Some users report that after updating their Operating System or Chrome browser to a more recent version, they have problems accessing some sites (often internal sites with self-signed certificates) and the browser shows an error of NET::ERR_CERT_INVALID.
NET::ERR_CERT_INVALID means that the certificate itself is so malformed that it’s not accepted at all– sometimes rejected by certificate logic in the underlying operating system or sometimes rejected by additional validity checks in Chrome. Common causes include malformed serial numbers (they should be 20 digits), Certificate versions (v1 certificates must not have extensions), policy constraints, SHA-1 (on OS X 10.3.3+), or validity date formatting (e.g. missing the seconds field in the ASN.1, or encoding using the wrong ASN.1 types).
Click the “NET::ERR_CERT_INVALID” text such that the certificate’s base64 PEM data appears. Copy/paste that text (up to the first –END CERTIFICATE–) into the box at https://crt.sh/lintcert and the tool will generate a list of errors that lead to this blocking in Chrome.
In most cases, the site will need to generate and install a properly-formatted certificate in order to resolve the error.