Certificate management in Brave

hidigoudi · July 2, 2023, 7:02am

Troubleshooting technical issues is much easier when both the user and support agent practice clear communication. For this reason, we have provided the template below for you to fill out with information about your issue. Please provide as much detail as possible so we can most efficiently resolve your problem.

Delete the any text above the line separator below before posting

Description of the issue:
Certificate management and cache are not clear for me. I explain my disappointing about something I find strange : I have a website using the Let’s Encrypt certificates full chain for HTTPS as following =

The last end user certificate is hidden for anonymity. It corresponds to the last certificate in the chain. In the Certificates management in Brave settings, I have the “ISRG Root X1” CA certificate stored (the root certificate) but the intermediate “R3” certificate is missing. I think it is normal as it is not a root self signed certificate.

For tests purposes, I intentionally configure my web server to send only the end user certificate and not the full chain. The end user certificate corresponds to the black line in the image above.

With a wget command in my OS (or curl) : wget https://website.com → I got a SSL error because the system is not able to validate the end user certificate, I don’t have the R3 issuer in my OS. It is a normal behavior. However, when I try a connection to this same website on Brave, everything works fine and I can connect to the website without any warning or error. Brave is able to validate the R3 certificate but I don’t know how ?

I though it was linked to the browser’s cache at the beginning, but finally after clear it, the behavior is the same. I can access without any issue to the misconfigured website.

Is someone is able to explain me how Brave can validate these kind of website ?

Thank you.

Exact URL of the website in question: Not necessary in this case.

Did the issue present with default Shields settings? (yes/no) no

Does the site function as expected when Shields are turned off? N/A

Is there a specific Shields configuration that causes the site to break? If so, tell us that configuration. (yes/no): No

Does the site work as expected when using Chrome? Yes but it works also in Brave when it shouldn’t

Brave version (check About Brave):
Version 1.52.129 Chromium: 114.0.5735.198 (Official Build) (64-bit)

fanboynz · July 2, 2023, 11:56am

Changes like this will come from Chromium upstream @hidigoudi

hidigoudi · July 2, 2023, 1:16pm

Hello,

I don’t ask for a change, I just wondering what is the exact behavior of the web browser to validate the certificates chain. Maybe there are hidden embedded intermediate certificates that they aren’t visible from the GUI.

Thanks.

system · August 1, 2023, 1:16pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
HTTPS/SSL Certificate browser	40	21017	January 25, 2023
Privacy Error - Let’sEncrypt DST Root CA X3 Expiration Issue Desktop Support windows	11	2325	November 9, 2021
Certificate/https error while visititng sites Desktop Support linux	3	2778	January 2, 2022
Unable to connect to site with self signed certificate Desktop Support macos	7	6427	February 8, 2022
Brave Rewards Bug. Can't Verify Site Is Using Https? Creators	11	927	June 12, 2020
Brave certificate issues Desktop Support windows	8	9545	November 25, 2021
Failure to clear "Not Secure" indicator when a site gets a new SSL certificate Desktop Support browser	9	721	November 27, 2024
Brave browser has certificate issue with Finnish internet providers leading to issues when trying to use government/banking or anything that needs verification	5	654	March 10, 2021

Certificate management in Brave

Related topics