Catégories : 55-Canary : Mac : Report an Issue :

NET::ERR_CERT_AUTHORITY_INVALID with HSTS

Affichage de 163 messages sur 63
NET::ERR_CERT_AUTHORITY_INVALID with HSTS Nathan Clement 21/10/14 13:59
Unsure which version of Chrome you are using? Type chrome://version into your omnibox (where the URL is) and your Chrome version number will be listed on the first line.  
40.0.2188.2 (Official Builddev

Have you checked our known issues page? If your issue is not there, please provide a detailed description here

For the past month, I can't log into anything on the python.org page, including https://www.python.org/https://docs.python.org/, etc.

The page gives the error NET::ERR_CERT_AUTHORITY_INVALID, and says "You cannot visit www.python.org right now because the website uses HSTS," and there is no way past it.

I'm on OSX 10.9.5, and Chrome is up to date.

Here's what I've tried:
  • Accessing python.org via another browser (works just fine--without a warning--in Safari)
  • Accessing python.org via an incognito browser (no change)
  • Resetting cache (no change)
  • Resetting DNS responder via sudo killall -HUP mDNSResponder (no change)
  • Resetting my system clock (no change--my clock was correct before, so I couldn't make the change)
When I click on the red x next to the website in the omnibox, it tells me "This certificate was assigned my an untrusted issuer." The issuer is DigiCert SHA2 Extended Validation Server CA


I've looked around on the forums for a few things, and while there are a bunch of solutions to getting past the ERR_CERT_AUTHORITY_INVALID page, there isn't anything with HSTS that seemed relevant.

Nathan
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS KaileyK 21/10/14 15:47
Hi Nathan Clement, 

Thanks for reporting this finding of yours to us here in our forum today.  Welcome to the Chrome forum!  Are you interested in testing this out using 
Chrome in version 38?  Canary was intended for developers and can often crash as such.  Feel free to share your thoughts with me at your convenience. 

Thanks!
KaileyK

Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Keri Beal 21/11/14 12:57
Thanks a lot, this sorted out my dropbox problem
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Jem Marsh 04/02/15 05:55
I removed the cert, but I didn't add it again, as 'itsgus' suggested, as I noticed that my other machines that were working had no entries for 'DigiCert High Assurance'.

The website (https://www.digicert.com/digicert-root-certificates.htm) is really useful however as it provides links to test your browser for each certificate.

Thanks 'itsgus'
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Praba2015 05/02/15 08:18
Hello,

This is strange error I am getting while using google.com on chrome browser for any website | Test done on Feb 5 2015

OS: Windows 7 64bit



Your connection is not private
Attackers might be trying to steal your information from gmail.com (for example, passwords, messages, or credit cards).
ReloadAdvanced
NET::ERR_CERT_AUTHORITY_INVALID
..............
I could not find any solution on any forum or blogs.

Please post if any body has solution
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Praba2015 05/02/15 13:36
Hello,

Resolved this issue | error message: NET::ERR_CERT_AUTHORITY_INVALID

Solution: 

1) Go to IE browser -->Internet options --> content --> Certificates --> Intermediate certificate authorities

2) Click on Import and install required certificate file as per error or get from your Wifi Provider company

3) Click apply and OK

4) reopen the browser either chrome or IE, it should open all the websites
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Jason Van Order 06/02/15 06:04
I tried the method itgus suggested and still have the same problem.  Im running Chrome version 40.0.2214.11   Any ideas?   I waited the 10 minutes  restarted chrome and even restarted my computer but nothing worked
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS adeelr 07/02/15 06:23
ERR_CERT_AUTHORITY_INVAILD
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS adeelr 07/02/15 19:01
still problem 
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Thon de Boer 10/02/15 07:43
This solved my problem thanks very much! Not sure why this happened though, but who cares! I was having this issue with GitHub and Dropbox.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Rockeritos de Haedo 10/02/15 16:27
Porque no indican como hacer lo de los certificados? es inentendible, no todos entendemos de certificados, saquen un parche, algo... me vuelvo al IE!!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS jimmy fleetwood 27/02/15 01:16
hey, i went threw a lot of the suggested ways to fix this problem, and found that none of them worked for me, and a large majority of them was very complicated! 
im currently running windows 8.1

I had google chrome as my default browser and the problem originally happened here, got the same problems threw internet explorer as well
so i uninstalled google chrome all together, and was still getting the problem on my internet explorer.
so i went into internet explorer settings and went to the advanced tab, at the bottom there is a reset internet explorer settings to their default condition!
i clicked that and the ticked the delete personal settings and reset my whole thing, restarted my computer, reloaded internet explorer, and boom everything was back to normal.

seemed like an easy solution, and it worked for me, i just re-installed chrome and signed back in with my g-mail and everything was back to normal
hope this can help anyone with the same problem as me
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Someone...... 04/03/15 15:13
I can't even log into Twitter??????????? This used to work and now it doesn't! I'm so mad ever time I have to log into Twitter for a very important reason and all that I can get is "Connection not private" and a load of other junk. Does anyone know a way past this?
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Mike Row 16/03/15 03:15
For me all I need to do is to install GeoTrust Global CA certificate (after trying the way with DigiCert with was not the problem in my case (windows server))
Internet Explorer > options > content > certificates  > trusted root.. > import the downloaded cert
restart 
bon appettite 
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS jerry audus 21/03/15 11:53
I can't send mail as the says "audusj...@gmail.com" couldn't sign in".  It also
says the email account that I tried reach does not exist and goes on to say please
try 550.5.1.1 http://support.Google.com/mail/bin/answer.py?answer=6596.  Please help!
THANK YOU
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS jerry audus 21/03/15 11:53
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Bean Lee 27/03/15 03:04
thanks a lot, it helps me solve my problem. : )
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Vlad Tsepelev 31/03/15 09:35
Adding new certs works for me, i had problems with Stripe.com.

But why it happened? Bug somewhere?
How many users can have this issue? 
Is there any setting for certs cache?
Should users install certs manually all the time in future?

Any ideas about that?



Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS gina carano 31/03/15 18:47
adasd3adcw3dad
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Dean Bolton 01/04/15 19:29
I have windows xp. Having the same error. I just downloaded Firefox . I can get on all the website I was having problems with. Thinking of deleting Chrome. Good luck
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS kellye112 03/04/15 19:51
hi! I know this is a very dumb question, but I made it through step 1 from itsgus, but now how do I get to the webpage to download the new cert? it's still giving me the same error code.
I'm on chrome on a MacBook. help!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Manuel José Carvajal 10/04/15 08:46
I'm having the same issue and my DigiCert High Assurance EV Root CA is set to expire in Nov. 9, 2031 and my clock is OK. 

I have noticed that if I enter a URL it opens the page but if I enter word for Chrome to search it gives me this message:

Attackers might be trying to steal your information from www.google.com (foe example, passwords, messages, or credit cards) and below this appears: ERR_CERT_AUTHORITY_INVALID

If I click on advanced it opens a message that at the end says that I cannot visit google.com because that web site uses HSTS and if I click on that link I go back to a page that says Attackers........

I have uninstalled Chrome and reinstalled Chrome and that did not solve the issue. Any ideas?
Re: NET::ERR_CERT_AUTHORITY_INVALID with HAAS jerry audus 10/04/15 10:03
I'm having a problem sending mail, every time I send a message I get the message
"Google tried to my message(mail), but it was rejected by the server for the
recipient domain".  In my notifications I get "couldn't sign in".  What am I doing
wrong and can you help me.  Thank you. 4/10/15@12:02 pm
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Ken W Wood 11/04/15 23:28
OK, I am having the same problem - just started today.

In my case, the problem certificate is:

Verisign Class 3 Public Primary Certification Authority - G5

I've verified that the certificate is OK, and loaded it into Keychain again just in case. Didn't resolve the issue.

Safari and Firefox work fine on the same computer. The computer's time and timezone are correct.

This issue is keeping me from accessing sites like Paypal.com and Twitter.com using Chrome. I'm using Firefox as a workaround for now.

My version of Chrome is: Version 41.0.2272.118 (64-bit)

My version of OSX is 10.9.5

Any word from Google about a fix for this?

Thanks,
Ken
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS M. Weaver 12/04/15 14:37
I'm having this same issue with the same certificate. Keeps me from using Apple & Apple support/discussions.

OS X 10.9.5
Chrome Version 41.0.2272.118 (64-bit)
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS M. Weaver 12/04/15 15:05
The solutions is by "Drew" and begins, "Solved. The problem was indeed triggered by installing Apple Mavericks/ML Security Update 2015-004. "

First, go to "Keychain Access" (Utilities > Keychain Access or Command-Space and type in "Keychain" and select "Keychain Access")

Second, on the left side, click on your "login" keychain. Right Click on "Verisign Class 3 Public Primary Certification Authority - G5" and click delete. I also deleted other Verisign keys here, but I'm not sure it is necessary.

Third, close your browser, take a deep breath and open Chrome again. It should work now.

Thanks for wasting my afternoon, Apple!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS lizzysun 12/04/15 17:02
@MWeaver
Thanks! 

Your step by step directions really helped. 

1. I went to keychain Access -Unlocked it
2. click "login"  but didn't see the "Verisign Class 3..." in that list. 
4. So I clicked "system roots" under Keychain Assess and under Category I Clicked "all items."  The "Verisign Class 3 Public Primary Certification Authority - G5 is now listed. 
5. I clicked on it and then right click/highlight it but I don't get an option to delete. What comes up are 5 options: 1. New Cert Preference, 2. Export..., 3. Import...  4. Get Info, 5. Eval.
So how do I delete it?

I too am getting the "NET::ERR_CERT_AUTHORITY_INVALID" privacy error when trying to pay for ebay item.

Thanks!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Manuel José Carvajal 12/04/15 17:18
My latest security update was done March 19, 2015 and its named “Security Updates 2015-003” and it’s for Yosemite, not Mavericks. My version of Chrome is 41.0.2272.118 (64-bit) and I run MacOS 10.10.3

Those Verisign certificates appear in my Keychain but as valid.

If I enter a URL Chrome works but if the search bar I enter something for it to search and show me the results it gives the message Your Connection is Not Private.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Ken W Wood 13/04/15 06:24
Thanks, that solved the problem for me too.

Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS M. Weaver 13/04/15 07:01
I'm on Mavericks, so this might not be of any help. But I think it is the same security update that screwed me up.

The certs appear as valid because they are valid. The issue is that I had the certificated installed in my "login" keychain as well as my "System" keychain. Previously (if i remember correctly) it was only in the "System" keychain. I'm guessing that your situation is similar.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS M. Weaver 13/04/15 07:03
Yay I helped! Glad that we could figure this out. Honestly I couldn't pinpoint the issue until I found your post, so I have you to thank as well!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS M. Weaver 13/04/15 07:05
This may not be the same exact issue, and I don't think you need to mess with the "system roots" keychain. There was also an issue from a few months ago with DigiCert certificates.

Can you click "More details" and get the full message? It should show you the problem certificate and maybe we can pinpoint the issue from there.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Ken W Wood 13/04/15 07:15
Yes, I also had a duplicate certificate in my login keychain. Deleting it solved the problem.

Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS clavid 22/04/15 12:06
Mac users take a look at @M.Weaver's answer: https://productforums.google.com/d/msg/chrome/SE3sKXg0iFQ/DYIXNEcVEgEJ

Worked perfectly for me!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS ArthurGoldberg 26/04/15 14:17
Clear explanation and solution: http://security.stackexchange.com/questions/85830/why-is-symantec-verisign-ca-appearing-as-an-invalid-authority
Summary: Solution: Open "keychain access", select 'login' keychain, select 'Certificates' Category, Delete "VeriSign Class 3 Public Primary Certification Authority - G5" certificate, restart Chrome
Explanation: This bug brought to you by the Apple Mavericks/ML Security Update 2015-004.  

Also, Safari (at least Version 7.1.5 (9537.85.14.17)) shows the certificate signing chain.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Benny Fontillas 04/05/15 08:34
Thanks to all that contributed to solving this issue. It was driving me crazy. ArthurGoldberg's (Apr 26, 2015) worked for me! 
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Antoinette Singletary 05/05/15 20:35
My chrome on my phone is showing an error saying my site is not safe. Just started out of nowhere
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS rocifier 11/05/15 21:01
I'm still having this exact same issue in Version 43.0.2357.52 beta (64-bit) for both Windows and Mac (latest version as of writing). Why does Chrome use the outdated intermediary certificate?

Furthermore I'm unable to manually update the intermediary digicert certificate because their website is accessible only through HTTPS.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS felt 12/05/15 14:10
rocifier,

Can you provide some more debugging info? What websites is this happening on? Also, can you take a screenshot of a warning with the advanced diagnostic info showing (click on the error code to display it)?
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS john christian mapa 18/05/15 22:53

Your connection is not private

Attackers might be trying to steal your information from eprs01.philhealth.gov.ph (for example, passwords, messages, or credit cards).

 
NET::ERR_CERT_AUTHORITY_INVALID


Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS dcdennis 22/05/15 17:37
Thanks! That works for me!
(inconnu) 01/06/15 08:02 <Ce message a été supprimé.>
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Joel Stransky 06/06/15 12:30
@itsgus, you saved my brain. I'd already pulled all my hair out and the brain was next. Thank you!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Jem Marsh 18/06/15 03:57
Now getting the same error for jira.com - different root cert (COMODO RSA) which, whilst in date, is reported as having an untrusted Cert Root.

Site (jira.com) is rendered in Safari but not in Chrome (I'm on a mac).

Cant follow 'itsgus' as I have before because his instructions are for DigiCert certificates and unlike those, I do not see an equivalent download site to the DigiCert page digicert.com/digicert-root-certificates.htm
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Jem Marsh 19/06/15 05:06
OK - I knew I had an issue with 'Comodo' certificates. The certificate states that 'The identity of this website has been verified by COMODO RSA Domain Validation Secure Server CA' and that 'login' certificate had a red cross on it in the Keychain.


I removed all Comodo certs from keychain and added this one - download 'cert' file from site and double-click to open, which imports into Keychain. Add it to the 'login' keychain.

Chrome is working again.

Something wrong here as Safari is still working when Chrome baulks at these certificates - and its not explaining the issue well enough for the average user to solve.

Come on Google - sort it out!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Nathan Clement 21/10/14 16:04
I just installed version 38 and am having the same problem.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Matthew Housser 23/10/14 14:48
Same problem. Chroms 38.0.2125.104 m. Windows 7. Starting yesterday, virtually all https sites *stopped working in Chrome only*.

"NET::ERR_CERT_AUTHORITY_INVALID" with the usual "Your connection is not private". I can't load Twitter, Facebook, work-related sites.. Youtube, etc. etc. Absolutely killer to me and I had to switch to Firefox, which works perfectly. Chrome is no longer usable.

No, my clock is not wrong, refreshing all caches in Chrome doesn't do anything, and Incognito mode makes no difference.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS zenloop 28/10/14 09:45
I am having the same issue :-(
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS itsgus 29/10/14 12:10
I've had the same issue on MAC for a while on sites like dashboard.stripe.com, facebook.com, github.com.
They all use the same root certificate authority: DigiCert High Assurance EV Root CA 
Chrome was reporting that this root certificate had expired on July 2014, which I knew was incorrect. (Not sure why Chrome doesn't grab the latest cert)

My system time was correct (this is usually the first 'solution' people will give you).

I fixed the issue by taking the following steps:
  1. Manually deleted my local copy of DigiCert High Assurance EV Root CA
    • (open Keychain Access, select keychains:login, select category: certificates, search for DigiCert, right click, delete)
  2. Downloaded the real cert(s) from https://www.digicert.com/digicert-root-certificates.htm 
    • Root Certificate Authority that the sites use:
      • DigiCert High Assurance EV Root CA 
    • Intermediate Certificate Authorities that the sites use:
      • DigiCert SHA2 Extended Validation Server CA 
      • DigiCert High Assurance CA-3
  3. Added these certs to Keychain Access simply by double clicking them
    • If that doesn't work you can manually import via File > Import

At first the issue still occurred, but about 10 minutes later the issue no longer occurs. Perhaps chrome was refreshing its certificate cache?
It behaved as if Chrome was using an out-dated cert until I manually replaced it.

Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS ryan_k 03/11/14 00:48
Exact same issue for me. Github, Stripe, not allowing connections through in Chrome 38.0.2125.111 (Official Build 290379 on Max OSX 10.9.5

Will try the above steps and see if it works on my machine. 
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Mike Reyher 10/11/14 07:23
This worked perfectly for me.  Dropbox was giving me the same error.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS c-y 26/11/14 09:59
itsgus:

Thanks SO much for solving my problem!!! This did it! All the other sites and forums were saying to make sure my time and date were correct—which they were! And I was still having the problem. Changing the DigiCert totally fixed my problem. You are a lifesaver!

Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS jhnlsn 05/12/14 08:29
This was exactly what was happening to me.  My scenario was that I had not used the laptop in about 6-8 months.  After deleting and redownloading the certificates, I was able to get to github.com again.  Also after downloading the crt files and adding them, I restarted chrome to get things to work without having to wait.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS eLinkLocal 17/12/14 11:16
HUGE THANK YOU!!!  I have been searching and searching for this fix and everything else talked about date and time on PC's.  This did the fix - Thanks!!!
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS egiraud 20/12/14 13:30
I cannot find DigiCert in my certificates but when I try to download real certs it says this certificate is already installed as a certificate authority?
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS egiraud 20/12/14 13:47
Oh I was trying to download them via firefox! My bad.  Just installed all three certs, still having the same issue but will give it 10 minutes like you said.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS egiraud 24/12/14 23:11
i fixed my certificate for tumblr but im unable to for google.  i cant download new certificates for it even though i know which one is the problem.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Sam Shelton 29/12/14 11:03
Thank you! was having the same issue as others here, (different websites) but your step one fixed my problem! After hours of frustratingly searching through the internet its nice to finally arrive at a solution that actually fixes the problem! Thanks again! 
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Jorge Clésio 01/01/15 11:26
Como resolver este problema?
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Gal Sivan 05/01/15 06:01
Amazing! it worked! I have been looking for a while now. Don't forget to restart chrome after doing this.
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS JAYANTHI P 12/01/15 08:10
Dear Sir,

All of a sudden my Chrome is displaying NET::ERR_CERT_AUTHORITY_INVALID error for all payment gateway sites. I couldn't even open some sports websites like Eurosport UK etc because it may not be safe. It says attackers maybe trying to intercept my connection. I am worried about my security and would like to know how to sort this problem. 

Here I'd like to add that my system clock was showing a wrong time recently and i set it right after which Chrome started blocking many websites including live stream sports sites etc.

Please help.

Thanks,
Jayanthi
Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Jem Marsh 04/02/15 05:24
Exact same issue - but it must be config because other machines running same OS (Mac Yosemite) and Chrome are not exhibiting the behaviour.

Re: NET::ERR_CERT_AUTHORITY_INVALID with HSTS Meg H. 20/09/16 14:52

Hi all,


If you are experiencing err_cert_authority_invalid please visit the following Chrome Help Center article for troubleshooting steps.


If you still have any issues/questions around this error, please post a new thread so someone from the Chrome team can help you with whatever's going on!


Best,

Meg
Plus de sujets »