Thanks for moving the post!
Perhaps Google is rolling out the change slowly, as they have promised for the thousands and thousands of Symantec certificates that will be invalid soon too. The problem is seen both on my OSX Chrome and on my work Win7x64.
Generally speaking, it’s a valid warning if the CA is dodgy and most safe browsing features protects the user. But at times, it obviously affects the wrong sites as well.. but hey, good that you’re looking at switching the CA Provider!
I should add that AFAIK all of EuroGA is accessible as HTTP. So HTTPS (which is the cause of these issues) is not necessary.
I don’t know if this will have to change one day, due to google down-ranking non-HTTPS search results.
While I’ve had no problems with this site, Chrome blocks/warns about the NTSB and some other US Gov sites. It also at first prevented me from downloading my car insurance cover note from Aviva.
Scrolling down, I found a “continue” button well below the visible page.
Peter wrote:
My take on this is that for a browser to complain is silly, because trusted websites (like EuroGA) are, ahem, trusted, and dodgy websites will infect your computer (and your phone, etc, by planting popups into the browser) regardless of certificates being valid, and to a large extent regardless of antivirus software being on the computer. IMHO the browser developers need to – to a large extent – get themselves a life and stop being so patronising
The warnings about invalid certificates have nothing to do with the websites. Invalid certificates can be signs of man-in-the-middle attacks, DNS spoofing attacks etc.
Well if your enemy is the NSA or the GCHQ then, yes, you need to be more careful in life 
But most people don’t give a damn who sees their browsing habits. According to a friend working at Cisco, most internet traffic (by data volume) is p0rn anyway
And interception by non-State enemies is nontrivial. Basically somebody needs to hook up into your telephone cable, or be working at your ISP. Or hook into your telephone signal (probably even more nontrivial).
This certificate stuff is just hassle for most people. The trigger for these measures is from revelations like wikileaks revealing widespread State surveillance (which “everybody” knew was always going on anyway, and personally I expect nothing less for my taxpayer money, in today’s political world 
) and the benefit is minimal.
Banks etc will have valid certificates because they need them. But why should a GA website need one? It doesn’t make sense.
Peter wrote:
And interception by non-State enemies is nontrivial. Basically somebody needs to hook up into your telephone cable, or be working at your ISP. Or hook into your telephone signal (probably even more nontrivial).
You can be intercepted if you use a public WiFi-network. Also, some attacks don’t need any “direct” access to your connection. On example is the DNS spoofing attack that I mentioned. On the other hand, I agree that a web site such as EuroGA would not a primary target. But the browser can hardly know that, can it?
But the browser can hardly know that, can it?
That’s what I meant by “arrogance” of browser vendors. They behave as if everybody was accessing high-privacy stuff. I don’t mind so long as there is a switch for disabling this, but there probably won’t be.
As I said, there are many little websites all over the web which carry highly informative stuff, and many of them are run by people who are no longer maintaining the website (got a life, died, etc).
Not everybody is accessing just Paypal etc.
You can be intercepted if you use a public WiFi-network.
Sure you can be, but who cares? Hey, somebody could spoof me on EuroGA. Might be an improvement
All of which I accept, but it is a pain having the warnings. Is there a plan to update the certificate?
A good site for checking how your certificate will be seen and how good the protocol support is for an HTTPS site is, and what browsers will work is:
Is there a plan to update the certificate?
Yes; David posted above on this, in post #6.
