13

I would like to know what does this error message means in the chrome and when I try to access in my case hotmail and I get this below message and if I try to access gmail or yahoo or facebook I do not get this message, can anybody help me educate?

Just you know I have malware bytes premium and also McAfee on my system and I'm using windows 10

Your connection is not private

Attackers might be trying to steal your information from hotmail.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

hotmail.com normally uses encryption to protect your information. When Google Chrome tried to connect to hotmail.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be hotmail.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

You cannot visit hotmail.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later. when I double click on NET::ERR_CERT_COMMON_NAME_INVALID then I see the following

Subject: *.mail.live.com
Issuer: Microsoft IT SSL SHA2
Expires on: Feb 17, 2018
Current date: May 2, 2017
PEM encoded chain:
-----BEGIN CERTIFICATE-----
MIIH/TCCBeWgAwIBAgITWgAH0HeSax/6XsZlkgAAAAfQdzANBgkqhkiG9w0BAQsF
................................
-----END CERTIFICATE-----
Nick Kahn
  • 281

3 Answers3

14

I have encountered this issues several times before. In most cases, it's caused by:

  • Wrong date & time on your computer (or device you are using).
  • Google Chrome cookies & cached files.
  • DNS cached.
  • Antivirus blocks SSL connections.

The first step you should do is to check and verify again the date & time to make sure it's correct.

Next, check the scope of this issue. To do so, use another web browser like Opera or Firefox and visit the same HTTPS website. If you get the same (or similar) error, then it's not a fault on your Google Chrome browser.

In this case, I would recommend clearing DNS cached by using the following command in Command Prompt:

 ipconfig /flushdns

In case this error only occurs on your Chrome browser, then try to clean up all cookies and cached files on your browser and try again.

Besides, if you are using antivirus application or firewall that has the SSL scanning feature (or web shield), it could cause this error as well. You can test by turning off those programs temporarily.

Source: Fix Your Connection Is Not Private Error In Google Chrome

KevinD
  • 623
2

Update: MS fixes the issue with a new certificate which properly includes hotmail.com domain. so no more error message when accessing hotmail.com on Chrome.

Below is for reference only.

I believe it's not a "sth. is wrong with your configuration" situation instead it's a server side issue. I'd like to write a long answer so anyone facing the same issue(Chrome 58 and hotmail.com) wouldn't waste time in "securing" the system.

As of today(May 8th 2017) hotmail.com has following certificate

-----BEGIN CERTIFICATE----- MIIH/TCCBeWgAwIBAgITWgAH0HeSax/6XsZlkgAAAAfQdzANBgkqhkiG9w0BAQsF ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEVMBMGA1UE CxMMTWljcm9zb2Z0IElUMR4wHAYDVQQDExVNaWNyb3NvZnQgSVQgU1NMIFNIQTIw HhcNMTcwNDE3MTc0MjIzWhcNMTgwMjE3MTc0MjIzWjAaMRgwFgYDVQQDDA8qLm1h aWwubGl2ZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDf1hD1 tIfgW3k8stvmQJCZEpXhcYOmH597ePSSvnozmNTUUp++65+k1uvmFGrbKtaSvuRu FpiJvFvJ6KJnNFNgKmyzpgUKC1tud4pC7pIMO4uRfxTGPVS7AUZiAZCu1xzPOaDR z9/9I94Emhth+gr1mSOcDlOf2PZnCNoRVfmMiwtcn7RUzzzklHZAlGCirwe/HOk4 An5F0dCOv4eoOaquvpVv15d3tdy+Tep7iRDg0LvJ5EWhpBhvBymipSVfMK9aSQhC kvyXEdKHWmZzcAOGuA68TGNCYAVbSfVRJzrrhgGqb8GkydSuFKF8NROA7NQyzeTT n89hxd3CUxGvuM6JAgMBAAGjggPIMIIDxDAdBgNVHQ4EFgQUv8Vqe/TPUXEp1tkE KXc0cvw9JTQwCwYDVR0PBAQDAgSwMB8GA1UdIwQYMBaAFFGvJCac9GgiV4AmKztG YhV7HsylMH0GA1UdHwR2MHQwcqBwoG6GNmh0dHA6Ly9tc2NybC5taWNyb3NvZnQu Y29tL3BraS9tc2NvcnAvY3JsL21zaXR3d3cyLmNybIY0aHR0cDovL2NybC5taWNy b3NvZnQuY29tL3BraS9tc2NvcnAvY3JsL21zaXR3d3cyLmNybDBwBggrBgEFBQcB AQRkMGIwPAYIKwYBBQUHMAKGMGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kv bXNjb3JwL21zaXR3d3cyLmNydDAiBggrBgEFBQcwAYYWaHR0cDovL29jc3AubXNv Y3NwLmNvbTA9BgkrBgEEAYI3FQcEMDAuBiYrBgEEAYI3FQiDz4lNrfIChaGfDIL6 yn2B4ft0gU+HtM98gc26MgIBZAIBHDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYB BQUHAwIwTgYDVR0gBEcwRTBDBgkrBgEEAYI3KgEwNjA0BggrBgEFBQcCARYoaHR0 cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9tc2NvcnAvY3BzADAnBgkrBgEEAYI3 FQoEGjAYMAoGCCsGAQUFBwMBMAoGCCsGAQUFBwMCMIIBqwYDVR0RBIIBojCCAZ6C DyoubWFpbC5saXZlLmNvbYIKKi5saXZlLmNvbYINKi5ob3RtYWlsLmNvbYIJKi5t c24uY29tgggqLmFmeC5tc4INbWFpbC5saXZlLmNvbYINaG90bWFpbC5jby5qcIIN aG90bWFpbC5jby51a4IQaG90bWFpbC5saXZlLmNvbYIPaG90bWFpbC5tc24uY29t gg93d3cuaG90bWFpbC5jb22CE3d3dy5ob3RtYWlsLm1zbi5jb22CDHd3dy5saXZl LmNvbYIRd3d3Lm1haWwubGl2ZS5jb22CD20ubWFpbC5saXZlLmNvbYIRY29udGFj dHMubGl2ZS5jb22CD3Blb3BsZS5saXZlLmNvbYINaG9tZS5saXZlLmNvbYIYY29s NDMwLXNlYy5tYWlsLmxpdmUuY29tghtvcmlnaW4uYmx1MTgwLm1haWwubGl2ZS5j b22CG29yaWdpbi5kdWIxMzEubWFpbC5saXZlLmNvbYIfb3JpZ2luLmNvbDQzMC1z ZWMubWFpbC5saXZlLmNvbYILbXNzbC5hZngubXMwDQYJKoZIhvcNAQELBQADggIB AJIg/Pcc3FtEe4bazzwRXl5Dirjz69TlBrkHBhA/Mf9fw2nEAGXl9xckjL48yG3a yPWUolT4sAO8aWkqAtTKjpB7Qtiuk/M8ZLI5LENeKlb8d4RRbKs/qQhqK07/5PaI XptcqSu6mGY6UcdKsdzlpEjMhrfhDPStReZQPs9pkeD13IkxgPONih2IyoMdsqEz JUHIBgs4Yz0v7OHZeE2GZ8wkCGukbUC+HyNTpWX1v8/1RSzbp7Bpe2kv5Y3BWBiK HlYvCvwYfr2660wr1tllQc/6JqPecWAmENlbzEoArH5P0JPmCRlTFgHnkQw8jU/4 6JLpt37XOpdQRPe6d4KG1qoAI1hdGjLdC2sRwVTKUS0LWF/U0QpeJzGa9L1rUBmh DdwzvSd914MMgSV66QfA4hswfhXtV1k8Rf7Tyngr965n2QO3uLSpUrZ9wENSSPu2 0RDIQRssQAVgX3o5dAhf2HUGHzRbqTZDA7x01HKYBcAxpdmQP8JAS48bY6x1CeHh F10tXhJVtnmSdjrEdMTB0uf6EUSYXQE40HckguyggQwK61gq74KszoP96l8rTGJe 7OQunGtgykbPzW81ecE2PcIJ5mN7h0rfvat5xAVj+WxJ3BTUoCFxYIw3Xal+z6Hn Js9aVZBWUcn6TGVDApG5QghlXyUg8ilE1NgHdGpmpJyQ -----END CERTIFICATE-----

Which can be decoded here(or just search "ssl certificate decoder") it has common name *.mail.live.com and SAN:

*.mail.live.com, *.live.com, *.hotmail.com, *.msn.com, *.afx.ms, mail.live.com, hotmail.co.jp, hotmail.co.uk, hotmail.live.com, hotmail.msn.com, www.hotmail.com, www.hotmail.msn.com, www.live.com, www.mail.live.com, m.mail.live.com, contacts.live.com, people.live.com, home.live.com, col430-sec.mail.live.com, origin.blu180.mail.live.com, origin.dub131.mail.live.com, origin.col430-sec.mail.live.com, mssl.afx.ms

Note that it has *.hotmail.com as well as www.hotmail.com but no hotmail.com, and *.hotmail.com does NOT cover hotmail.com.

So most likely there is some change in Chrome 58 which properly implements this check and blocks hotmail.com. Using www.hotmail.com instead of hotmail.com should eliminate the error.

And the same error is caught with Firefox but since hotmail.com is a 301 redirect Firefox just let it pass but there is actually something wrong.Firefox

On May 9th, 2017 hotmail.com has a new certificate with hotmail.com included so no more error message on Chrome.

Subject Alternative Names: *.mail.live.com, *.live.com, *.hotmail.com, *.msn.com, *.afx.ms, mail.live.com, hotmail.co.jp, hotmail.co.uk, hotmail.live.com, hotmail.msn.com, www.hotmail.com, www.hotmail.msn.com, www.live.com, www.mail.live.com, m.mail.live.com, contacts.live.com, people.live.com, home.live.com, col430-sec.mail.live.com, origin.blu180.mail.live.com, origin.dub131.mail.live.com, origin.col430-sec.mail.live.com, mssl.afx.ms, hotmail.com, live.com

lex
  • 1,077
0

This error means that you cannot establish a secure connection, and the HSTS (HTTP Strict Transport Security) used by Hotmail will not allow the security of the connection to be "negotiated down" to an unacceptably risky level.
It could be that the date/time on your PC is not correct, which would cause the systems to disagree about the "freshness" of the security details. Use a cellphone or something that has known good time and update your PC's time and date.
I am discounting the "Wi-Fi sign-in screen" suggestion in the error message because you are able to access other sites.
For more on HSTS, I recommend the Wikipedia article, and as a next step in troubleshooting, ensure your calendar and clock are set right. Good luck!