Chrome does not trust the SSL certificate of Box's CDNs

Answered
New post

Comments

6 comments

  • Jason62

    Hi !

     

    Thank you so much for posting about this - seriously, the diligence of our community to help us out is amazing. I can confirm that we are aware of Chrome's pending deprecation of support for Symantec-issued Certificates and we will be in compliance before the deadline. 

     

    For now, those messages should only be *warnings* in the console, and any customers running Chrome 64 should still be good to go! Functionality remained in my tests with Chrome 65, and I only ran into issues when further testing with Chrome Canary which is on 66.

     

    Hope that helps alleviate some of the concern, and again thank you so much for bringing it up!

     

    Thanks,

    Jason

    0
    Comment actions Permalink
  • wearhere

    Hey , thanks for your reply. Glad to report the issue, though I would have expected some sort of advisory about this somewhere on box.com, couldn't find one.

     

    Thanks for testing that functionality will remain up until Chrome 66.

     

    Can you confirm that you'll be in compliance some days before the deadline? If you are not, we will have to make preparations to pull the picker from our application—we won't want to wait right up until 3/15.

    0
    Comment actions Permalink
  • Jason62

    Hi ,

     

    We're aiming to have it all done early, yes. I can't say exactly when unfortunately. It's in progress right now, but like with any project things can come up and change our expected dates.

     

    If this was something like a new release of an application or something more common, I'd be able to give you more of a definite date, but the nature of this particular undertaking is a bit more fluid.

     

    Definitely acknowledge the want for more of an advisory. We've done something similar in the past for other security-related topics. Given this forum thread I think that's something we'll try to put together.

     

    Thanks,

    Jason

    0
    Comment actions Permalink
  • wearhere

    Update: two weeks now and the issue still isn't fixed.

     

    Two weeks from today, your application will break.

     

    1.5 weeks from now, we will have to disable Box in our application. We just can't wait till the last minute on this. We'll need to tell our users (unfortunately) what is happening.

    0
    Comment actions Permalink
  • mwiller

     I just tested loading the JS file from https://cdn01.boxcdn.net/js/static/select.js and the certificate warning is no longer present.  You should be all set to load the File Picker from CDN.

    0
    Comment actions Permalink
  • wearhere

    Hi , I can confirm that the warning is no longer present for cdn01.boxcdn.net, the origin you and the file picker docs suggest.

     

    I still get the warning for 

    https://app.box.com/js/static/select.js. I do not know where this link came from, but it appears to be the identical script (perhaps your documentation suggested using it at some time) and our code was using it just fine; I encourage you to fix that origin too so that you do not break existing integrations.

     

    However I will accept your reply as the solution since it's easy enough for us to switch over.

     

    Thanks!

    0
    Comment actions Permalink

Please sign in to leave a comment.