How do I deal with NET:ERR_CERT_AUTHORITY_INVALID in Chrome?

First thing's first:

DO NOT DO THE FOLLOWING IF YOU DO NOT TRUST THE CERTIFICATE ISSUER

Doing this allows a man-in-the-middle to see all of your communications. This fix should only be employed if you are in a situation which warrants it, not if you're sitting at a coffee shop and having problems connecting to things.

That said...

The first step is to acquire the certificate of the MITM.

To do so, click the little HTTPS lock and hit details:

Page details

Click "View Certificate" in the dialog that comes up.

Certificate details pane

Hit "Details" in the Certificate viewer and select the top certificate, which should be from an address other than the one you were trying to get to (see picture):

Certificate viewer

Then hit "Export" and save the certificate file.

Now, go to Settings → Advanced → Manage Certificates... → Authorities

Settings menu

And hit "Import". Select the certificate file you saved previously and hit all of the check boxes that appear, authorizing it to certify everything.

Manage certificates menu


I hope I'm not reviving this too late in the game, but I was looking for this answer and figured out how to make Richard's solution work with Chrome 59.0.3071.115 for the Mac.

  1. Load the page with the self-signed certificate that's causing Chrome to throw the error
  2. Hit the triple-horizontal-dots in the top right to get to More Tools > Developer Tools; click on the Security tab
  3. Click "View certificate"
  4. In the little window that pops up, there should be a picture of a certificate. Click/drag that to some location in Finder.
  5. Triple-horizontal-dots > Settings > Advanced > Manage certificates
  6. If the keychain is locked (lock in the top-left corner of the window that pops up), unlock it using your system password
  7. Select "login" under Keychains (on the top-left) and "Certificates" under Category (on the bottom-left)
  8. Click/drag the certificate that you downloaded over to the right side of the Keychain Access window
  9. Lock the lock at the top left of the Keychain Access window
  10. Close and re-open Chrome (make sure Chrome fully closed -- force quit if you need to)
  11. In Keychain, right-click your cert, "Get Info", "Trust" and "Always Trust" for SSL!

If you've just installed an SSL cert on your website after getting this error, you may need to restart Chrome. Easiest way is to go to chrome://restart so that it reopens all your tabs.

I was getting this error even though SSL Labs was telling me I had an A+ cert. Chrome was just being dumb and not refreshing properly.

Tags:

Ssl

Google Chrome

Certificate

Man In The Middle

Recent Posts