Get Help with HTTPS problems

Sometimes, when you try to load a HTTPS address in Chrome, instead of the expected page, you get a scary warning, like this one:

image

Chrome has found a problem with the security of the connection and has blocked loading the page to protect your information.

In a lot of cases, if you’re just surfing around, the easiest thing to do is just find a different page to visit. But what happens if this happens on an important site that you really need to see? You shouldn’t just “click through” the error, because this could put your device or information at risk.

In some cases, clicking the ADVANCED link might explain more about the problem. For instance, in this example, the error message says that the site is sending the wrong certificate; you might try finding a different link to the site using your favorite search engine.

image

Or, in this case, Chrome explains that the certificate has expired, and asks you to verify that your computer clock’s Date and Time are set correctly:

image

You can see the specific error code in the middle of the text:

image

Some types of errors are a bit more confusing. For instance, NET::ERR_CERT_AUTHORITY_INVALID means that the site’s certificate didn’t come from a company that your computer is configured to trust.

image

Errors Everywhere?

What happens if you start encountering errors like this on every HTTPS page that you visit, even major sites like https://google.com?

In such cases, this often means that you have some software on your device or network that is interfering with your secure connections. Sometimes this software is well-meaning (e.g. anti-virus software, ad-blockers, parental control filters), and sometimes it’s malicious (adware, malware, etc). But even buggy well-meaning software can break your secure connections.

If you know what software is intercepting your traffic (e.g. your antivirus) consider updating it or contacting the vendor.

Getting Help

If you don’t know what to do, you may be able to get help in the Chrome Help Forum. When you ask for help, please include the following information:

  • The error code (e.g. NET::ERR_CERT_AUTHORITY_INVALID).
    • To help the right people find your issue, consider adding this to the title of your posting.
  • What version of Chrome you’re using. Visit chrome://version in your browser to see the version number
  • The type of device and network (e.g. “I’m using a laptop on wifi on my school’s network.”)
  • The error diagnostic information.

You can get diagnostic information by clicking or tapping directly on the text of the error code: image. When you do so, a bunch of new text will appear in the page:

image

You should select all of the text:

image

…then hit CTRL+C (or Command ⌘+C on Mac) to copy the text to your clipboard. You can then paste the text into your post. The “PEM encoded chain” information will allow engineers to see exactly what certificate the server sent to your computer, which might shed light on what specifically is interfering with your secure connections.

With any luck, we’ll be able to help you figure out how to surf securely again in no time!

 

-Eric

Get Help with HTTPS problems

34 thoughts on “Get Help with HTTPS problems

  1. H.Raseed says:

    NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
    Subject: *.google.com.sa
    Issuer: MS-NMSecurity
    Expires on: Jul 26, 2017
    Current date: May 17, 2017
    PEM encoded chain:
    —–BEGIN CERTIFICATE—–
    MIICgTCCAeqgAwIBAgIJAN/VkBC2ibcEMA0GCSqGSIb3DQEBBQUAMG0xFjAUBgNV
    BAoTDU1TLU5NU2VjdXJpdHkxEDAOBgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0
    YXRlIG9yIFByb3ZpZGVuY2UxCzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNl
    Y3VyaXR5MB4XDTE3MDUwMzA4NTg0M1oXDTE3MDcyNjA4NDIwMFowaTELMAkGA1UE
    BhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZp
    ZXcxEzARBgNVBAoTCkdvb2dsZSBJbmMxGDAWBgNVBAMUDyouZ29vZ2xlLmNvbS5z
    YTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2gQy8K+HCeMA/+NM2V+PBIzw
    CqU14ZHxFZ/MNjhtfTkyFuK06pt4v+RtcmHS85gAj32UjNKN/ULLmmhyQQ8JmGQq
    xa5l+7Q6lC583Lw/Wwwt/kGignNbi+FPafxvg817bYE7T8sX9rougYRn5KZG7+EI
    uoHQMb8O3w1WHvTV82kCAwEAAaMtMCswKQYDVR0RBCIwIIIPKi5nb29nbGUuY29t
    LnNhgg1nb29nbGUuY29tLnNhMA0GCSqGSIb3DQEBBQUAA4GBAJpm4xBYnjbuvckc
    d/BYRtFcMdP38zxntyihootwxAJV7eHRiwD01dUqDy4qZvsj8Wip5eLUk5eKkvDt
    KiAPjhIhsHMBPYCnPMmX4k5X6Xkwst+1ATV65tW1EiIHGRhLH81WwRInqqnMwmCQ
    qLPTyEMC2F5oCUikekjzn0TMpUxi
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    MIIDKzCCApSgAwIBAgIJAIWeqUgVaj9xMA0GCSqGSIb3DQEBBQUAMG0xFjAUBgNV
    BAoTDU1TLU5NU2VjdXJpdHkxEDAOBgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0
    YXRlIG9yIFByb3ZpZGVuY2UxCzAJBgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNl
    Y3VyaXR5MB4XDTE0MDIyNjE0MzQ0OVoXDTM0MDIyMTE0MzQ0OVowbTEWMBQGA1UE
    ChMNTVMtTk1TZWN1cml0eTEQMA4GA1UEBxMHTXkgVG93bjEcMBoGA1UECBMTU3Rh
    dGUgb3IgUHJvdmlkZW5jZTELMAkGA1UEBhMCVVMxFjAUBgNVBAMTDU1TLU5NU2Vj
    dXJpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKE31vM1/RfDSIvFfs/Q
    FUSFx33suY04CEb7lJzSVXw+SaVe0gNqr39UPY83EPWjETqiKdchmDpN+aXbdWQP
    Y5C3UQxyy2mRRR3SqWpDFqLhrs9Igrm/i02liJHkBm0EQUf0ybAI6+Q889bibluw
    OZV8bqEoubA5GCoJFD6wUBhNAgMBAAGjgdIwgc8wDAYDVR0TBAUwAwEB/zAdBgNV
    HQ4EFgQUBut04LCsUqaWjCR7sLjtCQWVg2gwgZ8GA1UdIwSBlzCBlIAUBut04LCs
    UqaWjCR7sLjtCQWVg2ihcaRvMG0xFjAUBgNVBAoTDU1TLU5NU2VjdXJpdHkxEDAO
    BgNVBAcTB015IFRvd24xHDAaBgNVBAgTE1N0YXRlIG9yIFByb3ZpZGVuY2UxCzAJ
    BgNVBAYTAlVTMRYwFAYDVQQDEw1NUy1OTVNlY3VyaXR5ggkAhZ6pSBVqP3EwDQYJ
    KoZIhvcNAQEFBQADgYEAJeqOcPiKzeS1Lu5XnPB2PqDS5D3V2Kx9OjXog5uG2krh
    bdJbGL0cPLVj+cUN5uGcTKY0T3Zk+6GoH1/pXs4TCbsopRoWYcIk0wW1dG3dMyhv
    KXGSS1dVXDW92NXTx/t/0U+Afphwz7LBy4tQOF+ZYaStdjVANrLk5bLaX5h0c/g=
    —–END CERTIFICATE—–

    Like

    1. This error message indicates that you have some software on your PC (using the name “MS-NMSecurity”) that is intercepting your HTTPS traffic. This is not known or common security software, and other users who have hit this have indicated the problem was removed after running an antivirus scanner that found malware.

      Like

  2. Sladja says:

    This is my “problem”, please help. :)
    NET::ERR_CERT_COMMON_NAME_INVALID
    Subject: http://www.google.com
    Issuer: GeoTrust_Global_CA
    Expires on: 31.10.2026.
    Current date: 29.05.2017.
    PEM encoded chain:
    —–BEGIN CERTIFICATE—–
    MIIDBzCCAnCgAwIBAgIQ7QkSHjufwodGzre/niKGmDANBgkqhkiG9w0BAQsFADBp
    MSUwIwYDVQQLExxJc3N1ZWQgYnkgR2VvVHJ1c3QgR2xvYmFsIENBMREwDwYDVQQK
    EwhHZW9UcnVzdDEtMCsGA1UEAx4kAEcAZQBvAFQAcgB1AHMAdABfAEcAbABvAGIA
    YQBsAF8AQwBBMB4XDTE1MTAzMTIzMDAwMFoXDTI2MTAzMTIyNTk1OVowUzElMCMG
    A1UECxMcSXNzdWVkIGJ5IEdlb1RydXN0IEdsb2JhbCBDQTERMA8GA1UEChMIR2Vv
    VHJ1c3QxFzAVBgNVBAMTDnd3dy5nb29nbGUuY29tMIGfMA0GCSqGSIb3DQEBAQUA
    A4GNADCBiQKBgQCJprRorCAyfffNTTyM1FIUE0ahJWnVRlf8WZ1mHrhfcrVf48yk
    QoEY1diJqs23/ZE5CRy+L23GL9hNajOYeUbt6V8mXYmbb+GqP5pEuIHfuIbysMt2
    eUmdEMbY7snsT8sGImvHSjErCOK1Kue6Au4zfeuRS0vws8uube+ZS0eKHQIDAQAB
    o4HFMIHCMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwEwgZwGA1Ud
    AQSBlDCBkYAQLFpmW4EFPFlKDnBcEFbgO6FrMGkxJTAjBgNVBAsTHElzc3VlZCBi
    eSBHZW9UcnVzdCBHbG9iYWwgQ0ExETAPBgNVBAoTCEdlb1RydXN0MS0wKwYDVQQD
    HiQARwBlAG8AVAByAHUAcwB0AF8ARwBsAG8AYgBhAGwAXwBDAEGCEPl/IlwlI1qv
    TRlzsH9cKgAwDQYJKoZIhvcNAQELBQADgYEAbfreCLfP8VGoTRRFMMPmTzTYt0fj
    0AVT88YXz9AfJQC5SYuYgKNLlX9vlQRYYTfP99XMkxk+dn5Vtmghh7IZWv22cYH0
    9wEPmVw0CzX42BygQ1YmuoxPqkl3Cgk0wQb4EpeBniEVf+nquCcN/0AxvOguCk2U
    6lGVqLS9ttrdtJk=
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    MIIDIzCCAoygAwIBAgIQ+X8iXCUjWq9NGXOwf1wqADANBgkqhkiG9w0BAQsFADBp
    MSUwIwYDVQQLExxJc3N1ZWQgYnkgR2VvVHJ1c3QgR2xvYmFsIENBMREwDwYDVQQK
    EwhHZW9UcnVzdDEtMCsGA1UEAx4kAEcAZQBvAFQAcgB1AHMAdABfAEcAbABvAGIA
    YQBsAF8AQwBBMB4XDTE1MTAzMTIzMDAwMFoXDTI2MTAzMTIyNTk1OVowaTElMCMG
    A1UECxMcSXNzdWVkIGJ5IEdlb1RydXN0IEdsb2JhbCBDQTERMA8GA1UEChMIR2Vv
    VHJ1c3QxLTArBgNVBAMeJABHAGUAbwBUAHIAdQBzAHQAXwBHAGwAbwBiAGEAbABf
    AEMAQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAowmQcIPBYFHxI/iNhZ5x
    tjK1fIOqVNXTBLFyJS8AS34fKQ3aslP3iJmXMgDa7eagD9MPtlELqCkq6YNnqfcD
    S0zh+B0T+kfx8gFHO54DfCI4PwsO8yle5sas3NfRvVOGrMZsZyX1Bkzf9/3Fg2CV
    tsTG5GvPVscQ0/y45HSJUgcCAwEAAaOByzCByDASBgNVHRMBAf8ECDAGAQH/AgEB
    MBMGA1UdJQQMMAoGCCsGAQUFBwMBMIGcBgNVHQEEgZQwgZGAECxaZluBBTxZSg5w
    XBBW4DuhazBpMSUwIwYDVQQLExxJc3N1ZWQgYnkgR2VvVHJ1c3QgR2xvYmFsIENB
    MREwDwYDVQQKEwhHZW9UcnVzdDEtMCsGA1UEAx4kAEcAZQBvAFQAcgB1AHMAdABf
    AEcAbABvAGIAYQBsAF8AQwBBghD5fyJcJSNar00Zc7B/XCoAMA0GCSqGSIb3DQEB
    CwUAA4GBAB6zg7v86ESBcpQaDsbrnXEmO/Lw4AUbyIXV/ajDM8KOegbj+dcLjtno
    ea76BkKCxz0Ls/fkHwYn0Cvwxv7ndQDpLD3y7c8V/AjYm+ZLT3sZ4Mh7nyoY1pP2
    mZeMAxzuJXAooao7AVFfwjSOV10cCH/ErV7DMV0SS76NcmtVBHAr
    —–END CERTIFICATE—–

    Like

    1. SLADJA– This looks like an attack to me. The certificate you’ve shared is valid for 11 years, meaning that it’s clearly fake. “GeoTrust Global CA” is a legitimate certificate authority, but your certificate comes from “GeoTrust_Global_CA” (note the underscores instead of spaces) which implies to me that this is a fake root certificate that is trying to evade your detection. No legitimate software would do this. Because you’re getting NET::ERR_CERT_COMMON_NAME_INVALID instead of an error about the root certificate not being trusted, this implies to me that malware has altered the certificate store of your computer to trust this fake root certificate. If that’s the case, bad guys can see all of your network traffic, even that which takes place over HTTPS.

      You should scan your computer for malware and if you’re not confident that it has been removed, I would probably reinstall the operating system to be sure it was clean.

      Like

    1. You should only see this if you are running a very outdated version of Chrome. Please try updating and of that doesn’t help, share the version number from the chrome://version page.

      Like

  3. Larry LaCaT says:

    Eric: Where can I find tools for inspecting the PEM encoded certs? I’ve been hand copying them into .cer files and viewing them from Windows. This works but is cumbersome. Can you (or someone you know) e-me or post some better tools? SSL Labs?

    Like

  4. Mary Beth Wimberley says:

    Using Chrome version 59.0.3071.109. I’m using a desktop at work, operating on windows 10, using wi-fi. Happens on virtually every single web page I try and has been going on for a month.

    NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
    Subject: *.clinton-county.org
    Issuer: Lavasoft Limited
    Expires on: Apr 1, 2018

    Like

    1. LavaSoft is a company that makes software that interferes with HTTPS traffic (see https://www.kb.cert.org/vuls/id/BLUU-9TWT2Y). To resolve the problems you are having reaching HTTPS sites, you should remove the software that uses LavaSoft certificates. This software likely goes by a number of names (e.g. “Ad-Aware Web Companion”) and should be listed in the Add/Remove Programs application of your system’s control panel.

      Like

  5. purushotam kumar says:

    this is my problem please help……………

    Attackers might be trying to steal your information from http://www.google.co.in (for example, passwords, messages or credit cards). NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM
    Subject: *.google.com
    Issuer: Google Internet Authority G2
    Expires on: 13 Sep 2017
    Current date: 28 Jun 2017
    PEM encoded chain:
    —–BEGIN CERTIFICATE—–
    MIIHijCCBnKgAwIBAgIII/5O0SkE+dEwDQYJKoZIhvcNAQELBQAwSTELMAkGA1UE
    BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
    cm5ldCBBdXRob3JpdHkgRzIwHhcNMTcwNjIxMTM1MjAwWhcNMTcwOTEzMTM1MjAw
    WjBmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
    TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEVMBMGA1UEAwwMKi5n
    b29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAfmAbmGJ/B5sfpnE
    6Jk3wIQ+tqLjKs0nz8NidhFicNRzy37DZzpIZo9W+yRfNfhUKkF2V0YBJDtCVlDo
    1A3sA6OCBSIwggUeMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNV
    HQ8EBAMCB4AwggPhBgNVHREEggPYMIID1IIMKi5nb29nbGUuY29tgg0qLmFuZHJv
    aWQuY29tghYqLmFwcGVuZ2luZS5nb29nbGUuY29tghIqLmNsb3VkLmdvb2dsZS5j
    b22CFCouZGI4MzM5NTMuZ29vZ2xlLmNuggYqLmcuY2+CDiouZ2NwLmd2dDIuY29t
    ghYqLmdvb2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUu
    Y2yCDiouZ29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28u
    dWuCDyouZ29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5j
    b20uYnKCDyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2ds
    ZS5jb20udHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xl
    LmVzggsqLmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdv
    b2dsZS5ubIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBp
    cy5jb22CDyouZ29vZ2xlYXBpcy5jboIUKi5nb29nbGVjb21tZXJjZS5jb22CESou
    Z29vZ2xldmlkZW8uY29tggwqLmdzdGF0aWMuY26CDSouZ3N0YXRpYy5jb22CCiou
    Z3Z0MS5jb22CCiouZ3Z0Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVy
    Y2hpbi5jb22CECoudXJsLmdvb2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5j
    b22CDSoueW91dHViZS5jb22CFioueW91dHViZWVkdWNhdGlvbi5jb22CByoueXQu
    YmWCCyoueXRpbWcuY29tghphbmRyb2lkLmNsaWVudHMuZ29vZ2xlLmNvbYILYW5k
    cm9pZC5jb22CG2RldmVsb3Blci5hbmRyb2lkLmdvb2dsZS5jboIcZGV2ZWxvcGVy
    cy5hbmRyb2lkLmdvb2dsZS5jboIEZy5jb4IGZ29vLmdsghRnb29nbGUtYW5hbHl0
    aWNzLmNvbYIKZ29vZ2xlLmNvbYISZ29vZ2xlY29tbWVyY2UuY29tghhzb3VyY2Uu
    YW5kcm9pZC5nb29nbGUuY26CCnVyY2hpbi5jb22CCnd3dy5nb28uZ2yCCHlvdXR1
    LmJlggt5b3V0dWJlLmNvbYIUeW91dHViZWVkdWNhdGlvbi5jb22CBXl0LmJlMGgG
    CCsGAQUFBwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29t
    L0dJQUcyLmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5j
    b20vb2NzcDAdBgNVHQ4EFgQU0zPQmWIDc0P8/bjZ/9XxsZO3yBwwDAYDVR0TAQH/
    BAIwADAfBgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAhBgNVHSAEGjAY
    MAwGCisGAQQB1nkCBQEwCAYGZ4EMAQICMDAGA1UdHwQpMCcwJaAjoCGGH2h0dHA6
    Ly9wa2kuZ29vZ2xlLmNvbS9HSUFHMi5jcmwwDQYJKoZIhvcNAQELBQADggEBADHI
    I/SBZRgV+8AZQapirQX2JIGcvkwgl7+cNabXk8O53eaQVfX+dXNKbTC4pgozG2/Q
    3XdHeSbdcEnvhMB9A+EMcC94WQ/v0PoYUd2kFgV7sKAjVcAhNXXjcpZh/UpQBiql
    ekrxrOr0ulIxibjxagodhyUGcCalGe7gNrQZ2LFVr6eeJsUXeis2MhExaPemmYan
    PtBsGog4EcSYq+3iLf1rpmJZ48ENoCAEn7TSn89Zi5shHYROWTPhuqaI1aWxEZ92
    86c4FgQQRR8RKheNfLX5nkJ/AznN+S43TnyfMGmB6cp1mCac2L/UT0u1yx/6lDn7
    vARZGK6oEDGXvgbU0Wc=
    —–END CERTIFICATE—–

    Like

    1. This shows that the server is sending the correct certificate (see https://crt.sh/?id=158683073), but your operating system is building up a trust chain back to a weak root instead of the proper root. This is most commonly seen on Linux systems where the system software is not up-to-date. Please install the Linux updates to resolve this issue.

      Like

      1. purushotam kumar says:

        Thanks a lot its working after updating all install software/lib in my linux system

        Like

  6. purushotam kumar says:

    One more question….
    How to update chrome stable version in linux, i have tried so many command but not working .currently in my system chrome Version 48.0.2564.116.
    how to update to new version?????

    Like

  7. purushotam kumar says:

    yes, i tried with chrome download page but it unsuccessful with error “incompatible with this linux system”.

    Like

    1. Larry LaCaT says:

      Kumar: FYI: 48.0.2564.116 was released 2/18/16. This predates the UI rework known as Material Design. You’re going to see quite a change at the user level. There have been some significant security additions too. You might want a backup incase the big leap forward doesn’t go smoothly at first.

      Like

    1. Larry LaCaT says:

      Gogita solved the Chrome Connection not private – Issuer: DO_NOT_TRUST_FiddlerRoot, bu doing a Win7 Internet Explorer reset and machine restart. Voila.. She posted the PEM blocks for Fiddler, prior to the reset. It’s the usual bogus 2 cert chain that dead ends at Fiddler. She also mentions the problem only affects google.com and gmail.com; facebook.com is OK.

      Do you have any insight as to how the Internet Explorer reset made Chrome healthy? The reset disables the IE add-ons, but we don’t know that there were any. It’s just as likely the Chrome failure was caused by a bad Win7 reload, that finally got healed as a side-effect of the IE reset.

      Like

      1. Most likely, when Internet Explorer was reset, it cleared the proxy settings that were pointing the browsers to the malicious proxy on the local PC that was using the FiddlerCore certificates.

        Like

  8. Workingman says:

    PEM encoded chain:
    —–BEGIN CERTIFICATE—–
    MIIENzCCAx+gAwIBAgIQSjWBeRZ0jdJ4inGLNZFzWzANBgkqhkiG9w0BAQsFADAY
    MRYwFAYDVQQDEw0xNzIuMTYuMTEwLjI5MB4XDTE3MDUxNjAwMDAwMFoXDTE4MDYy
    MjEyMDAwMFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzAR
    BgNVBAcTCk1lbmxvIFBhcmsxFzAVBgNVBAoTDkZhY2Vib29rLCBJbmMuMRcwFQYD
    VQQDDA4qLmZhY2Vib29rLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
    ggEBAMn/e/EDXVmmZgtj5RZ8jX1Z0psbBc6BO0JPVbCAY9vmN5OBEgmBbWGQude0
    Oz/oABplSM8CHZ86N63y4EzhX+95C7VCpqdhW6mJ2FZGI+FTYd5+mnoUJC5L0wag
    WuBE5niS3z89kAxkHUba8+Uf267uO934KqBTUDni9n5wqX5X/li0S5owwc0Ar25g
    IuNXL4Ag2m9vD1KFmeLR/yF371IOQEBuYIM8WKQ4mFKHup3peE83hq0ug9XJxjAL
    eJf0wdvKhJ6Sm313lW8G692ZO8Rd9dPq10GQevm/bM1LqZsq2SVYhVAxo9afrPSM
    S8FUV+hjBnVA/SQpByUW30uIQr8CAwEAAaOCASowggEmMB0GA1UdDgQWBBS4e9hh
    Wi5v4Mh9Zb0eQeIdA84lijCBxwYDVR0RBIG/MIG8gg4qLmZhY2Vib29rLmNvbYIO
    Ki54eC5mYmNkbi5uZXSCDioueHouZmJjZG4ubmV0ggxmYWNlYm9vay5jb22CCyou
    ZmJzYnguY29tgg4qLnh5LmZiY2RuLm5ldIIOKi5mYWNlYm9vay5uZXSCDyoubWVz
    c2VuZ2VyLmNvbYIIKi5mYi5jb22CBmZiLmNvbYILKi5mYmNkbi5uZXSCECoubS5m
    YWNlYm9vay5jb22CDW1lc3Nlbmdlci5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
    JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
    DQEBCwUAA4IBAQCc+NOpWR3ZWqenZ49ql1FHlsNe9j2/1bKA3BbuFliWj4bfrPKC
    pS/T5U6aG1Ul4j8aNjiFePObCYfPXon7zpC0hbXIMw7SJ2zNLtoyGBjWpbdOrNMu
    MhP7ejEkmKgyggWQgxnyiOD4LFZbzUgziYUl+3uDeUOJgiwqBvV4BguxznwEb3ZB
    W1/WxkglBST5YvdlJWFAJAlf3LA7HxNY9qfKWYrFywcYcZlCsNa2UcNoPpGs41Mv
    pGpxglWVcEcI2LUUqLgRfHLXvXauHTbR5jWZ353DPiZ86aNh5/hxZfnumvhXBOD8
    C88K+sjI1Dvv16a0kP5eCFqIMXzmlYFlhJwb
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    MIIC0DCCAbigAwIBAgIJAKOG3Pf+UDCaMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV
    BAMTDTE3Mi4xNi4xMTAuMjkwHhcNMTYwNzI1MjA1OTQ2WhcNMTcwNzI1MjA1OTQ2
    WjAYMRYwFAYDVQQDEw0xNzIuMTYuMTEwLjI5MIIBIjANBgkqhkiG9w0BAQEFAAOC
    AQ8AMIIBCgKCAQEAzglKK33cfOvqwe+B6czYLRxxvVHS4z/xrsFyyl037tZiYrGC
    fCi5D2rGzJPCmIe4eCTZPR4FItdltVVo6LxEmgA1zULCDoCRRYj3IOtsbgwchQmU
    FMScqjklY00rC6/dg9avvt/YkQxAj7QWbbHjbX7+OJLffyOX9YNW48vR/aQonMAX
    812bzCw+DINh+PtzGRrcDzRPHwhVaQgOteCMo1cus6KLpR1thTaKDhl6hTjpCoTD
    CLchh6dBk7aDPxDDP7hu6yH1uNdnUFa0pakf7JiGSJqs3c7Sdbu+qbGEdV/wgQ2U
    PLSso1i04RXDLbHWY6pp7QZvZKiw7K0HhgKqOwIDAQABox0wGzAMBgNVHRMEBTAD
    AQH/MAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAVtj2bBJ75m/yV70y
    9kmiM/4aU0C98smi7DyEBBcmMK8tbM2brbhfWVxV8vuFIeCaI1M0uCUkWQTLS6IN
    N/z8EfU6OKQib8RI1Xjw3TLD66iHFuHJHFIwWaYHSE3Tmt4Reey04Y6xHbkWhdt6
    KGu0wRzI64Wya3tCQoTErAnu10ELmE6Ad//SQ72fZzeubGIoABVuH6gGQ/YqnQr1
    NBq8SJY0rvvAU8szPwwVmmyjJi2XT+SXkb+PwvJwn0GmRIMe/lY9kz5YpY0yosRm
    BNnbfgmO0x0C1+Xnq6kHgneCCGOhub+U2mS+wbJfpe0P2m0deTrd1zJZRIVX1JKF
    2rbZnQ==
    —–END CERTIFICATE—–

    Like

    1. Workingman: This invalid certificate doesn’t even pretend to be from a valid certificate authority; it claims to be from “172.16.110.29”, which is a private IP address. This suggests that the network is either under (broken) administrative control or hostile (under attack). Based on your email address, I wonder whether this is a school PC running on a network where HTTPS interception software is deliberately installed for content-filtering purposes? If so, you’ll need to talk to the network administrator about installing the proper certificate.

      Like

      1. Workingman says:

        That Ip address is not even in my subnet or vlan. I ended up reloading the machine ( not due to that issue) and still have the same issue, There does not appear anyone else having this issue. I checked DHCP records and there is not a machine with that address in the last 2 weeks. My machine has a static assigned IP. Here is a log from the new reload. Here we love behind Palo Alto firewall /webfilter.

        PEM encoded chain:
        —–BEGIN CERTIFICATE—–
        MIIENzCCAx+gAwIBAgIQRUwrit6J5zB4inGLNZFzWzANBgkqhkiG9w0BAQsFADAY
        MRYwFAYDVQQDEw0xNzIuMTYuMTEwLjI5MB4XDTE3MDUxNjAwMDAwMFoXDTE4MDYy
        MjEyMDAwMFowaTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEzAR
        BgNVBAcTCk1lbmxvIFBhcmsxFzAVBgNVBAoTDkZhY2Vib29rLCBJbmMuMRcwFQYD
        VQQDDA4qLmZhY2Vib29rLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
        ggEBAOspqgab9QMG+j5mYxU8Bhfus0ipAg6AgrdRVADvhDMLyCF03jyTcVxUbMzI
        Tc66bVM25VhJj7uNPHcBo1pKpXsD6JfU/nG8/9bnQ7o1EdCuz5w3RH1K4l4fXTOg
        ViG4qJ5dDDRwhc+yF1Q4/GXfeVt9R4bMzhv7xxAfWHGQuIrZgu/Yehwvbo3Jy5U/
        QxMjpvhQ+X5jPr+KCa6b2Jbr5XviY1ZKKtHqaXKKtiOrKw54hOAY5uabyMYgI+/O
        qbWb2Fy9eqQbY+hTPHfmjsJr6dbyTR+puSBbvJaa9hNxqZJINxA0yUWWUQUClilI
        BqMcFieGOgjH9E2AHkWO5akl9+sCAwEAAaOCASowggEmMB0GA1UdDgQWBBS4e9hh
        Wi5v4Mh9Zb0eQeIdA84lijCBxwYDVR0RBIG/MIG8gg4qLmZhY2Vib29rLmNvbYIO
        Ki54eC5mYmNkbi5uZXSCDioueHouZmJjZG4ubmV0ggxmYWNlYm9vay5jb22CCyou
        ZmJzYnguY29tgg4qLnh5LmZiY2RuLm5ldIIOKi5mYWNlYm9vay5uZXSCDyoubWVz
        c2VuZ2VyLmNvbYIIKi5mYi5jb22CBmZiLmNvbYILKi5mYmNkbi5uZXSCECoubS5m
        YWNlYm9vay5jb22CDW1lc3Nlbmdlci5jb20wDgYDVR0PAQH/BAQDAgWgMB0GA1Ud
        JQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3
        DQEBCwUAA4IBAQCUzd8qHD2YIN7wWCLe4SFzC7s6pBeBoQBC6BnQUUNX981MscAd
        8neOVba+XqFHgdFeCc+muWahCry+eU9O+Wbjd56BSZXYIItHLIpjp5+TfOZSEPNr
        zquT0YSFTqHuUt/4XM+3tS5Drb6syWBVPoT2GVtgiuDLEhwnFBvcYKVKZzvDNaWo
        LFP1c4b/4IjGttKyTnGd6yYs/6oPIUhQDGnPWt2LE9FnLTkol8YJbomoUpfMxbrO
        Zs1hN2PlsuviSkWJOWmPSaOwEjKQ8PiA1/gatrhQT9csWoNzIaioHLpXNTavVPmI
        yQplghkZzRopbKcS5TI3+mwPlYpfvuQSqrHT
        —–END CERTIFICATE—–
        —–BEGIN CERTIFICATE—–
        MIIC0DCCAbigAwIBAgIJAKOG3Pf+UDCaMA0GCSqGSIb3DQEBCwUAMBgxFjAUBgNV
        BAMTDTE3Mi4xNi4xMTAuMjkwHhcNMTYwNzI1MjA1OTQ2WhcNMTcwNzI1MjA1OTQ2
        WjAYMRYwFAYDVQQDEw0xNzIuMTYuMTEwLjI5MIIBIjANBgkqhkiG9w0BAQEFAAOC
        AQ8AMIIBCgKCAQEAzglKK33cfOvqwe+B6czYLRxxvVHS4z/xrsFyyl037tZiYrGC
        fCi5D2rGzJPCmIe4eCTZPR4FItdltVVo6LxEmgA1zULCDoCRRYj3IOtsbgwchQmU
        FMScqjklY00rC6/dg9avvt/YkQxAj7QWbbHjbX7+OJLffyOX9YNW48vR/aQonMAX
        812bzCw+DINh+PtzGRrcDzRPHwhVaQgOteCMo1cus6KLpR1thTaKDhl6hTjpCoTD
        CLchh6dBk7aDPxDDP7hu6yH1uNdnUFa0pakf7JiGSJqs3c7Sdbu+qbGEdV/wgQ2U
        PLSso1i04RXDLbHWY6pp7QZvZKiw7K0HhgKqOwIDAQABox0wGzAMBgNVHRMEBTAD
        AQH/MAsGA1UdDwQEAwICBDANBgkqhkiG9w0BAQsFAAOCAQEAVtj2bBJ75m/yV70y
        9kmiM/4aU0C98smi7DyEBBcmMK8tbM2brbhfWVxV8vuFIeCaI1M0uCUkWQTLS6IN
        N/z8EfU6OKQib8RI1Xjw3TLD66iHFuHJHFIwWaYHSE3Tmt4Reey04Y6xHbkWhdt6
        KGu0wRzI64Wya3tCQoTErAnu10ELmE6Ad//SQ72fZzeubGIoABVuH6gGQ/YqnQr1
        NBq8SJY0rvvAU8szPwwVmmyjJi2XT+SXkb+PwvJwn0GmRIMe/lY9kz5YpY0yosRm
        BNnbfgmO0x0C1+Xnq6kHgneCCGOhub+U2mS+wbJfpe0P2m0deTrd1zJZRIVX1JKF
        2rbZnQ==
        —–END CERTIFICATE—–

        Like

      2. The “172.16.110.29” string isn’t bound to anything, they could make it say anything they want. I’m not sure exactly what “love behind Palo Alto firewall” means, but yes, firewalls are a common source of interception certificates. If other users on the network aren’t having problems, it suggests that their PCs have been configured to trust the interception certificate, or their computers’ traffic is not being intercepted. You should speak to the network administrator.

        Like

      3. Larry LaCaT says:

        And ‘behind Palo Alto firewall /webfilter’ – could be the source of the authentication problem.

        Just caught this at the bottom of your last post.

        Re: 172.16.*.* : is a reserved address block, used by many millions of independently operated networks, which might be as small as a single computer connected to a home gateway, and are automatically configured in hundreds of millions of devices. They are only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address.

        Like

  9. Thomas says:

    NET::ERR_CERT_AUTHORITY_INVALID
    Subject: chrome.google.com
    Issuer: Sophos SSL CA_C230764K629H441
    Expires on: 30 sept. 2020
    Current date: 17 août 2017
    PEM encoded chain:
    —–BEGIN CERTIFICATE—–
    MIIEUTCCAzmgAwIBAgIPAW5sLQtGzP498ITIdCxbMA0GCSqGSIb3DQEBCwUAMIGN
    MQswCQYDVQQGEwJHQjEUMBIGA1UECAwLT3hmb3Jkc2hpcmUxDzANBgNVBAoMBlNv
    cGhvczEMMAoGA1UECwwDTlNHMSYwJAYDVQQDDB1Tb3Bob3MgU1NMIENBX0MyMzA3
    NjRLNjI5SDQ0MTEhMB8GCSqGSIb3DQEJARYSc3VwcG9ydEBzb3Bob3MuY29tMB4X
    DTE3MDgxMDEyMzUxMVoXDTIwMDkzMDEyMzUxMVowHDEaMBgGA1UEAwwRY2hyb21l
    Lmdvb2dsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDa+hpm
    fHYNdVfwa5bqLpShlwkELHgLYPlzVmH4NyaG3pE+x7FaGetVar3QBejO9TCh3l9W
    LxEU398mWzRyuspVY1s+zab6/OtRV+cnhoduMafEZM7RHRUy7Jlv0hTMsnYyJEUC
    55YwlV4xraBI68RHvOgqc8whDHbiW9MZG6a0uvyXvkmEv0ZxV+0i+b9BVojuj1tt
    v9niGYFIqsB0Yxw4o4n0EE2hBUdDjVm2zQOZ9W9CQJXad0WVj4rAUk7/2ztW6RJg
    EmK2fIw35Wk6nsqBHGoC5IVhGuTkwJMHhFSq+rC54i8ZQr4Ge87nTe3t5UVO+M6Y
    MVGCaDRuHBbE1y8nAgMBAAGjggEcMIIBGDAMBgNVHRMBAf8EAjAAMIG6BgNVHSME
    gbIwga+AFOZtO1r7aJZ6pAbQyNMetVBE5nisoYGTpIGQMIGNMQswCQYDVQQGEwJH
    QjEUMBIGA1UECAwLT3hmb3Jkc2hpcmUxDzANBgNVBAoMBlNvcGhvczEMMAoGA1UE
    CwwDTlNHMSYwJAYDVQQDDB1Tb3Bob3MgU1NMIENBX0MyMzA3NjRLNjI5SDQ0MTEh
    MB8GCSqGSIb3DQEJARYSc3VwcG9ydEBzb3Bob3MuY29tggEBMC0GCWCGSAGG+EIB
    DQQgFh5HZW5lcmF0ZWQgYnkgU29waG9zIEhUVFAgUHJveHkwHAYDVR0RBBUwE4IR
    Y2hyb21lLmdvb2dsZS5jb20wDQYJKoZIhvcNAQELBQADggEBAJznXOGPfBvwsZOj
    w8pVee81DPGJhqiKDF7wk/HJmcd/NoP8CVjvZZknw4EY0poNYcxp+WcQ33ElnxcM
    mLrMimgRAwIYC5fG3CI3f7J9+VDItoLGgWxScbT7F4WLHFaCwddKXT1A4Meefdau
    Kakkxq3AV3UQRMvWO5FETBXaYuWO1auPNXPTi2MsWCj+SMu32dTwRJrzkCVpLbt+
    UlfpHndIYYc3Gjyj5f1o0lTG132GwydUtQbinl7US13Tq64lFFZO3ZGk7d8RebAf
    nKyMd6/GF3R9VEUy63fiEqsTZTGOiXWu1STiLZa3/HRmPu6yQy6zBrok/yDDA2fl
    VbnSmWs=
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    MIIEiTCCA3GgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBjTELMAkGA1UEBhMCR0Ix
    FDASBgNVBAgMC094Zm9yZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAKBgNVBAsM
    A05TRzEmMCQGA1UEAwwdU29waG9zIFNTTCBDQV9DMjMwNzY0SzYyOUg0NDExITAf
    BgkqhkiG9w0BCQEWEnN1cHBvcnRAc29waG9zLmNvbTAiGA8yMDE1MDgwMTAwMDAw
    MFoYDzIwMzYxMjMxMjM1OTU5WjCBjTELMAkGA1UEBhMCR0IxFDASBgNVBAgMC094
    Zm9yZHNoaXJlMQ8wDQYDVQQKDAZTb3Bob3MxDDAKBgNVBAsMA05TRzEmMCQGA1UE
    AwwdU29waG9zIFNTTCBDQV9DMjMwNzY0SzYyOUg0NDExITAfBgkqhkiG9w0BCQEW
    EnN1cHBvcnRAc29waG9zLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
    ggEBANr6GmZ8dg11V/BrluoulKGXCQQseAtg+XNWYfg3JobekT7HsVoZ61VqvdAF
    6M71MKHeX1YvERTf3yZbNHK6ylVjWz7Npvr861FX5yeGh24xp8RkztEdFTLsmW/S
    FMyydjIkRQLnljCVXjGtoEjrxEe86CpzzCEMduJb0xkbprS6/Je+SYS/RnFX7SL5
    v0FWiO6PW22/2eIZgUiqwHRjHDijifQQTaEFR0ONWbbNA5n1b0JAldp3RZWPisBS
    Tv/bO1bpEmASYrZ8jDflaTqeyoEcagLkhWEa5OTAkweEVKr6sLniLxlCvgZ7zudN
    7e3lRU74zpgxUYJoNG4cFsTXLycCAwEAAaOB7TCB6jAdBgNVHQ4EFgQU5m07Wvto
    lnqkBtDI0x61UETmeKwwgboGA1UdIwSBsjCBr4AU5m07WvtolnqkBtDI0x61UETm
    eKyhgZOkgZAwgY0xCzAJBgNVBAYTAkdCMRQwEgYDVQQIDAtPeGZvcmRzaGlyZTEP
    MA0GA1UECgwGU29waG9zMQwwCgYDVQQLDANOU0cxJjAkBgNVBAMMHVNvcGhvcyBT
    U0wgQ0FfQzIzMDc2NEs2MjlINDQxMSEwHwYJKoZIhvcNAQkBFhJzdXBwb3J0QHNv
    cGhvcy5jb22CAQEwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAC2QH
    hRBSGqq8RSdy7i/ad0Fwt1iec+hFqQaYp7Tt52j8dqd4qQVa2UCfxffLRrIHbw6F
    gTa5/kRG1k3/WIx2QM957whbTZHcRnyVFZrdFH69s4ji3oV/PXQAJG1m3kGckI3/
    gXP55QN6fYup5uxDWoEQuIvpORxbDIAmL7ezq5c44nyxSHGzTvoCtUUBakip28nx
    zXj4UbhWEmrzmatuKcFnjw0zlX5w1XVrsooeUez0OoR+vWy4EhXLa1PFeXPHBt7G
    fPfqpkfvcFsmnr6QWgYawjiN1PmpkV2Zjf/Ts+xHo3xQglDtkwxdsf2TKLN1Qmzv
    lRz7LIrI0z5mJ2B36w==
    —–END CERTIFICATE—–

    Like

    1. This issue is caused by a Sophos security product, either a local security product installed on your PC or a network-based device running Sophos content-filtering. If you have Sophos installed, you’ll either need to uninstall it or reinstall it. If you are on a managed network with a Sophos security product filtering at the network level, you’ll need to talk to the network administrator about installing the necessary certificate on your PC.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s