ERR_CERT_AUTHORITY_INVALID in Chrome

Thread is closed for posting
9 posts, 0 answers
  1. Tony
    Tony avatar
    18 posts
    Member since:
    Sep 2014

    Posted 29 Sep 2014 Link to this post

    I was using Fiddler to trouble a website on localhost IIS using https (requires https) and now I can't connect to the website without Fiddler running. If I close Fiddler I get an error "Your connection is not private" (NET::ERR_CERT_AUTHORITY_INVALID). I don't know what changed. I thought I added I cert exception some while ago which enabled me to bypass the error.

  2. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 30 Sep 2014 Link to this post

    Hi, Tony--

    If you're getting this error when Fiddler is not running, that means that your IIS server is using a certificate that Chrome doesn't trust.

    How did you generate the certificate IIS is using?

    Have you enabled Revocation Checks in Chrome?

    Can you share the .CER file?

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  3. Tony
    Tony avatar
    18 posts
    Member since:
    Sep 2014

    Posted 16 Oct 2014 in reply to Eric Lawrence Link to this post

    I am using the IIS Express Development Certificate which is offered by IIS Manager when binding port 443. I can't find the option to enable revocation check. According to this web page, it's a checkbox. It's not showing in my Chrome. Maybe it has been removed.

    https://scotthelme.co.uk/certificate-revocation-google-chrome/ 
  4. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 17 Oct 2014 Link to this post

    Let's step back a bit-- If you open the site in IE without Fiddler running, do you get the red Certificate Error page saying that the Certificate Authority isn't trusted?

    If so, you haven't configured Windows to trust your self-signed certificate. Use CertMgr.msc to do so.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  5. Tony
    Tony avatar
    18 posts
    Member since:
    Sep 2014

    Posted 22 Oct 2014 in reply to Eric Lawrence Link to this post

    It's not a trust issue. In IE and Firefox I tell them to trust the certificate and it's a "yeah I know what I am doing" scenario and I get the webpage. In Chrome, it says the cert is invalid. See the screen capture. Then I am stuck there. There's no option to move pass that and no option to force it to trust the cert. Why does it think the cert is invalid? The cert is the one that comes with Windows or IIS (IIS Express Development Certificate). I didn't create it. When Fiddler is running, the web page comes up without any warnings in Chrome. BTW, I am using the full IIS, not IIS Express.
  6. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 22 Oct 2014 Link to this post

    Hello, Tony--

    Let's step back a bit. What is the EXACT user-experience you get in Internet Explorer when visiting this page without Fiddler running?

    Do you understand what HSTS is, and do you expect to see it required for your localhost site?

    If you don't expect HSTS to be in use, visit chrome://net-internals/#hsts in your Chrome browser and remove the entry there for Localhost.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  7. Tony
    Tony avatar
    18 posts
    Member since:
    Sep 2014

    Posted 22 Oct 2014 in reply to Eric Lawrence Link to this post

    in IE it says the certificate is not issued by a trusted certificate authority. I have the option to continue. That's expected and I expect this in every browser.
    Yes I need to use https with localhost. I used chrome://net-internals/#hsts (I didn't know about it) and there were several entries when I queried hsts for localhost so I deleted them. Went to localhost and now I get the warning AND a link to proceed which is good. The link wasn't there before. Now the site shows up when I click on the link. I am guessing an entry for localhost in HSTS made the the link not show up anymore... probably some kind of security block.

    Thanks for your help.
  8. Eric Lawrence
    Admin
    Eric Lawrence avatar
    833 posts

    Posted 24 Oct 2014 Link to this post

    Hello, Tony--

    You can learn what HSTS is and why it caused your "Continue" link to disappear here: http://blogs.msdn.com/b/ieinternals/archive/2014/08/18/hsts-strict-transport-security-attacks-mitigations-deployment-https.aspx

    Having said that, I'll reiterate that if you properly trusted your IIS root certificate in Windows' Trusted Root Certificate store, you wouldn't see any error pages at all, HSTS or no.

    Regards,
    Eric Lawrence
    Telerik
     

    Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

     
  9. Toreno
    Toreno avatar
    0 posts
    Member since:
    Mar 2015

    Posted 28 Mar 2015 in reply to Tony Link to this post

    el problema no es un virus en mi caso tenia el error  NET::ERR_CERT_AUTHORITY_INVALID

    instale algo y me percate que era algo raro porque de pronto no me dejaba entrar a  google.com facebook.com youtube.com
    pase Avast y un SUPERAntiSpyware y nada

    para mi sorpresa el programa que instale MODIFICO mi   " etc.ini "

    C:\Windows\System32\drivers\etc

    lo abri  y vi muchas web importantes redireccionado a otra IP( las web a las que no podia entrar)
    lo que no es normal
    la solucion era simple
    borre todos los redireccionamientos y listo ya no tenia ese error
Back to Top