Chrome is now marking all certificates signed by Symantec as unsafe, and Firefox is scheduled to do so in the near future. It's not really that dangerous, though.
Firefox version 64, released today, now distrusts Symantec certificates by default, and messes up the Telltale site completely, even if you try to enter security exception overrides. I've been trying to figure out exactly what to enter to make it work right, but one thing that does work is to disable the distrust. To do that, go to about:config, click on the beware dialog if you get it, and change security.pki.distrust_ca_policy from 2 to 0. That allows the certificates to be trusted again, not only for Telltale, but everywhere. So keep that in mind. You may want to flip it back to 2 later if there's a better solution, or when Telltale takes down their site.
I found my earlier problem with the security exception overrides was that I needed to clear Firefox's cache, after which I could put in the overrides and view the site. However, it wouldn't let me log in without the aforementioned security.pki.distrust_ca_policy setting.
OK, I finally got it! Here are the instructions for people using the new version of Firefox but who do not want to set that configuration parameter.
First, delete the cache in Firefox. If you don't want to do that, you can try using Control-F5 to reload each of the pages below, which might work, but if it doesn't, delete the cache.
You need certificate overrides for three domains: telltale.com, www.telltale.com, and api.telltale.com. You get the first domain presented when you visit https://telltale.com. You get the www domain presented when you visit the community forums page.
To get the api domain, which is needed for password verification and probably some other things, you need to visit it directly:
For each of the domains, click on the Advanced settings and indicate you want to store an exception allowing this certificate to be used. Once you have all three, the site should work as normal. At least I haven't found anything else broken yet.
If you don't want to go through this trouble, the configuration option mentioned earlier is easier, but less safe in general, and there are no guarantees it will work in future versions of Firefox.
I found one more path needing to be visited and certificate trusted. If you don't, it looks like the only side effect is that some users' avatars won't be displayed.
Comments
I got that as well: https://telltale.com/community/discussion/122764/your-connection-is-not-private-i-need-help-guys#latest
Click advanced and proceed. Also, don't log out of your account on Chrome. You wont be able to log in afterwards.
Oh shit, really? Good to know.
yeah I had to learn the hard way. Now I have to use Microsoft edge
Chrome is now marking all certificates signed by Symantec as unsafe, and Firefox is scheduled to do so in the near future. It's not really that dangerous, though.
I switched to Microsoft edge to browse here for that reason. At least the OG forum font came back to me when I switched
Hmm, Firefox is not detecting that. That might be a security risk for FF
I don't have that problem using DuckDuckGo
Every school internet website ever be like
Management of this forum: "I have a plan...I just need more money"
i get that too usually if i load up from a free wifi hotspot
Firefox version 64, released today, now distrusts Symantec certificates by default, and messes up the Telltale site completely, even if you try to enter security exception overrides. I've been trying to figure out exactly what to enter to make it work right, but one thing that does work is to disable the distrust. To do that, go to about:config, click on the beware dialog if you get it, and change security.pki.distrust_ca_policy from 2 to 0. That allows the certificates to be trusted again, not only for Telltale, but everywhere. So keep that in mind. You may want to flip it back to 2 later if there's a better solution, or when Telltale takes down their site.
I found my earlier problem with the security exception overrides was that I needed to clear Firefox's cache, after which I could put in the overrides and view the site. However, it wouldn't let me log in without the aforementioned security.pki.distrust_ca_policy setting.
OK, I finally got it! Here are the instructions for people using the new version of Firefox but who do not want to set that configuration parameter.
First, delete the cache in Firefox. If you don't want to do that, you can try using Control-F5 to reload each of the pages below, which might work, but if it doesn't, delete the cache.
You need certificate overrides for three domains: telltale.com, www.telltale.com, and api.telltale.com. You get the first domain presented when you visit https://telltale.com. You get the www domain presented when you visit the community forums page.
To get the api domain, which is needed for password verification and probably some other things, you need to visit it directly:
https://api.telltale.com/
For each of the domains, click on the Advanced settings and indicate you want to store an exception allowing this certificate to be used. Once you have all three, the site should work as normal. At least I haven't found anything else broken yet.
If you don't want to go through this trouble, the configuration option mentioned earlier is easier, but less safe in general, and there are no guarantees it will work in future versions of Firefox.
I found one more path needing to be visited and certificate trusted. If you don't, it looks like the only side effect is that some users' avatars won't be displayed.
https://cdn.telltalegames.com/