Get Help with HTTPS problems

Sometimes, when you try to load a HTTPS address in Chrome, instead of the expected page, you get a scary warning, like this one:

image

Chrome has found a problem with the security of the connection and has blocked loading the page to protect your information.

In a lot of cases, if you’re just surfing around, the easiest thing to do is just find a different page to visit. But what happens if this happens on an important site that you really need to see? You shouldn’t just “click through” the error, because this could put your device or information at risk.

In some cases, clicking the ADVANCED link might explain more about the problem. For instance, in this example, the error message says that the site is sending the wrong certificate; you might try finding a different link to the site using your favorite search engine.

image

Or, in this case, Chrome explains that the certificate has expired, and asks you to verify that your computer clock’s Date and Time are set correctly:

image

You can see the specific error code in the middle of the text:

image

Some types of errors are a bit more confusing. For instance, NET::ERR_CERT_AUTHORITY_INVALID means that the site’s certificate didn’t come from a company that your computer is configured to trust.

image

Google Internet Authority G3?

If the root certificate is from Google Internet Authority G3, see this article.

Errors Everywhere?

What happens if you start encountering errors like this on every HTTPS page that you visit, even major sites like https://google.com?

In such cases, this often means that you have some software on your device or network that is interfering with your secure connections. Sometimes this software is well-meaning (e.g. anti-virus software, ad-blockers, parental control filters), and sometimes it’s malicious (adware, malware, etc). But even buggy well-meaning software can break your secure connections.

If you know what software is intercepting your traffic (e.g. your antivirus) consider updating it or contacting the vendor.

Getting Help

If you don’t know what to do, you may be able to get help in the Chrome Help Forum. When you ask for help, please include the following information:

  • The error code (e.g. NET::ERR_CERT_AUTHORITY_INVALID).
    • To help the right people find your issue, consider adding this to the title of your posting.
  • What version of Chrome you’re using. Visit chrome://version in your browser to see the version number
  • The type of device and network (e.g. “I’m using a laptop on wifi on my school’s network.”)
  • The error diagnostic information.

You can get diagnostic information by clicking or tapping directly on the text of the error code: image. When you do so, a bunch of new text will appear in the page:

image

You should select all of the text:

image

…then hit CTRL+C (or Command ⌘+C on Mac) to copy the text to your clipboard. You can then paste the text into your post. The “PEM encoded chain” information will allow engineers to see exactly what certificate the server sent to your computer, which might shed light on what specifically is interfering with your secure connections.

With any luck, we’ll be able to help you figure out how to surf securely again in no time!

 

-Eric

Published by ericlaw

Impatient optimist. Dad. Author/speaker. Created Fiddler & SlickRun. PM @ MSFT '01-'12, and '18-, presently working on Microsoft Edge. My words are my own.

131 thoughts on “Get Help with HTTPS problems

  1. NET::ERR_CERT_AUTHORITY_INVALID
    Subject: *.google.com
    Issuer: Google Internet Authority G3
    Expires on: Ago 26, 2018
    Current date: Jun 11, 2018

  2. NET::ERR_CERT_AUTHORITY_INVALID

    Subject: docs.google.com
    Issuer: Cisco Umbrella Secondary SubCA jnb-SG
    Expires on: Sep 25, 2018
    current date: Sep 22, 2018
    PEM encoded chain:

    1. “Cisco Umbrella” here indicates that the network administrator is performing a MITM attack on your computer. If you’re at work, talk to the IT department. If you’re on a guest Wifi hotspot try visiting a http page like neverssl.com to see if the network has a login page.

  3. NET::ERR_CERT_COMMON_NAME_INVALID
    Subject: K7WebProxyVerifyError-18-edistricts.tn.gov.in
    Issuer: K7 Web Proxy

    1. Your traffic is being intercepted by a Monster-in-the-Middle proxy, which looks to be from a school in India. If you’re on their network, you’ll need to talk to the administrator about installing their certificate.

    1. Yup, “Cisco Umbrella Secondary SubCA” means that your network administrator is intercepting HTTPS traffic using a Cisco traffic filtering device. You’ll need to talk to them about installing the correct certificate on your device and/or unblocking this site.

  4. Chrome, firefox or Edge I keep getting the damn NET::ERR_CERT_COMMON_NAME_INVALID error on sites like google.com, but not google.com.au . A fresh install makes it go away for a bit. I reinstall all my programs the same day and it still works, 2 days later every time it comes back though I have added no software in that time. It is driving me mad. Any help would be extremely appreciated. Details are

    NET::ERR_CERT_COMMON_NAME_INVALID
    Subject: http://www.google.com.au

    Issuer: DigiCert Global Root G1A

    Expires on: 23 Dec 2030

    Current date: 23 Dec 2020

    PEM encoded chain:
    —–BEGIN CERTIFICATE—–
    MIIDfjCCAmagAwIBAgIQYbpR61Scfb5AvWLIabFHRjANBgkqhkiG9w0BAQsFADAj
    MSEwHwYDVQQDDBhEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMUEwHhcNMTkxMjIzMDE0
    OTQxWhcNMzAxMjIzMTI0OTQxWjAcMRowGAYDVQQDDBF3d3cuZ29vZ2xlLmNvbS5h
    dTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANetId+bMuGcMmZQFAjl
    wZtY7tvOOwzygtxplWm/h6J7cMipl/SwiDU8DXewP98LGbnV5JOijwMdPVq2U0eY
    BYlvNRodOrLYS2RoVqBGRfF9UoE3s65CX4ovWcG9xG8xglWm1ihqO57Aej3Ufui8
    //fur0/U49OzDvlZR2YoKhNNDb/X0zB0eHWCvjdGgGeSIAedmaY7s1GI9xA4LLk8
    uiyfPH5psMFsP5ZDusw6XjA42jbckGP4xLvfsj2L0dt13YUJlDmqVf10k1HS5OQB
    3E/ul6rcdiKfmwtCa6RZvT1qQ/VMX3X8XF/InQHtIIHqD/FD9txpFGYaVKaTCkZ6
    hbkCAwEAAaOBtDCBsTATBgNVHSUEDDAKBggrBgEFBQcDATAMBgNVHRMBAf8EAjAA
    MA4GA1UdDwEB/wQEAwIFoDA8BgNVHREENTAzghF3d3cuZ29vZ2xlLmNvbS5hdYIP
    Ki5nb29nbGUuY29tLmF1gg1nb29nbGUuY29tLmF1MB8GA1UdIwQYMBaAFKDf8cTp
    rtcL56JxFWhPhLGXmdlyMB0GA1UdDgQWBBSiLOzrTcYzG3oUWEka3WbtmeW/GTAN
    BgkqhkiG9w0BAQsFAAOCAQEAlsAWjrJy5nI4Y9UOUSDdtyRtf06vNqj3//Q2oECp
    qUNwUIv53YOtF6YMsQpZjC1Lg+yfuobkia80fbrKd0CoQaUlEeQWySz4il+p4fy5
    JRV+gHK3My7Ox1y1KF/F/GRPDgGcf6H1DA/Sp+0oNd9dH6047pFKedzKJsnRi+1v
    CRLv5fssnZ7q1N+Hr4VL1cNBi+Em0aSnQ8ufrj5fd0wKs3H3gMzhot9fNpPTIeUw
    Mp4Zysv58CdaKpA0/HHp0VFOiqFsbfkKkxRBvFY/fjV+9d/OrQ9ODyw3K/mTjkQs
    cQDq3DzopUGRzng9kBCCUNX2ZH1T89R7A3LuDfCPaIbuqQ==
    —–END CERTIFICATE—–
    —–BEGIN CERTIFICATE—–
    MIIDEjCCAfqgAwIBAgIQG4sbGVbB8pBHa8hjTM5+mTANBgkqhkiG9w0BAQsFADAj
    MSEwHwYDVQQDDBhEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMUEwHhcNMTkxMjIzMDE0
    OTM3WhcNMzAxMjIzMTI0OTM3WjAjMSEwHwYDVQQDDBhEaWdpQ2VydCBHbG9iYWwg
    Um9vdCBHMUEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIuthRYV8K
    eYw2MI1BpQUBqZSDSxMiJ90RpubrNxuckeRoA7oMRKSmlCHGw9Y8ke98417e5vLk
    /sDmkiBCKVNTSjK92lQlJvmAV5cvMdN/F89c/Du8uT8L71OYnAoqvMbX8bf2I+2n
    4LiKwbZRHo7Jhb+9gkI4HlVjt1k+QOPYfmhW0FeGr0FfFIKWIoDLtdKzGw/ugMJM
    r6V/Y9w5GMiWkTuxkDgumE8Bl3O3nH0u0Pr9kdnjqnoCrQCvMvuGvGcFG6WqHHs3
    cucidQy07C6ROl62DzU3ekQAWJgn/M8eznLbZcnkbE8OBA9x887ZoDyduaJjRO51
    P3EWKVqhFTM5AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD
    AgGGMB0GA1UdDgQWBBSg3/HE6a7XC+eicRVoT4Sxl5nZcjANBgkqhkiG9w0BAQsF
    AAOCAQEAYao3xWpDuPNBZxucrIdIFLWSUWthdI1YGTlx3diapWWGAvPHwnrNLNsC
    CCEq9TJGpOAhiMK/nZ2H0K2eR++t33Y0LD3SmoEvMNAS9EAJKx12UoAq6U+NIddh
    nYjMo+M59IiJ0J4T5WpG7aBJC2DpdSli8JqLE9V0piv74BAAyyXbGhVmnECsO3PI
    Lf8A41Jc2vb7SJOflPTsGfKLsL2TexkkkkXJUwx9/tU8cXzwx/2zzxdW4c1zOq0q
    essjl9Sf1dFWETM0LXheHoz3ok6vCA7YLma1aHqfgTwJ6lupCrwQcAL4cCXB7636
    S+XVXY75c6xuC5CNGHaPVWBuPGL8Xg==
    —–END CERTIFICATE—–

    1. No legitimate certificate authority issues website certificates valid for ten years, and the “Digicert” root listed here does not appear to be a legitimate certificate. It seems very likely that either your PC is infected with malware, or there’s an attacker on your network who is performing MITM attacks on the traffic that passes through it.

Leave a Reply to pablo Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: