PDF download Download Article
How to fix SSL certificate errors as a user or as an administrator
PDF download Download Article

SSL certificates are special files used to encrypt connections to remote servers like websites. An SSL certificate error can occur if your web browser has a problem validating a certificate. If you get an SSL certificate error when visiting a website, there are a few things you can do to bypass it, including setting the date and time correctly, adding the website to a trusted list, and clearing cache and cookies. If you administer a website that's generating an SSL error, you'll need to resolve the issue on your server.

Fixing SSL Certificate Errors

  1. Make sure your computer's date and time are correct.
  2. Add the website to the list of trusted sites.
  3. Disable certificate revocation checks.
  4. Clear your SSL state.
  5. Clear your web browser's cache.
  6. Restore your web browser to its default settings.
  7. Contact the website administrator.
Method 1
Method 1 of 3:

On Windows

PDF download Download Article
  1. The errors look different on each web browser, but you can often figure out whether the certificate error is on your end (the computer you're using) or on the server's end if you can decipher the error message. If the problem is with the website, it must be fixed by the website administrator . If you see any of the following errors, the problem is with the website, not your computer:
    • NET::ERR_CERT_AUTHORITY_INVALID
    • NET::ERR_CERT_COMMON_NAME_INVALID
    • NET::ERR_CERT_REVOKED
    • NET::ERR_CERT_AUTHORITY_INVALID
    • ERR_SSL_WEAK_EPHEMERAL_DH_KEY
    • ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  2. If you don't see one of the previous errors, the issue might be with your computer reporting the incorrect date or time. To make sure your system date and time aren't causing the issue, set your computer to obtain the date and time automatically. Here's how:
    • Right-click the date and time in the taskbar.
    • Click Adjust date and time .
    • Ensure Set time automatically is checked.
    • Ensure Set timezone automatically is checked.
    Advertisement
  3. Here's how:
    • Press the Windows key .
    • Type internet options .
    • Click Internet Options .
  4. Only do this if you are sure the website is safe:
    • Click the Security tab.
    • Click the checkmark icon above "Trusted sites."
    • Click Sites .
    • Copy and paste the URL for the website below "Add this site to the zone."
    • Click Add .
    • Click Close .
    • Click Apply .
  5. You should only do this temporarily while visiting a particular site. To ensure you are secure while browsing, reenable these features when you are done. Make sure you still have the Internet Options menu open and use the following steps to disable certificate revocation checks: [1]
    • Click the Advanced tab.
    • Uncheck "Check for publisher's certificate revocation" below "Security."
    • Uncheck "Check for server certificate revocation" below "Security."
    • Click Apply .
  6. If you're seeing an SSL error when using a different application on your computer, such as an email or SFTP app, clearing the SSL state could resolve the issue. If your computer has saved an incorrect version of the SSL certificate, you can delete it. [2]
    • In the Internet Options window, click the Content tab.
    • Click Clear SSL state .
  7. You can often resolve SSL errors by deleting certain files that websites save to your computer. Clearing your cookies , as well as clearing your cache, can fix a wide variety of browsing errors in addition to certificate malfunctions.
  8. Using an older version of a web browser may result in SSL certificate errors and general odd behaviors. Check for and install any updates available for your browser.
    • You can also try a different web browser to see if that resolves the issue. For example, if you're using Microsoft Edge , try installing Chrome and checking to see if you can view the website there. If you get an SSL error on two different browsers, there's probably an issue with the certificate itself.
  9. If clearing your browser data and updating your software didn't work, your problem may be related to your browser settings. In that case, resetting your browser to its original settings will disable extensions and settings that might interfere with the certificate. You can generally reset your browser's settings in the Settings menu, or by uninstalling and reinstalling your browser.
  10. If you can't bypass the SSL certificate error on your end, the problem is most likely with the web server. If you can, contact the server administrator to let them know of the problem so they can resolve it.
  11. Advertisement
Method 2
Method 2 of 3:

On a Mac

PDF download Download Article
  1. The errors look slightly different depending on the browser you're using, but you can often figure out whether the certificate error is on your end or the website itself. If you see any of the following errors, the problem is with the website, not your computer:
    • NET::ERR_CERT_AUTHORITY_INVALID
    • NET::ERR_CERT_COMMON_NAME_INVALID
    • NET::ERR_CERT_REVOKED
    • NET::ERR_CERT_AUTHORITY_INVALID
    • ERR_SSL_WEAK_EPHEMERAL_DH_KEY
    • ERR_SSL_VERSION_OR_CIPHER_MISMATCH
  2. Your Mac may be reporting the incorrect date or time. To make sure your system date and time aren't causing the issue, set your computer to obtain the date and time automatically. Here's how:
    • Click the Apple icon.
    • Click System Settings or System Preferences .
    • Click General .
    • Click Date & Time .
    • Ensure "Set date and time automatically" is enabled.
  3. If you see an SSL error when using a different application on your computer, such as an email or SFTP app, clearing your SSL state could resolve the issue. If your computer has saved an incorrect version of the SSL certificate, you can delete them. [3]
    • Press Command + Spacebar to open Spotlight search.
    • Type keychain .
    • Click Keychain Access to open the app.
    • Click Login in the left pane.
    • Click Certificates under "Category" in the menu to the left.
    • Double-click the certificate that is giving you trouble.
    • Expand the menu below "Trust."
    • Select Always trust next to "When using this certificate."
    • Enter your Mac password and click Update settings .
    • If the certificate continues to give you trouble, you can right-click it and delete it. [4]
  4. If trusting the SSL certificate doesn't work or if your computer has saved an incorrect version of the SSL certificate, you can delete it. [5]
    • Press Command + Spacebar to open Spotlight search.
    • Type keychain .
    • Click ' Keychain Access to open the app.
    • Click Login in the left pane.
    • Click Certificates under "Category" on the left.
    • Right-click the SSL certificate that is giving you trouble.
    • Click Delete . [6]
  5. You can often resolve SSL errors by deleting certain files that websites save to your computer. Clearing your cookies and cache can fix many browsing errors in addition to certificate problems.
  6. Using an older version of a web browser may result in SSL certificate errors and general odd behaviors. Check for and install any updates available for your browser.
    • You can also try a different web browser to see if that resolves the issue. For example, if you're using Safari , try installing Chrome and checking to see if you can view the website there. If you get an SSL error on two different browsers, there's probably an issue with the certificate.
  7. If clearing your browser data and updating your software didn't work, your problem may be related to your browser settings. In that case, resetting your browser to its original settings will disable extensions and settings that might interfere with the certificate. You can generally reset your browser's settings in the Settings menu, or by uninstalling and reinstalling your browser.
  8. If you can't bypass the SSL certificate error on your end, the problem is most likely with the web server. Contact the server administrator to inform them of the problem so they can resolve it.
  9. Advertisement
Method 3
Method 3 of 3:

As an Administrator

PDF download Download Article
  1. You can use many online tools to check your SSL certificate that will report any errors with the certificate. Online tools include SSL Checker , DigiCert Diagnostic tool , and Qualys SSL Labs .
  2. Many, if not most, client-side SSL errors are caused by improper installation. Make sure you install the SSL certificate properly.
  3. If your SSL certificate is properly installed and you are still getting SSL certificate errors, make sure you have enabled SSL and/or HTTPS in your website's host settings. [7]
  4. SSL certificates have a lifespan of 398 days. Make sure your SSL certificate has not expired. If it is expired, you will need to renew the expired certificate.
  5. Make sure the hostname on the certificate matches your website's URL. Also, make sure the certificate covers all domains and subdomains across your entire website.
    • Also check that the contact information, such as the email, is the same as the one under which your website is registered.
    • You can get a wildcard SSL certificate to cover multiple subdomains as well as your main domain.
  6. If a certificate authority suspects your certificate is compromised, they can revoke it before it expires. If this happens, you will need to investigate why it was revoked (an online SSL checker can help with that} and replace the certificate with a valid one.
  7. If you receive an "SSL not trusted" error, the certificate is from a certificate authority not trusted by the web browser. This most commonly happens when the SSL certificate is a self-signed certificate issued by the server itself. If this is the case, you must get a new SSL certificate from a trusted authority.
  8. If you get a "mixed content" error message, a portion of a page is from an unsecured source. You may have an image, iframe, or a snippet of JavaScript being loaded from an unsecured source. You will need to edit the source code for your website and remove the content from the unsecured source.
  9. If your server uses an outdated encryption algorithm, such as SHA-1, you'll need to update your algorithms and get a new certificate. [8]
  10. If everything is set up properly and you are still getting SSL certificate errors, your firewall or security software settings may be blocking or interfering with your SSL connections. Adjust your firewall or security software settings to fix the problem.
  11. Advertisement

Expert Q&A

Ask a Question
      Advertisement

      Tips

      Submit a Tip
      All tip submissions are carefully reviewed before being published
      Name
      Please provide your name and last initial
      Thanks for submitting a tip for review!

      About This Article

      Thanks to all authors for creating a page that has been read 90,343 times.

      Is this article up to date?

      Advertisement