Refusing helper connection from Chrome 80

Thresh · March 2020

rename the 1.jpeg to 1.log it's the infomation

app start
app 7.3.712, 32 bit
.NET 4.0.30319.42000
OS Microsoft Windows NT 10.0.17763.0, 64 bit, system uptime: 0 day(s) 00:00

[Subject]
CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US
Simple Name: Google LLC
DNS Name: Google LLC

[Issuer]
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Simple Name: DigiCert SHA2 Assured ID Code Signing CA
DNS Name: DigiCert SHA2 Assured ID Code Signing CA

I342346msThreadId(2)1Password::api:1694 │ 342355ms │ ShowMiniKey is used to show mini window.
E447435msThreadId(7)1Password::api:1706 │ 447443ms │ Refusing helper connection from "C:\Users\Usernames\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
I464265msThreadId(2)1Password::api:1694 │ 464273ms │ ShowMiniKey is used to show mini window.
I467853msThreadId(2)1Password::api:1694 │ 467862ms │ Restoring bounds to 188,200,1869,1080, stored 188,200,1869,1080, virtual screen 0,0,2560,1440, state Normal
**E557765msThreadId(8)1Password::api:1706 │ 557773ms │ Refusing helper connection from "C:\Users\Usernames\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
**

Thresh · March 2020

So did the 1password verify the Chrome in Local or need to connect to the Net?

I sure it's not because of the firewall.because I put it in the whitelist both dirction ,and work well for 3 months. by the way the question almost happened every 3 or 4 weeks once before, just after that I sure it's conflict with the firewall so I put it in the whitelist double way than just income.

Why I doub this , because today my net is just a mess. maybe the gateway of my city is something wrong, So did this will influence the 1password verity the Browser?

Thresh · March 2020

3086ms ThreadId(6) 1Password::api:1700 │ 3086ms │ failed to build certificate chain for [Version]
V3

[Subject]
CN=Google LLC, O=Google LLC, L=Mountain View, S=ca, C=US
Simple Name: Google LLC
DNS Name: Google LLC

[Issuer]
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Simple Name: DigiCert SHA2 Assured ID Code Signing CA
DNS Name: DigiCert SHA2 Assured ID Code Signing CA

[Serial Number]
0C15BE4A15BB0903C901B1D6C265302F

[Not Before]
2018/11/7 8:00:00

[Not After]
2021/11/17 20:00:00

[Thumbprint]
CB7E84887F3C6015FE7EDFB4F8F36DF7DC10590E

[Signature Algorithm]
sha256RSA(1.2.840.113549.1.1.11)

[Public Key]
Algorithm: RSA
Length: 2048
Key Blob: 30 82 01 0a 02 82 01 01 00 cd e6 e9 87 e5 b2 16 59 83 cc 80 94 f4 6e 14 45 99 99 cf 6b d3 64 e6 98 ac 6c e2 96 fa 2e 90 52 3f 31 d7 05 86 85 0f b2 6f 85 6c 31 71 08 ce d1 2b 12 e3 1c 7d 9d 60 5e 1f b5 b1 56 70 57 04 57 c7 2b 30 b5 82 4c a2 4b 3d 21 3d b0 6c f5 ee d5 a1 b7 a9 7f 75 47 1a 42 94 2a 6b 1e 51 9f e0 25 4c df 97 b3 03 ea d2 4c 58 79 00 ed d0 7b 52 65 a1 4e fb b7 e0 e9 64 9f 7c 9c 7c d6 cb d6 a0 73 9c 66 c2 b3 d8 48 20 bf 0f f6 ae a3 b5 b3 5e 33 e2 50 e1 87 85 a4 a4 1a d6 d0 2d e9 ce b8 ce b3 7c 82 69 bd 1e 06 05 bc 34 74 d1 d0 f8 03 33 70 1d b7 7c 09 50 51 ef c5 f9 b4 91 f1 92 b9 dd 08 4e 23 c1 fe 82 a4 cf 92 36 27 6e 82 63 8b f4 bf fa 28 ab 5f ef c9 71 e7 d2 c4 bb 04 64 de f6 6d 03 75 90 de b7 43 ed 06 1e 96 87 44 b7 58 08 6e ce b6 69 53 87 6a 72 db 2c 4d 79 76 39 a7 bc 75 02 03 01 00 01
Parameters: 05 00

[Extensions]

授权密钥标识符(2.5.29.35):
KeyID=5ac4b97b2a0aa3a5ea7103c060f92df665750e58
使用者密钥标识符(2.5.29.14):
d4d23859ff7b2d5200bba00093d9924935da2523
密钥用法(2.5.29.15):
Digital Signature (80)
增强型密钥用法(2.5.29.37):
代码签名 (1.3.6.1.5.5.7.3.3)
CRL 分发点(2.5.29.31):
[1]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl3.digicert.com/sha2-assured-cs-g1.crl
[2]CRL Distribution Point
Distribution Point Name:
Full Name:
URL=http://crl4.digicert.com/sha2-assured-cs-g1.crl
证书策略(2.5.29.32):
[1]Certificate Policy:
Policy Identifier=2.16.840.1.114412.3.1
[1,1]Policy Qualifier Info:
Policy Qualifier Id=CPS
Qualifier:
https://www.digicert.com/CPS
[2]Certificate Policy:
Policy Identifier=2.23.140.1.4.1
授权信息访问(1.3.6.1.5.5.7.1.1):
[1]Authority Info Access
Access Method=联机证书状态协议 (1.3.6.1.5.5.7.48.1)
Alternative Name:
URL=http://ocsp.digicert.com
[2]Authority Info Access
Access Method=证书颁发机构颁发者 (1.3.6.1.5.5.7.48.2)
Alternative Name:
URL=http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt
基本约束(2.5.29.19):
Subject Type=End Entity
Path Length Constraint=None

ag_ana · March 2020

Hi @Thresh!

This usually happen when Chrome is in the middle of an update. Can you please try fully quitting Chrome and relaunching it, and see if 1Password can connect successfully to it again?

Thresh · March 2020

@ag_ana Thanks,but it's not working. I tried to restart the computer and reopen the Chrome. not working~~ :'( :'( :'(
from yesterday to now I still try to clear what make this?
I DON'T install or uninstall any software, or change the setting of the OS, and I just backup some file to the portable disk. yesterday

So I don't know what make the 1password down?

today I even tried to resetting the Firewall and VMware Network Adapter.

so anything else can I do for it ? and in the processlist the nactive message trans from the Chrome to the 1password ,it called by the cmd and then called the 1password helper.exe. but killed in 1sec because .

AND THE LOG REPEAT

Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
E595092msThreadId(11)1Password::api:1706 │ 595092ms │ pipe error, 60 seconds before restart
System.ArgumentException: ID 为 3812 的进程当前未运行。
在 System.Diagnostics.Process.GetProcessById(Int32 processId, String machineName)
在 System.Diagnostics.Process.GetProcessById(Int32 processId)
在 AgileBits.OnePassword.NativeMessagingBrowserListener.Approve(NamedPipeServerStream pipe)
在 AgileBits.OnePassword.NativeMessagingBrowserListener.<>c__DisplayClass3_2.<Start>b__0()
E611061msThreadId(16)1Password::api:1706 │ 611061ms │ Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
E676393msThreadId(6)1Password::api:1706 │ 676393ms │ Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
E726717msThreadId(14)1Password::api:1706 │ 726717ms │ Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
E726717msThreadId(7)1Password::api:1706 │ 726717ms │ Refusing helper connection from "C:\Users\USERNAME\AppData\Local\Google\Chrome\Application\chrome.exe", because of untrusted certificate.
W726726msThreadId(7)1Password::api:1700 │ 726727ms │ failed to build certificate chain for [Version]
V3

Thresh · March 2020

is any port of network need I to check?
and anything else need I to notice???

Thresh · March 2020

by the way I doubt it not the question of the Chrome.

I installed Firefox 73.01 for whole new and just add the 1password helper(1Password-4.7.5.90.xpi)

it also was denied by the 1password~

MikeT · March 2020

Hi @Thresh,

Yes, in 1Password 7.3 for Windows, certificate check includes the entire chain of trust check (not something we wanted but it is done externally), which means it also goes up to the internet to verify it. I don't know which URL it is for Windows but if you check your logs, there should be a ping to the certificate site, I'm guessing http://ocsp.digicert.com.

This is something we've changed already in 1Password 7.4 betas, so it no longer needs to verify the whole chain, just the browser to ensure it had a valid signed certificate and it will also support them even if the signing key has expired, which doesn't invalidate the certificate.

If you'd like, you can try 1Password 7.4 beta and see if it works better for you.

Refusing helper connection from Chrome 80

Comments