This is a migrated thread and some comments may be shown as answers.

ERR_CERT_AUTHORITY_INVALID in Chrome

7 Answers 1656 Views
Windows
This is a migrated thread and some comments may be shown as answers.
This question is locked. New answers and comments are not allowed.
Tony
Top achievements
Rank 1
Tony asked on 29 Sep 2014, 11:10 PM
I was using Fiddler to trouble a website on localhost IIS using https (requires https) and now I can't connect to the website without Fiddler running. If I close Fiddler I get an error "Your connection is not private" (NET::ERR_CERT_AUTHORITY_INVALID). I don't know what changed. I thought I added I cert exception some while ago which enabled me to bypass the error.

7 Answers, 1 is accepted

Sort by
0
Eric Lawrence
Telerik team
answered on 30 Sep 2014, 02:16 PM
Hi, Tony--

If you're getting this error when Fiddler is not running, that means that your IIS server is using a certificate that Chrome doesn't trust.

How did you generate the certificate IIS is using?

Have you enabled Revocation Checks in Chrome?

Can you share the .CER file?

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
Tony
Top achievements
Rank 1
answered on 16 Oct 2014, 10:33 PM
I am using the IIS Express Development Certificate which is offered by IIS Manager when binding port 443. I can't find the option to enable revocation check. According to this web page, it's a checkbox. It's not showing in my Chrome. Maybe it has been removed.

https://scotthelme.co.uk/certificate-revocation-google-chrome/ 
0
Eric Lawrence
Telerik team
answered on 17 Oct 2014, 02:02 PM
Let's step back a bit-- If you open the site in IE without Fiddler running, do you get the red Certificate Error page saying that the Certificate Authority isn't trusted?

If so, you haven't configured Windows to trust your self-signed certificate. Use CertMgr.msc to do so.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
Tony
Top achievements
Rank 1
answered on 22 Oct 2014, 05:16 PM
It's not a trust issue. In IE and Firefox I tell them to trust the certificate and it's a "yeah I know what I am doing" scenario and I get the webpage. In Chrome, it says the cert is invalid. See the screen capture. Then I am stuck there. There's no option to move pass that and no option to force it to trust the cert. Why does it think the cert is invalid? The cert is the one that comes with Windows or IIS (IIS Express Development Certificate). I didn't create it. When Fiddler is running, the web page comes up without any warnings in Chrome. BTW, I am using the full IIS, not IIS Express.
0
Eric Lawrence
Telerik team
answered on 22 Oct 2014, 09:22 PM
Hello, Tony--

Let's step back a bit. What is the EXACT user-experience you get in Internet Explorer when visiting this page without Fiddler running?

Do you understand what HSTS is, and do you expect to see it required for your localhost site?

If you don't expect HSTS to be in use, visit chrome://net-internals/#hsts in your Chrome browser and remove the entry there for Localhost.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
0
Tony
Top achievements
Rank 1
answered on 22 Oct 2014, 11:32 PM
in IE it says the certificate is not issued by a trusted certificate authority. I have the option to continue. That's expected and I expect this in every browser.
Yes I need to use https with localhost. I used chrome://net-internals/#hsts (I didn't know about it) and there were several entries when I queried hsts for localhost so I deleted them. Went to localhost and now I get the warning AND a link to proceed which is good. The link wasn't there before. Now the site shows up when I click on the link. I am guessing an entry for localhost in HSTS made the the link not show up anymore... probably some kind of security block.

Thanks for your help.
0
Eric Lawrence
Telerik team
answered on 24 Oct 2014, 02:06 PM
Hello, Tony--

You can learn what HSTS is and why it caused your "Continue" link to disappear here: http://blogs.msdn.com/b/ieinternals/archive/2014/08/18/hsts-strict-transport-security-attacks-mitigations-deployment-https.aspx

Having said that, I'll reiterate that if you properly trusted your IIS root certificate in Windows' Trusted Root Certificate store, you wouldn't see any error pages at all, HSTS or no.

Regards,
Eric Lawrence
Telerik
 

Check out the Telerik Platform - the only platform that combines a rich set of UI tools with powerful cloud services to develop web, hybrid and native mobile apps.

 
Tags
Windows
Asked by
Tony
Top achievements
Rank 1
Answers by
Eric Lawrence
Telerik team
Tony
Top achievements
Rank 1
Share this question
or