Sometimes, when you try to load a HTTPS address in Chrome, instead of the expected page, you get a scary warning, like this one:
Chrome has found a problem with the security of the connection and has blocked loading the page to protect your information.
In a lot of cases, if you’re just surfing around, the easiest thing to do is just find a different page to visit. But what happens if this happens on an important site that you really need to see? You shouldn’t just “click through” the error, because this could put your device or information at risk.
In some cases, clicking the ADVANCED link might explain more about the problem. For instance, in this example, the error message says that the site is sending the wrong certificate; you might try finding a different link to the site using your favorite search engine.
Or, in this case, Chrome explains that the certificate has expired, and asks you to verify that your computer clock’s Date and Time are set correctly:
You can see the specific error code in the middle of the text:
Some types of errors are a bit more confusing. For instance, NET::ERR_CERT_AUTHORITY_INVALID means that the site’s certificate didn’t come from a company that your computer is configured to trust.
Google Internet Authority G3?
If the root certificate is from Google Internet Authority G3, see this article.
What happens if you start encountering errors like this on every HTTPS page that you visit, even major sites like https://google.com?
In such cases, this often means that you have some software on your device or network that is interfering with your secure connections. Sometimes this software is well-meaning (e.g. anti-virus software, ad-blockers, parental control filters), and sometimes it’s malicious (adware, malware, etc). But even buggy well-meaning software can break your secure connections.
If you know what software is intercepting your traffic (e.g. your antivirus) consider updating it or contacting the vendor.
If you don’t know what to do, you may be able to get help in the Chrome Help Forum. When you ask for help, please include the following information:
- The error code (e.g. NET::ERR_CERT_AUTHORITY_INVALID).
- To help the right people find your issue, consider adding this to the title of your posting.
- What version of Chrome you’re using. Visit chrome://version in your browser to see the version number
- The type of device and network (e.g. “I’m using a laptop on wifi on my school’s network.”)
- The error diagnostic information.
You can get diagnostic information by clicking or tapping directly on the text of the error code: . When you do so, a bunch of new text will appear in the page:
You should select all of the text:
…then hit CTRL+C (or Command ⌘+C on Mac) to copy the text to your clipboard. You can then paste the text into your post. The “PEM encoded chain” information will allow engineers to see exactly what certificate the server sent to your computer, which might shed light on what specifically is interfering with your secure connections.
With any luck, we’ll be able to help you figure out how to surf securely again in no time!
133 thoughts on “Get Help with HTTPS problems”
Issuer: Google Internet Authority G3
Expires on: Ago 26, 2018
Current date: Jun 11, 2018
Please see https://textslashplain.com/2017/10/23/google-internet-authority-g3/
Issuer: Cisco Umbrella Secondary SubCA jnb-SG
Expires on: Sep 25, 2018
current date: Sep 22, 2018
PEM encoded chain:
“Cisco Umbrella” here indicates that the network administrator is performing a MITM attack on your computer. If you’re at work, talk to the IT department. If you’re on a guest Wifi hotspot try visiting a http page like neverssl.com to see if the network has a login page.
Issuer: K7 Web Proxy
Your traffic is being intercepted by a Monster-in-the-Middle proxy, which looks to be from a school in India. If you’re on their network, you’ll need to talk to the administrator about installing their certificate.
Issuer: Cisco Umbrella Secondary SubCA yvr-SG
Expires on: Jun 30, 2019
Current date: Jun 27, 2019
Yup, “Cisco Umbrella Secondary SubCA” means that your network administrator is intercepting HTTPS traffic using a Cisco traffic filtering device. You’ll need to talk to them about installing the correct certificate on your device and/or unblocking this site.
Chrome, firefox or Edge I keep getting the damn NET::ERR_CERT_COMMON_NAME_INVALID error on sites like google.com, but not google.com.au . A fresh install makes it go away for a bit. I reinstall all my programs the same day and it still works, 2 days later every time it comes back though I have added no software in that time. It is driving me mad. Any help would be extremely appreciated. Details are
Issuer: DigiCert Global Root G1A
Expires on: 23 Dec 2030
Current date: 23 Dec 2020
PEM encoded chain:
No legitimate certificate authority issues website certificates valid for ten years, and the “Digicert” root listed here does not appear to be a legitimate certificate. It seems very likely that either your PC is infected with malware, or there’s an attacker on your network who is performing MITM attacks on the traffic that passes through it.
All of our applications using the domain (lulaloop.co.za) are not working if we’re using a certain wifi network at the office. What could be the issue? Any help would be appreciated.
Issuer: Cisco Umbrella Secondary SubCA jnb-SG
The Wifi Network in question is intercepting your network traffic, either for security scanning or because it’s a “Captive Portal” where you have to accept the terms to use the network before you’re allowed to use it. You can tell this because “Cisco Umbrella” is the network device that has this feature and which is doing this to your traffic.
Is it only happening for that domain, or is it happening for all domains. If it’s only that domain, then your network device is probably blocking traffic to that site because either it thinks it’s dangerous or your network admin has decided to block it for whatever reason.
If it happens on ALL HTTPS sites, it’s probably a captive portal. Simply visiting a HTTP page (try http://neverssl.com) should redirect you to the page on the device that will let you use the network.
If it’s not a captive portal and happening on ALL sites, it is decrypting your secure traffic to scan it for viruses or whatever, so you’ll need to talk to the network admin about installing the certificate from the device onto your client browser.
I wrote about Captive Portals here: https://textslashplain.com/2022/06/24/captive-portals/