Google asking many to select a client certificate erroneously
9 points
1 hour ago
| 3 comments
| HN
Google just prompted me to select a certificate for lh3.googleusercontent.com:443

I'm not alone in this, also happened to my friend, and also posted to Reddit:

https://www.reddit.com/r/techsupport/comments/1u7h672/browser_asking_me_to_select_certificate_is_it_a/

Seems like somebody definitely misconfigured something somewhere. The question is then was this the direct result of the misconfiguration, or someone abusing a misconfiguration. Client certificates can be used to identify people so this is a good way to mass collect certs. This data could also be used to analyse client certificates that are around.

jlma
1 hour ago
[-]
Yes, I've been having the same issue all day.
reply
karabara
1 hour ago
[-]
First thing I saw when I reopened Chrome and had Gemini open. Thought it had something to do with my GlobalProtect VPN since there’s a security vulnerability being logged right now.
reply
emilfihlman
1 hour ago
[-]
I have no vpn on my part.
reply
a_t48
1 hour ago
[-]
Wife also ran into this, advised her to click "no". Very odd.
reply
emilfihlman
1 hour ago
[-]
Yeah I would definitely hit no. Should have collected network information while it happened.

What was also interesting is that it prompted me to select a certificate that was definitely not for that page, ie. it accepted any and all certs, not just ones that are for a certain page (I have incus web generated certificates that should be only for that domain and page, which definitely have nothing to do with Google).

reply