Google is on a roll. After removing user control over some plugins installed in the browser, the company moved information about security certificates of sites to a place where most users may never find it.
More and more sites on the Internet move to https. Doing so has advantages, but there is also a considerable amount of pressure by browser makers and search engines to get sites to migrate.
Google is on the forefront of all of this. It may come as a surprise therefore that the company made the decision to move certificate information from the address bar to the browser's Developer Tools.
Certificate details provide you with information on the certificate a site or server uses. It provides you with information on a certificate's validity, algorithms, and more.
Update: Google added a new flag to Chrome 60 to display certificate information directly.
How to display Certificate details in Chrome
Previously, all you had to do to display details about a certificate was to click on the padlock icon in the Chrome address bar, and select details from the menu that would open up.
If you do the same in the recent versions of Chrome, details is no longer there. There is also no indication if the feature was moved to another location, or if Google pulled it completely from Chrome instead.
If you have used the option for years to check certificates, you may be at a loss.
Google did not remove the option to view certificate details completely in Chrome, but it moved the option to a place that is less intuitive to use.
Here is what you need to do now to view a certificate in the Chrome web browser:
- When you are on the site, press F12 to open the Chrome Developer Tools.
- Switch to the Security tab when the Developer Tools interface opens.
- There you find the "view certificate" button listed to open the certificate details.
The certificate information is opened in a new browser window.
While you could say that the new method of displaying certificate information in Chrome is only one additional click or tap away, it is highly problematic for the following reasons:
- Users are not given any indication that Google moved the details option.
- The method is less intuitive than the original one, especially since most browsers up to this point handle this through the padlock icon. The notable exception is Microsoft Edge.
- Depending on how wide the Chrome browser window is, Security may not even be displayed there by default. Chrome displays ">>" in the bar that shows the various Developer Tools modules. If you don't see Security listed by default, click on that icon to reveal it and select it.
Now You: What's your take on this decision?
Martin,
At the beginning of the article, the tone of your post felt like this was a positive spin. But, now that I've read the whole post, I'm reading it as sarcastic. Was that intentional?
Yes. Sorry if that was not clear right away.
I got it.
Today we have an increasing amount of AV/security software vendors acting as their own CA when they MITM people's secure connections. We have the largest PC manufacturer in the world, Lenovo, installing things like SuperFish straight from the factory. And yet browser makers are making viewing certificates more difficult.
Look on the bright side, at least you can still view the TLS certificates in Chrome. You can't view certs at all in Edge, you need to use another browser to do so...
There's usually a bug report that "explains" these unilateral decisions. Can't imagine what this one would be about though. Perhaps something about not befuddling the poor, ignorant end-user.
And this affects some other browsers, too, like Vivaldi (but not Opera, which has its own UI for this function).
What a stupid thing for Google to do. Why make is hard to see the certificate details?
Good write-up. Thank you!