert by a recognized Certificate Authority, that your connection to that site is safe and secure.
A problem can arise if a Certificate Authority is careless and issues a fraudulent cert to a website that is not legitimate. If your web browser trusts the fraudulent cert because it trusts the CA, then you may be put at risk. That is what happened in 2014 when the Dutch company DigiNotar issued fraudulent certs that allowed parties in Iran to hack into Gmail accounts. Apple, Google, Microsoft, and others immediately revoked their trust of DigiNotar, forcing every website with a DigiNotar cert to obtain one from another CA. A few weeks later, DigiNotar shut down and filed for bankruptcy.
In March 2015, the China Internet Network Information Center (CNNIC, under the Ministry of Industry and Information Technology of the People’s Republic of China) was found to have issued a fraudulent cert for a Google domain. Admittedly, it was a minor violation this time, but the Chinese unapologetically responded, “Yeah? So what!” Google immediately revoked its trust of all CNNIC certs, meaning that Google Chrome can no longer connect securely to any website using a cert issued by CNNIC. Firefox followed Google’s lead, but unlike the previous incident when all the browser makers in unison revoked their trust of DigiNotar, Apple’s Safari browser and Microsoft’s Internet Explorer still trust all certs issued by CNNIC. This sets a troubling precedent.
CNNIC has remained unrepentant. Apple and Microsoft appear willing to risk their customer’s security by kowtowing to the Chinese rather than risk losing business in that market. This is the reason you may be unable to surf to certain websites if you use Chrome or Firefox, yet those websites open just fine in Internet Explorer or Safari.
Charles Miller is a freelance computer consultant, a frequent visitor to San Miguel since 1981 and now practically a full-time resident. He may be contacted at 044 415 101-8528 or email FAQ8 (at) SMAguru.com.