Refusing helper connection from Chrome 80

rename the 1.jpeg to 1.log it's the infomation

app start
app 7.3.712, 32 bit
.NET 4.0.30319.42000
OS Microsoft Windows NT 10.0.17763.0, 64 bit, system uptime: 0 day(s) 00:00

[Subject]
CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US
Simple Name: Google LLC
DNS Name: Google LLC

[Issuer]
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Simple Name: DigiCert SHA2 Assured ID Code Signing CA
DNS Name: DigiCert SHA2 Assured ID Code Signing CA

I342346msThreadId(2)1Password::api:1694 │ 342355ms │ ShowMiniKey is used to show mini window.
E447435msThreadId(7)1Password::api:1706 │ 447443ms │ Refusing helper connection from "C:\Users\Usernames\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
I464265msThreadId(2)1Password::api:1694 │ 464273ms │ ShowMiniKey is used to show mini window.
I467853msThreadId(2)1Password::api:1694 │ 467862ms │ Restoring bounds to 188,200,1869,1080, stored 188,200,1869,1080, virtual screen 0,0,2560,1440, state Normal
**E557765msThreadId(8)1Password::api:1706 │ 557773ms │ Refusing helper connection from "C:\Users\Usernames\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
**

Comments

  • Thresh
    Thresh
    Community Member

    So did the 1password verify the Chrome in Local or need to connect to the Net?

    I sure it's not because of the firewall.because I put it in the whitelist both dirction ,and work well for 3 months. by the way the question almost happened every 3 or 4 weeks once before, just after that I sure it's conflict with the firewall so I put it in the whitelist double way than just income.

    Why I doub this , because today my net is just a mess. maybe the gateway of my city is something wrong, So did this will influence the 1password verity the Browser?

  • Thresh
    Thresh
    Community Member

    3086ms ThreadId(6) 1Password::api:1700 │ 3086ms │ failed to build certificate chain for [Version]
    V3

    [Subject]
    CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US
    Simple Name: Google LLC
    DNS Name: Google LLC

    [Issuer]
    CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
    Simple Name: DigiCert SHA2 Assured ID Code Signing CA
    DNS Name: DigiCert SHA2 Assured ID Code Signing CA

    [Serial Number]
    0C15BE4A15BB0903C901B1D6C265302F

    [Not Before]
    2018/11/7 8:00:00

    [Not After]
    2021/11/17 20:00:00

    [Thumbprint]
    CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E

    [Signature Algorithm]
    sha256RSA(1.2.840.113549.1.1.11)

    [Public Key]
    Algorithm: RSA
    Length: 2048
    Key Blob: 30 82 01 0a 02 82 01 01 00 cd e6 e9 87 e5 b2 16 59 83 cc 80 94 f4 6e 14 45 99 99 cf 6b d3 64 e6 98 ac 6c e2 96 fa 2e 90 52 3f 31 d7 05 86 85 0f b2 6f 85 6c 31 71 08 ce d1 2b 12 e3 1c 7d 9d 60 5e 1f b5 b1 56 70 57 04 57 c7 2b 30 b5 82 4c a2 4b 3d 21 3d b0 6c f5 ee d5 a1 b7 a9 7f 75 47 1a 42 94 2a 6b 1e 51 9f e0 25 4c df 97 b3 03 ea d2 4c 58 79 00 ed d0 7b 52 65 a1 4e fb b7 e0 e9 64 9f 7c 9c 7c d6 cb d6 a0 73 9c 66 c2 b3 d8 48 20 bf 0f f6 ae a3 b5 b3 5e 33 e2 50 e1 87 85 a4 a4 1a d6 d0 2d e9 ce b8 ce b3 7c 82 69 bd 1e 06 05 bc 34 74 d1 d0 f8 03 33 70 1d b7 7c 09 50 51 ef c5 f9 b4 91 f1 92 b9 dd 08 4e 23 c1 fe 82 a4 cf 92 36 27 6e 82 63 8b f4 bf fa 28 ab 5f ef c9 71 e7 d2 c4 bb 04 64 de f6 6d 03 75 90 de b7 43 ed 06 1e 96 87 44 b7 58 08 6e ce b6 69 53 87 6a 72 db 2c 4d 79 76 39 a7 bc 75 02 03 01 00 01
    Parameters: 05 00

    [Extensions]

    • 授权密钥标识符(2.5.29.35):
      KeyID=5ac4b97b2a0aa3a5ea7103c060f92df665750e58

    • 使用者密钥标识符(2.5.29.14):
      d4d23859ff7b2d5200bba00093d9924935da2523

    • 密钥用法(2.5.29.15):
      Digital Signature (80)

    • 增强型密钥用法(2.5.29.37):
      代码签名 (1.3.6.1.5.5.7.3.3)

    • CRL 分发点(2.5.29.31):
      [1]CRL Distribution Point
      Distribution Point Name:
      Full Name:
      URL=http://crl3.digicert.com/sha2-assured-cs-g1.crl
      [2]CRL Distribution Point
      Distribution Point Name:
      Full Name:
      URL=http://crl4.digicert.com/sha2-assured-cs-g1.crl

    • 证书策略(2.5.29.32):
      [1]Certificate Policy:
      Policy Identifier=2.16.840.1.114412.3.1
      [1,1]Policy Qualifier Info:
      Policy Qualifier Id=CPS
      Qualifier:
      https://www.digicert.com/CPS
      [2]Certificate Policy:
      Policy Identifier=2.23.140.1.4.1

    • 授权信息访问(1.3.6.1.5.5.7.1.1):
      [1]Authority Info Access
      Access Method=联机证书状态协议 (1.3.6.1.5.5.7.48.1)
      Alternative Name:
      URL=http://ocsp.digicert.com
      [2]Authority Info Access
      Access Method=证书颁发机构颁发者 (1.3.6.1.5.5.7.48.2)
      Alternative Name:
      URL=http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt

    • 基本约束(2.5.29.19):
      Subject Type=End Entity
      Path Length Constraint=None

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @Thresh!

    This usually happen when Chrome is in the middle of an update. Can you please try fully quitting Chrome and relaunching it, and see if 1Password can connect successfully to it again?

  • Thresh
    Thresh
    Community Member

    @ag_ana Thanks,but it's not working. I tried to restart the computer and reopen the Chrome. not working~~ :'( :'( :'(
    from yesterday to now I still try to clear what make this?
    I DON'T install or uninstall any software, or change the setting of the OS, and I just backup some file to the portable disk. yesterday

    So I don't know what make the 1password down?

    today I even tried to resetting the Firewall and VMware Network Adapter.

    so anything else can I do for it ? and in the processlist the nactive message trans from the Chrome to the 1password ,it called by the cmd and then called the 1password helper.exe. but killed in 1sec because .

    AND THE LOG REPEAT

    Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.

    E595092msThreadId(11)1Password::api:1706 │ 595092ms │ pipe error, 60 seconds before restart
    System.ArgumentException: ID 为 3812 的进程当前未运行。
    在 System.Diagnostics.Process.GetProcessById(Int32 processId, String machineName)
    在 System.Diagnostics.Process.GetProcessById(Int32 processId)
    在 AgileBits.OnePassword.NativeMessagingBrowserListener.Approve(NamedPipeServerStream pipe)
    在 AgileBits.OnePassword.NativeMessagingBrowserListener.<>c__DisplayClass3_2.<Start>b__0()
    E611061msThreadId(16)1Password::api:1706 │ 611061ms │ Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
    E676393msThreadId(6)1Password::api:1706 │ 676393ms │ Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
    E726717msThreadId(14)1Password::api:1706 │ 726717ms │ Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
    E726717msThreadId(7)1Password::api:1706 │ 726717ms │ Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
    W726726msThreadId(7)1Password::api:1700 │ 726727ms │ failed to build certificate chain for [Version]
    V3
  • Thresh
    Thresh
    Community Member

    is any port of network need I to check?
    and anything else need I to notice???

  • Thresh
    Thresh
    Community Member

    by the way I doubt it not the question of the Chrome.

    I installed Firefox 73.01 for whole new and just add the 1password helper(1Password-4.7.5.90.xpi)

    it also was denied by the 1password~

  • Hi @Thresh,

    Yes, in 1Password 7.3 for Windows, certificate check includes the entire chain of trust check (not something we wanted but it is done externally), which means it also goes up to the internet to verify it. I don't know which URL it is for Windows but if you check your logs, there should be a ping to the certificate site, I'm guessing http://ocsp.digicert.com.

    This is something we've changed already in 1Password 7.4 betas, so it no longer needs to verify the whole chain, just the browser to ensure it had a valid signed certificate and it will also support them even if the signing key has expired, which doesn't invalidate the certificate.

    If you'd like, you can try 1Password 7.4 beta and see if it works better for you.

This discussion has been closed.