Google is on a roll. After removing user control over some plugins installed in the browser, the company moved information about security certificates of sites to a place where most users may never find it.
More and more sites on the Internet move to https. Doing so has advantages, but there is also a considerable amount of pressure by browser makers and search engines to get sites to migrate.
Google is on the forefront of all of this. It may come as a surprise therefore that the company made the decision to move certificate information from the address bar to the browser's Developer Tools.
Certificate details provide you with information on the certificate a site or server uses. It provides you with information on a certificate's validity, algorithms, and more.
Update: Google added a new flag to Chrome 60 to display certificate information directly.
Previously, all you had to do to display details about a certificate was to click on the padlock icon in the Chrome address bar, and select details from the menu that would open up.
If you do the same in the recent versions of Chrome, details is no longer there. There is also no indication if the feature was moved to another location, or if Google pulled it completely from Chrome instead.
If you have used the option for years to check certificates, you may be at a loss.
Google did not remove the option to view certificate details completely in Chrome, but it moved the option to a place that is less intuitive to use.
Here is what you need to do now to view a certificate in the Chrome web browser:
The certificate information is opened in a new browser window.
While you could say that the new method of displaying certificate information in Chrome is only one additional click or tap away, it is highly problematic for the following reasons:
Now You: What's your take on this decision?
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.
Martin,
At the beginning of the article, the tone of your post felt like this was a positive spin. But, now that I’ve read the whole post, I’m reading it as sarcastic. Was that intentional?
Yes. Sorry if that was not clear right away.
I got it.
Today we have an increasing amount of AV/security software vendors acting as their own CA when they MITM people’s secure connections. We have the largest PC manufacturer in the world, Lenovo, installing things like SuperFish straight from the factory. And yet browser makers are making viewing certificates more difficult.
Look on the bright side, at least you can still view the TLS certificates in Chrome. You can’t view certs at all in Edge, you need to use another browser to do so…
There’s usually a bug report that “explains” these unilateral decisions. Can’t imagine what this one would be about though. Perhaps something about not befuddling the poor, ignorant end-user.
And this affects some other browsers, too, like Vivaldi (but not Opera, which has its own UI for this function).
What a stupid thing for Google to do. Why make is hard to see the certificate details?
Good write-up. Thank you!