Get Help with HTTPS problems

Sometimes, when you try to load a HTTPS address in Chrome, instead of the expected page, you get a scary warning, like this one:

image

Chrome has found a problem with the security of the connection and has blocked loading the page to protect your information.

In a lot of cases, if you’re just surfing around, the easiest thing to do is just find a different page to visit. But what happens if this happens on an important site that you really need to see? You shouldn’t just “click through” the error, because this could put your device or information at risk.

In some cases, clicking the ADVANCED link might explain more about the problem. For instance, in this example, the error message says that the site is sending the wrong certificate; you might try finding a different link to the site using your favorite search engine.

image

Or, in this case, Chrome explains that the certificate has expired, and asks you to verify that your computer clock’s Date and Time are set correctly:

image

You can see the specific error code in the middle of the text:

image

Some types of errors are a bit more confusing. For instance, NET::ERR_CERT_AUTHORITY_INVALID means that the site’s certificate didn’t come from a company that your computer is configured to trust.

image

Errors Everywhere?

What happens if you start encountering errors like this on every HTTPS page that you visit, even major sites like https://google.com?

In such cases, this often means that you have some software on your device or network that is interfering with your secure connections. Sometimes this software is well-meaning (e.g. anti-virus software, ad-blockers, parental control filters), and sometimes it’s malicious (adware, malware, etc). But even buggy well-meaning software can break your secure connections.

If you know what software is intercepting your traffic (e.g. your antivirus) consider updating it or contacting the vendor.

Getting Help

If you don’t know what to do, you may be able to get help in the Chrome Help Forum. When you ask for help, please include the following information:

  • The error code (e.g. NET::ERR_CERT_AUTHORITY_INVALID).
    • To help the right people find your issue, consider adding this to the title of your posting.
  • What version of Chrome you’re using. Visit chrome://version in your browser to see the version number
  • The type of device and network (e.g. “I’m using a laptop on wifi on my school’s network.”)
  • The error diagnostic information.

You can get diagnostic information by clicking or tapping directly on the text of the error code: image. When you do so, a bunch of new text will appear in the page:

image

You should select all of the text:

image

…then hit CTRL+C (or Command ⌘+C on Mac) to copy the text to your clipboard. You can then paste the text into your post. The “PEM encoded chain” information will allow engineers to see exactly what certificate the server sent to your computer, which might shed light on what specifically is interfering with your secure connections.

With any luck, we’ll be able to help you figure out how to surf securely again in no time!

 

-Eric

Get Help with HTTPS problems

14 thoughts on “Get Help with HTTPS problems

  1. H.Raseed says:

    NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
    Subject: *.google.com.sa
    Issuer: MS-NMSecurity
    Expires on: Jul 26, 2017
    Current date: May 17, 2017
    PEM encoded chain:
    —–BEGIN CERTIFICATE—–
    MIICgTCCAeqgAwIBAgIJAN/VkBC2ibcEMA0GCSqGSIb3DQEBBQUAMG0xFjAUBgNV
    BAoTDU1TLU5NU2VjdXJpdHkxEDAOBgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0
    YXRlIG9yIFByb3ZpZGVuY2UxCzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNl
    Y3VyaXR5MB4XDTE3MDUwMzA4NTg0M1oXDTE3MDcyNjA4NDIwMFowaTELMAkGA1UE
    BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZp
    ZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGDAWBgNVBAMUDyouZ29vZ2xlLmNvbS5z
    YTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2gQy8K+HCeMA/+NM2V+PBIzw
    CqU14ZHxFZ/MNjhtfTkyFuK06pt4v+RtcmHS85gAj32UjNKN/ULLmmhyQQ8JmGQq
    xa5l+7Q6lC583Lw/Wwwt/kGignNbi+FPafxvg817bYE7T8sX9rougYRn5KZG7+EI
    uoHQMb8O3w1WHvTV82kCAwEAAaMtMCswKQYDVR0RBCIwIIIPKi5nb29nbGUuY29t
    LnNhgg1nb29nbGUuY29tLnNhMA0GCSqGSIb3DQEBBQUAA4GBAJpm4xBYnjbuvckc
    d/BYRtFcMdP38zxntyihootwxAJV7eHRiwD01dUqDy4qZvsj8Wip5eLUk5eKkvDt
    KiAPjhIhsHMBPYCnPMmX4k5X6Xkwst+1ATV65tW1EiIHGRhLH81WwRInqqnMwmCQ
    qLPTyEMC2F5oCUikekjzn0TMpUxi
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    MIIDKzCCApSgAwIBAgIJAIWeqUgVaj9xMA0GCSqGSIb3DQEBBQUAMG0xFjAUBgNV
    BAoTDU1TLU5NU2VjdXJpdHkxEDAOBgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0
    YXRlIG9yIFByb3ZpZGVuY2UxCzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNl
    Y3VyaXR5MB4XDTE0MDIyNjE0MzQ0OVoXDTM0MDIyMTE0MzQ0OVowbTEWMBQGA1UE
    ChMNTVMtTk1TZWN1cml0eTEQMA4GA1UEBxMHTXkgVG93bjEcMBoGA1UECBMTU3Rh
    dGUgb3IgUHJvdmlkZW5jZTELMAkGA1UEBhMCVVMxFjAUBgNVBAMTDU1TLU5NU2Vj
    dXJpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKE31vM1/RfDSIvFfs/Q
    FUSFx33suY04CEb7lJzSVXw+SaVe0gNqr39UPY83EPWjETqiKdchmDpN+aXbdWQP
    Y5C3UQxyy2mRRR3SqWpDFqLhrs9Igrm/i02liJHkBm0EQUf0ybAI6+Q889bibluw
    OZV8bqEoubA5GCoJFD6wUBhNAgMBAAGjgdIwgc8wDAYDVR0TBAUwAwEB/zAdBgNV
    HQ4EFgQUBut04LCsUqaWjCR7sLjtCQWVg2gwgZ8GA1UdIwSBlzCBlIAUBut04LCs
    UqaWjCR7sLjtCQWVg2ihcaRvMG0xFjAUBgNVBAoTDU1TLU5NU2VjdXJpdHkxEDAO
    BgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0YXRlIG9yIFByb3ZpZGVuY2UxCzAJ
    BgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNlY3VyaXR5ggkAhZ6pSBVqP3EwDQYJ
    KoZIhvcNAQEFBQADgYEAJeqOcPiKzeS1Lu5XnPB2PqDS5D3V2Kx9OjXog5uG2krh
    bdJbGL0cPLVj+cUN5uGcTKY0T3Zk+6GoH1/pXs4TCbsopRoWYcIk0wW1dG3dMyhv
    KXGSS1dVXDW92NXTx/t/0U+Afphwz7LBy4tQOF+ZYaStdjVANrLk5bLaX5h0c/g=
    —–END CERTIFICATE—–

    Like

    1. This error message indicates that you have some software on your PC (using the name “MS-NMSecurity”) that is intercepting your HTTPS traffic. This is not known or common security software, and other users who have hit this have indicated the problem was removed after running an antivirus scanner that found malware.

      Like

  2. Sladja says:

    This is my “problem”, please help. :)
    NET::ERR_CERT_COMMON_NAME_INVALID
    Subject: http://www.google.com
    Issuer: GeoTrust_Global_CA
    Expires on: 31.10.2026.
    Current date: 29.05.2017.
    PEM encoded chain:
    —–BEGIN CERTIFICATE—–
    MIIDBzCCAnCgAwIBAgIQ7QkSHjufwodGzre/niKGmDANBgkqhkiG9w0BAQsFADBp
    MSUwIwYDVQQLExxJc3N1ZWQgYnkgR2VvVHJ1c3QgR2xvYmFsIENBMREwDwYDVQQK
    EwhHZW9UcnVzdDEtMCsGA1UEAx4kAEcAZQBvAFQAcgB1AHMAdABfAEcAbABvAGIA
    YQBsAF8AQwBBMB4XDTE1MTAzMTIzMDAwMFoXDTI2MTAzMTIyNTk1OVowUzElMCMG
    A1UECxMcSXNzdWVkIGJ5IEdlb1RydXN0IEdsb2JhbCBDQTERMA8GA1UEChMIR2Vv
    VHJ1c3QxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA
    A4GNADCBiQKBgQCJprRorCAyfffNTTyM1FIUE0ahJWnVRlf8WZ1mHrhfcrVf48yk
    QoEY1diJqs23/ZE5CRy+L23GL9hNajOYeUbt6V8mXYmbb+GqP5pEuIHfuIbysMt2
    eUmdEMbY7snsT8sGImvHSjErCOK1Kue6Au4zfeuRS0vws8uube+ZS0eKHQIDAQAB
    o4HFMIHCMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwgZwGA1Ud
    AQSBlDCBkYAQLFpmW4EFPFlKDnBcEFbgO6FrMGkxJTAjBgNVBAsTHElzc3VlZCBi
    eSBHZW9UcnVzdCBHbG9iYWwgQ0ExETAPBgNVBAoTCEdlb1RydXN0MS0wKwYDVQQD
    HiQARwBlAG8AVAByAHUAcwB0AF8ARwBsAG8AYgBhAGwAXwBDAEGCEPl/IlwlI1qv
    TRlzsH9cKgAwDQYJKoZIhvcNAQELBQADgYEAbfreCLfP8VGoTRRFMMPmTzTYt0fj
    0AVT88YXz9AfJQC5SYuYgKNLlX9vlQRYYTfP99XMkxk+dn5Vtmghh7IZWv22cYH0
    9wEPmVw0CzX42BygQ1YmuoxPqkl3Cgk0wQb4EpeBniEVf+nquCcN/0AxvOguCk2U
    6lGVqLS9ttrdtJk=
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    MIIDIzCCAoygAwIBAgIQ+X8iXCUjWq9NGXOwf1wqADANBgkqhkiG9w0BAQsFADBp
    MSUwIwYDVQQLExxJc3N1ZWQgYnkgR2VvVHJ1c3QgR2xvYmFsIENBMREwDwYDVQQK
    EwhHZW9UcnVzdDEtMCsGA1UEAx4kAEcAZQBvAFQAcgB1AHMAdABfAEcAbABvAGIA
    YQBsAF8AQwBBMB4XDTE1MTAzMTIzMDAwMFoXDTI2MTAzMTIyNTk1OVowaTElMCMG
    A1UECxMcSXNzdWVkIGJ5IEdlb1RydXN0IEdsb2JhbCBDQTERMA8GA1UEChMIR2Vv
    VHJ1c3QxLTArBgNVBAMeJABHAGUAbwBUAHIAdQBzAHQAXwBHAGwAbwBiAGEAbABf
    AEMAQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAowmQcIPBYFHxI/iNhZ5x
    tjK1fIOqVNXTBLFyJS8AS34fKQ3aslP3iJmXMgDa7eagD9MPtlELqCkq6YNnqfcD
    S0zh+B0T+kfx8gFHO54DfCI4PwsO8yle5sas3NfRvVOGrMZsZyX1Bkzf9/3Fg2CV
    tsTG5GvPVscQ0/y45HSJUgcCAwEAAaOByzCByDASBgNVHRMBAf8ECDAGAQH/AgEB
    MBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGcBgNVHQEEgZQwgZGAECxaZluBBTxZSg5w
    XBBW4DuhazBpMSUwIwYDVQQLExxJc3N1ZWQgYnkgR2VvVHJ1c3QgR2xvYmFsIENB
    MREwDwYDVQQKEwhHZW9UcnVzdDEtMCsGA1UEAx4kAEcAZQBvAFQAcgB1AHMAdABf
    AEcAbABvAGIAYQBsAF8AQwBBghD5fyJcJSNar00Zc7B/XCoAMA0GCSqGSIb3DQEB
    CwUAA4GBAB6zg7v86ESBcpQaDsbrnXEmO/Lw4AUbyIXV/ajDM8KOegbj+dcLjtno
    ea76BkKCxz0Ls/fkHwYn0Cvwxv7ndQDpLD3y7c8V/AjYm+ZLT3sZ4Mh7nyoY1pP2
    mZeMAxzuJXAooao7AVFfwjSOV10cCH/ErV7DMV0SS76NcmtVBHAr
    —–END CERTIFICATE—–

    Like

    1. SLADJA– This looks like an attack to me. The certificate you’ve shared is valid for 11 years, meaning that it’s clearly fake. “GeoTrust Global CA” is a legitimate certificate authority, but your certificate comes from “GeoTrust_Global_CA” (note the underscores instead of spaces) which implies to me that this is a fake root certificate that is trying to evade your detection. No legitimate software would do this. Because you’re getting NET::ERR_CERT_COMMON_NAME_INVALID instead of an error about the root certificate not being trusted, this implies to me that malware has altered the certificate store of your computer to trust this fake root certificate. If that’s the case, bad guys can see all of your network traffic, even that which takes place over HTTPS.

      You should scan your computer for malware and if you’re not confident that it has been removed, I would probably reinstall the operating system to be sure it was clean.

      Like

    1. You should only see this if you are running a very outdated version of Chrome. Please try updating and of that doesn’t help, share the version number from the chrome://version page.

      Like

  3. Larry LaCaT says:

    Eric: Where can I find tools for inspecting the PEM encoded certs? I’ve been hand copying them into .cer files and viewing them from Windows. This works but is cumbersome. Can you (or someone you know) e-me or post some better tools? SSL Labs?

    Like

  4. Mary Beth Wimberley says:

    Using Chrome version 59.0.3071.109. I’m using a desktop at work, operating on windows 10, using wi-fi. Happens on virtually every single web page I try and has been going on for a month.

    NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
    Subject: *.clinton-county.org
    Issuer: Lavasoft Limited
    Expires on: Apr 1, 2018

    Like

    1. LavaSoft is a company that makes software that interferes with HTTPS traffic (see https://www.kb.cert.org/vuls/id/BLUU-9TWT2Y). To resolve the problems you are having reaching HTTPS sites, you should remove the software that uses LavaSoft certificates. This software likely goes by a number of names (e.g. “Ad-Aware Web Companion”) and should be listed in the Add/Remove Programs application of your system’s control panel.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s