The NET::ERR_CERT_AUTHORITY_INVALID error typically occurs when your browser is unable to verify the legitimacy of a website’s SSL/TLS certificate. The certificate is important because it keeps your link to a website safe. In addition, it protects any sensitive data you send, such as user name, passwords and payment information.

This tutorial will explore the reasons behind the issue of the NET::ERR_CERT_AUTHORITY_INVALID error and possible ways to fix it.

Causes of NET::ERR_CERT_AUTHORITY_INVALID

How to Fix NET::ERR_CERT_AUTHORITY_INVALID

Conclusion

Causes of NET::ERR_CERT_AUTHORITY_INVALID

The error occurs when the browser fails to validate the SSL certificate. This certificate is issued by trusted Certificate Authorities (CAs) and makes sure the particular website you’re visiting is safe and authentic. If the certificate displays an untrusted source or lacks proper installation, the browser will show the NET::ERR_CERT_AUTHORITY_INVALID error as below:

Common causes of error are given below:

Expired SSL Certificates: An outdated SSL certificate affects a website’s accessibility. This is because certificates have expiration dates, which normally range between 1 and 2 years. Once they exceed that time, browsers can no longer consider them valid.

Self-Signed Certificates: If a certificate is self-signed and is not authorized by a Certification Authority, then browsers will not consider it valid and will flag it as unsafe.

Invalid SSL Certificate Configuration: This means that the proper configuration is missing or that intermediate certificates are missing, which can lead to an error.

Distrusted Certification Authorities: If the website’s certificate is issued and not from your browser’s trusted CA list, then this error code will show up.

System Time and Date Issues: If your personal computer fails to synchronize all times and dates, SSL certificates may appear to be invalid, raising error flags.

Cookies or Cached History: The browser may also have problems validating SSL certificates correctly due to corrupted cache and cookies.

Firewall or Antivirus Blocking: The Security Software (firewalls or antivirus programs) might invalidate an SSL certificate, which fails proper validation.

How to Fix NET::ERR_CERT_AUTHORITY_INVALID?

If you are a website owner or a regular user trying to access the website and face a NET::ERR_CERT_AUTHORITY_INVALID error, this guide will provide various solutions.:

Correct the Computer’s Date and Time

When the date and time of the system are wrong, the SSL certificates could fail because they might not match the expected validity range.

The solution is to navigate to Settings > Date & time. Make sure the time zone is set accurately alongside the date and time. If necessary, enable the Set time automatically option:

Clear Cookies And Browser Cache

The presence of corrupted or outdated cookies along with a cache can trigger SSL certificate validation errors.

To fix it, first, launch the browser such as Chrome, tap the three dots and choose Settings. Then, find Privacy and Security and click the Delete browsing data option. After that, select Browsing history, Cookies and other site data, as well as Cached images and files, and click on Delete data:

Use Incognito Mode

Using incognito mode may be beneficial if you are not able to access the website in a standard window. To open an incognito window, press Ctrl + Shift + N (Windows/Linux) or Cmd + Shift + N (Mac):

Updating Your Browser

Errors related to SSL certificates can occur from an old browser. The solution is to first visit the Settings of the browser. Then, look for Update and simply check for updates in the About Chrome section:

Note: If any updates are present, install them, then launch the browser again.

Temporarily Switch Off Firewall And Antivirus

Some security applications, such as antivirus programs or firewalls, may misidentify SSL certificate validation processes and block them. To determine if the problem is with the Windows firewall, try turning off the firewall or antivirus. Then, open the blocked website again.

For Windows, follow these instructions to temporarily disable antivirus and firewall:

Go to Settings > Privacy & Security > Windows Security. Then, select Virus & threat protection and hit Manage settings:

Finally, toggle Real-time protection to Off and click Yes to confirm:

If the issue is resolved, you may need to fine-tune your security software’s firewall configuration in detail.

Proceed Anyway (for Non-Critical Sites)

Self-signed certificates are untrusted and might use an encryption method that SSL certificates might ignore. In such cases, instead of trusting the untrustworthy website, you can simply bypass it.

While using Chrome, if you see a NET:: ERR_CERT_AUTHORITY_INVALID error, click on Advanced and then Proceed (unsafe). This option will let you use the website, but use it cautiously:

Add the Certificate into Trusted Authorities (For Self-Signed Certificates)

If you’re the website administrator or you have any contact with the website owner, you may need to add a self-signed certificate manually to your PC’s self-signed certificates list.

To proceed, click on the three-dot icon found in the right corner of the browser and open Settings. Then click the Manage certificates option under the Privacy and security section:

From here, navigate to the Your certificates section and open the Manage imported certificates from Windows:

 

The next step is to import the certificate on your system by pressing the Import button:

Check the SSL Certificate Configuration (For Website Owners)

As the website administrator, the SSL certificate is misconfigured. You can use tools like SSL Checker and verify that the SSL certificate is installed or not.

Ensure that the primary certificate and intermediate certificates are installed. Because, uninstalled intermediate certificates can create issues with trust. Let’s check the certificate info about linuxgenie website:

The above figure gives detailed information about the particular website, and you can make sure that intermediate certificates are already installed.

Ensure the SSL Certificate Is Not Expired (For Website Owners)

SSL certificates are important and key to a website, but they also have a limited lifespan. If you have expired SSL certificates, you will have to renew them.

To do so, use the SSL Labs’ SSL Test tool and verify the expiration date of your SSL certificate:

Note: You can always renew the certificate with your certificate authority.

Clear SSL State

Cached SSL certificates can also be the cause of this error. To resolve it, clear the SSL state by following the below instructions:

In Windows, clearing the SSL state means that you are going to remove cached SSL certificates. To do so, go to the Control Panel, select Network and Internet, click Internet Properties, and hit the Content tab. Finally, click the Clear SSL state button:

Switch to Another Device or Network

If previous solutions did not work, try accessing the particular website using a different network or device. For this, use a new Wi-Fi connection or mobile network and check if you can access the website. Moreover, access the particular website via another device. It helps identify any possible device-related problems.

Following the methods discussed in this blog will help you fix issues related to the NET::ERR_CERT_AUTHORITY_INVALID error.

Conclusion

The NET::ERR_CERT_AUTHORITY_INVALID error is associated with issues such as SSL certificate validation due to expired or self-signed certificates or untrusted authorities.

There are possible solutions available to suit various scenarios. If you encounter this while trying to access certain websites, try deleting your cache, verifying the device’s time settings, or temporarily disabling antivirus. If you own a website, make sure that your SSL certificate has been properly generated, renewed, and issued by a trusted authority.