Google.de ssl certificate

system · April 9, 2014, 11:13am

Hi,

since there was this heartbleed bug in ssl certificates i just checked the ssl certificate of google.de (german google site). I noticed that they had a new one:

Google Internet Authority G2
SN: 17:6E:54:9A:8D:0F:01:CB
Valid from 02.04.2014 to 01.07.2014

But this certificate was only used on one pc. All other PCs i checked used a different cert for google.de:

Google Internet Authority G2
SN: 69:1E:56:4E:8C:68:C8:4B
Valid 12.03.2014 to 10.06.2014

So my question is, is it possible for a website to use different certificates, and/or can someone confirm that the first certificate is legit? Im actually a bit worried.

Thank you very much!

Pondus · April 9, 2014, 11:22am

have you tried google support?

system · April 9, 2014, 11:23am

Yes no answers so far. They dont really have a contact email, just the forum

EDIT: And btw. the computer which uses the new cert is a complete fresh install with every windows update and google.de to be the first visited site.

polonus · April 9, 2014, 11:28am

There are 6 mentioned here: https://www.ssllabs.com/ssltest/analyze.html?d=google.de
click each IP for particulars…
I get a warning on

Session resumption (caching) No (IDs assigned but not accepted)

polonus

system · April 9, 2014, 11:42am

Thanks polonus. But all the 6 are certificates which are valid from 12.03.2014. I really want to know where this “new” certificate is coming from.

polonus · April 9, 2014, 12:18pm

Think part of your question is been answered here: http://help.simplenote.com/customer/portal/questions/5699868-certificate-error-from-all-browsers

pol

system · April 9, 2014, 12:31pm

I checked several other ssl tools. The Geotrust checker is listing the new certificate: https://ssltools.geotrust.com/checker/views/certCheck.jsp (you have to enter www.google.de)

So at least i could verify that the cert is legit, but question remains if these certs just exist in parallel or how i can force an update on firefox.

polonus · April 9, 2014, 1:03pm

Certain subdomains like api.google.com etc. do no longer resolve, certificate migration issues have been experienced for over a year now.
Seems the website page, header and cookie security does have issues, like not rendering public audit data, and SSLsecurity alerts for x-content-type-option and content-security-policy header issues, no best security policies for HTML form setting, PREF and NID attributes (checked against Rexc Security Analyzer).

polonus

polonus · April 9, 2014, 2:17pm

Here we see a malicious redirect to www.google.ru → http://killmalware.com/worldoriflame.com/#
Read this: https://productforums.google.com/forum/#!topic/websearch/N0gTZ9z1skE

This is unexpected
You attempted to reach www.google.ru, but instead you actually reached a server identifying itself -aswww.google.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of -www.google.ru. You should not proceed.

So here a wrong certificate is being presented.

polonus

Google.de ssl certificate

Announcements