Some users report that after updating their Operating System or Chrome browser to a more recent version, they have problems accessing some sites (often internal sites with self-signed certificates) and the browser shows an error of NET::ERR_CERT_INVALID.

NET::ERR_CERT_INVALID means that the certificate itself is so malformed that it’s not accepted at all– sometimes rejected by certificate logic in the underlying operating system or sometimes rejected by additional validity checks in Chrome. Common causes include malformed serial numbers (they should be 20 digits), Certificate versions (v1 certificates must not have extensions), policy constraints, SHA-1 (on OS X 10.3.3+), or validity date formatting (e.g. missing the seconds field in the ASN.1, or encoding using the wrong ASN.1 types).

Click the “NET::ERR_CERT_INVALID” text such that the certificate’s base64 PEM data appears. Copy/paste that text (up to the first –END CERTIFICATE–) into the box at and the tool will generate a list of errors that lead to this blocking in Chrome.


In most cases, the site will need to generate and install a properly-formatted certificate in order to resolve the error.



2 thoughts on “NET::ERR_CERT_INVALID error

  1. Larry says:

    Which Chrome platforms support ‘click NET::ERR_ tag’ to show the cert PEM blocks.
    I know it works on Windows and Chromebooks.
    How about Linux, Mac, Android, Pixel?


    • You can show the certificate info by clicking on the error code in all of the platforms you mentioned. (I don’t think it works on iOS.)


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s