What Does NET:ERR_CERT_AUTHORITY_INVALID Error Mean?
The NET:ERR_CERT_AUTHORITY_INVALID error in Google Chrome indicates that the certificate authority that issued a website’s SSL certificate is not trusted. This usually happens when the certificate is self-signed, expired, or issued by an authority not recognized by Chrome. While not inherently dangerous, this error prevents you from securely connecting to the website.
Fortunately, fixing the NET:ERR_CERT_AUTHORITY_INVALID error is usually straightforward. This guide will walk you through the most common solutions to resolve the invalid certificate authority error in Chrome. We’ll cover troubleshooting steps for both Windows and Mac operating systems.
By the end of this guide, you should have the knowledge to diagnose the cause of the invalid certificate error and the steps to fix it. With the right solution, you can once again browse the affected website securely with Chrome.
Troubleshooting the NET:ERR_CERT_AUTHORITY_INVALID Error
Before jumping into specific solutions, it helps to first troubleshoot and identify what exactly is causing the invalid certificate authority error. Here are some initial steps to investigate the error:
- Try visiting the website in another browser like Firefox or Edge. If the site loads normally, the issue is isolated to Chrome.
- Clear the browser cache and cookies in Chrome and attempt to reload the page. Sometimes temporary files can create issues with SSL certificates.
- Make sure your version of Chrome is up to date. Outdated browsers can fail to recognize newer certificate authorities.
- Check if your system clock and time zone are set correctly. Incorrect system time can make valid certificates appear expired.
- Try visiting the website from another network or device. This helps determine if the issue is network related.
- Inspect the site’s certificate details by clicking the “Not Secure” indicator. Check the issuer, validity dates and certificate path for any obvious errors.
Once you’ve investigated the error, you can better determine the appropriate fix. The most common solutions involve managing your browser trust settings, updating certificates, or implementing workarounds to bypass the warnings.
Step-by-Step Guide to Fix NET:ERR_CERT_AUTHORITY_INVALID Error on Windows
Here are step-by-step instructions to resolve the invalid certificate authority error in Chrome on a Windows system:
Solution 1: Install Root Certificate
If the affected site uses a self-signed certificate or one issued by a private certificate authority, you’ll need to install the root certificate in Windows.
- Obtain the website’s root certificate (CA) file. The site administrator can provide this.
- Double-click the certificate file to open the Certificate Import Wizard.
- Select “Local Machine” and click Next to install the certificate to the Windows certificate store.
- Complete the wizard to finish importing the root certificate.
Restart the Chrome browser and revisit the website. The NET:ERR_CERT_AUTHORITY_INVALID error should now be resolved.
Solution 2: Enable Insecure Site Access
Alternatively, you can bypass the invalid certificate error by enabling insecure site access in Chrome:
- Type chrome://flags/#allow-insecure-localhost into the address bar.
- Change the Enable setting to Enabled.
- Relaunch Chrome for the change to take effect.
- Access the site again – Chrome will display warnings but allow you to proceed.
Use this method only for trusted sites you want to temporarily allow with the invalid certificate.
Solution 3: Remove Problematic Certificate
If a particular root certificate is causing issues, you can remove it from Windows:
- Go to Start and type manage computer certificates.
- Open the management console and navigate to Trusted Root Certification Authorities > Certificates.
- Right-click the problematic certificate and select Delete.
- Confirm deletion of the certificate when prompted.
- Reopen Chrome and try loading the site again.
Removing the root certificate may resolve the invalid authority error if it was corrupt or misconfigured.
Step-by-Step Guide to Fix NET:ERR_CERT_AUTHORITY_INVALID on Mac
On Mac systems, here are some handy ways to troubleshoot the invalid certificate authority error:
Method 1: Re-add Website Exception
Chrome may fail to recognize a previously allowed website exception:
- Go to Chrome Settings > Privacy & Security.
- Click Manage Exceptions under the “Security” section.
- Ensure the problematic website is listed as an allowed exception. If not, add it.
- Reload the page – Chrome should now trust the certificate.
Method 2: Install Certificate
Similar to Windows, you can install the root certificate directly into macOS:
- Open Keychain Access and go to the System keychain.
- Drag the root certificate file onto the Keychain Access window.
- Enter your admin password to install the certificate.
- Restart Chrome and test the website again.
Method 3: Launch Chrome Without Certificate Checks
You can also start Chrome with certificate checking disabled:
- Quit Chrome if currently running.
- Open Terminal and enter:
``open /Applications/Google\ Chrome.app --args --ignore-certificate-errors`
- Press enter to launch Chrome, bypassing the invalid certificate error.
Final Thoughts
Fixing the NET:ERR_CERT_AUTHORITY_INVALID error in Chrome is usually a straightforward process once you determine the cause. Installing a new root certificate, allowing an exception, or removing a problematic certificate can quickly resolve certificate authority issues.
While bypassing invalid certificate warnings reduces security, it may be necessary as a temporary measure for certain trusted sites. Be very cautious of permissions when disabling Chrome’s certificate checks.
Following the step-by-step guide in this article, you should now have the knowledge to troubleshoot and fix the invalid certificate authority error. Just remember to think about security and only apply fixes to trusted sites.
Common NET:ERR_CERT_AUTHORITY_INVALID FAQs
Here are answers to some frequently asked questions about the NET:ERR_CERT_AUTHORITY_INVALID error:
What causes the invalid certificate authority error in Chrome?
This is most often caused by an untrusted root certificate, expired certificate, misconfigured website certificate, or blocked certificate authority. Outdated Chrome browsers can also fail to recognize newer CAs.
Is it safe to bypass the invalid certificate error?
It is not recommended to ignore the error for public websites, as doing so compromises security. Exceptions may be made for certain trusted private sites after verifying their certificates.
How do I trust a private or self-signed certificate in Chrome?
Install the root certificate into your OS trust store or browser exceptions. On Windows check Trusted Root Certification Authorities, on macOS use Keychain Access.
Why does Chrome not trust a certificate that is valid?
Even valid certificates will show errors if the issuing certificate authority is not in Chrome’s list of trusted CAs. This often happens with private CAs or CAs blocked by Chrome.
How do I re-enable a built-in Chrome certificate authority?
Go to Settings > Privacy & Security > Security > Manage Certificates. Re-enable any built-in authorities you want Chrome to trust again.
Can I delete or revoke a problem certificate from my browser?
Yes, you can remove specific site certificates or problematic root CAs through Chrome’s certificate manager. In Windows, use the certificate snap-in to remove distrusted certificates.
How can I inspect a certificate to troubleshoot issues?
Click the “Not Secure” warning in the address bar, then click “Certificate” to view details like validity dates, issuer, certificate path and more.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
