SSL Certificate Not Trusted Error

 "The security certificate presented by this website was not issued by a trusted certificate authority."

Certificate Not Trusted Error in Internet Explorer 7

The certificate not trusted error indicates that the SSL certificate is not signed or approved by a company that the browser trusts. This occurs most often for one of the following reasons:

  • The web site is using a self-signed certificate. Self-signed certificates can be generated for free but they don't provide as much trust as a commercial certificate. You can tell your browser to trust the self-signed certificate or you can buy (or ask the site owner to buy) a trusted SSL certificate from a certificate authority.
  • The web site is using a free SSL Certificate. Free SSL Certificates are issued by a couple of free certificate authorities but their Root Certificate must be manually imported to each browser to get rid of this error.
  • The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source.

The last option is a very common one. For example, if PayPal installed their server certificate for www.paypal.com without installing VeriSign's Class 3 Extended Validation SSL SGC CA intermediate certificate, a web browser would give the certificate not trusted error.

A Certificate's Certificate Path

Occasionally, certain browsers will give this error when others do not.  For example, Microsoft Internet Explorer can automatically download intermediate certificates the first time you visit a site that needs one while Firefox cannot. Once a trusted certificate is installed properly, all browsers will work without getting this error. You can verify whether the certificate will get a certificate not trusted error by using our SSL Checker. The SSL checker uses the latest roots included in Mozilla's Firefox to determine if a certificate is trusted. For specific compatibility of your certificate see, SSL certificate compatibility.

How to Fix The Untrusted Error

To fix this error, you will need to install one or more intermediate/chain certificates onto the web server. If you have any questions about how to do this, contact your certificate authority or follow their SSL certificate installation instructions listed below:

Certificate Provider Links to Installation Instructions
Comodo Comodo Certificate Installation Instructions
InstantSSL Certificate Installation Instructions
DigiCert DigiCert Certificate Installation Instructions
Entrust Entrust Certificate Installation Instructions
GeoTrust GeoTrust Certificate Installation Instructions
RapidSSL Certificate Installation Instructions
GlobalSign GlobalSign Certificate Installation Instructions
GoDaddy GoDaddy Certificate Installation Instructions
Network Solutions Network Solutions Certificate Installation Instructions
Network Solutions list of Intermediate Certificates
StartCom StartCom Certificate Installation Instructions
StartCom list of Intermediate Certificates
Thawte Thawte SSL Web Server Certificate Installation Instructions
Thawte SSL123 Certificate Installation Instructions
Thawte SGC SuperCert Certificate Installation Instructions
VeriSign VeriSign Certificate Installation Instructions
VeriSign list of Intermediate Certificates

Most web browsers make it clear that you shouldn't just continue when you receive this error. This is because, while most of the time it doesn't, it could indicate that a phisher is trying to pass a website off as a legitimate site. You shouldn't have to continue through this error message on legitimate web sites unless the web site owner just doesn't want to spend a little money to buy a trusted SSL certificate. You definitely shouldn't continue through this error on big websites like your bank.

This error is often phrased differently depending on the web browser. These are some common ways the certificate not trusted error is stated in other browsers:

Different certificate not trusted errors in different web browsers

Web Browser  Error Message
 Internet Explorer 6 "The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority."
 Internet Explorer 7 "The security certificate presented by this website was not issued by a trusted certificate authority."
 Firefox 2

"Unable to verify the identity of www.paypal.com as a trusted site.

Possible reasons for this error:

- Your browser does not recognize the Certificate Authority that issued the site's certificate.

- The site's certificate is incomplete due to a server misconfiguration."

 Firefox 3

 "The certificate is not trusted because it is self signed."

 "The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)"

 Safari 3  "Authentication failed because the server certificate is not trusted."
 Google Chrome "The site's security certificate is not trusted!"

 

Certificate Not Trusted Error in Internet Explorer 6

Certificate Not Trusted Error in Firefox 2

Certificate Not Trusted Error in in Firefox 3

Certificate Not Trusted Error in Google Chrome

 Digg  del.icio.us  Reddit

Posted on November 06, 2008
Showing comments 1 to 20 of 32 | Next | Last
rasik.k.t
Posts: 28
Comment
thanks
Reply #32 on : Sat December 29, 2012, 01:32:48
thanks forever....
i update my system time&date
then my problem....has gone
Jay
Posts: 28
Comment
Untrusted Certificate
Reply #31 on : Thu July 12, 2012, 04:10:11
Hi guys,

I'd like to add one point that you can check if you got "Untrusted Certificate" error (related to IIS web server).

Check that default website doesn't have https:// binding. If so, remove it because if you server has a single ip, it will conflict with a website in which you're trying to add ssl.

Thanks,
Jay
ari
Posts: 28
Comment
Re: SSL Certificate Not Trusted Error
Reply #30 on : Tue May 08, 2012, 15:26:57
#26 (Marty McGee) is the key to SSL Nirvana.

Follow that advice -

In Apache, my virtual host settings are now:

SSLEngine On
SSLCertificateFile conf/ssl/www.my-domain.com.crt
SSLCertificateKeyFile conf/ssl/www_my-domain_com.key
SSLCertificateChainFile conf/ssl/gd_bundle.crt ( this was the line I was missing)

Cheers!
kameswararao
Posts: 28
Comment
Hi, How comes 2 computers using same browser and internet provider but one gives error message when
Reply #29 on : Fri February 24, 2012, 04:02:33
This webpage has a redirect loop
The webpage at https://mail.google.com/mail/?shva=1 has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Here are some suggestions:
Reload this webpage later.
Learn more about this problem.
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.
Metaljoe
Posts: 28
Comment
Untrusted firefox websites
Reply #28 on : Sun February 12, 2012, 14:30:35
I Had this problem on my laptop and could not fix cause the error was not showing all the error when clicking the link to see all the message. I had to hit the tab button to get all the message then was able to continue fixing this error. Strange but it worked.
Gideon7
Posts: 28
Comment
thawte Primary Root CA must be disabled
Reply #27 on : Fri January 27, 2012, 23:26:15
I ran into a similar problem when renewing my Web SSL Certificate with Thwate on Windows Server 2008 R2 running IIS 7.5. It failed and my e-commerce web site was down for days. Ultimately the problem was traced to a bad intermediate CA.

After hours of debugging I finally figured out the trick was to first delete from my server all of the old intermediate Thawte CA certificates. I then imported the entire chain using my new Web SSL cert file downloaded from thawte.com (which included a new chain of Thawte certificates).

On Windows Server 2008 R2 there is a bogus self-signed cert named "thawte Primary Root CA". This conflicted with my new cert's chain of intermediate CAs (one of which is also named "thawte Primary Root CA") that was embedded in the Web SSL cert that I purchased from thwate.com. The new "thawte Primary Root CA" cert was an intermediate signed above by "Thawte Premium Server CA". (Yes, the so-called 'root' cert was really an intermediate.)

There is a Thawte Knowledge Base article that acknowledges the problem at https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO10664

The Thawte KB article explains how to disable the old bad root cert "thawte Primary Root CA". However, the workaround in the KB article does not fix the problem. I had to physically delete the entire chain, including the self-signed root cert "thawte Primary Root CA", from my web server's certificate database. It was only after deleting the whole chain and re-importing it that the web server would publish the correct SSL certification chain to web browsers.
Marty McGee
Posts: 28
Comment
Certificate Chain
Reply #26 on : Tue January 10, 2012, 13:35:03
I am running Apache on Windows, and I'm using a GoDaddy-issued certificate. Robert's suggestion to try the SSL-Checker tool made me realize that I had not set a pointer to my GoDaddy Chain File (gd_bundle.crt). So fyi @Paul, GoDaddy DOES use a valid security certificate, as long as you download and install the Chain File correctly.

In Apache, my virtual host settings are now:

SSLEngine On
SSLCertificateFile conf/ssl/www.my-domain.com.crt
SSLCertificateKeyFile conf/ssl/www_my-domain_com.key
SSLCertificateChainFile conf/ssl/gd_bundle.crt ( this was the line I was missing)

Thanks everyone!
Jeydey
Posts: 28
Comment
Just update your time and date
Reply #25 on : Fri December 30, 2011, 10:41:29
Set your time and date in exact
mysun
Posts: 28
Comment
I get this error
Reply #24 on : Wed October 19, 2011, 04:00:57
Dear sir!
I setup CA local, i setup ssl for web server, i browser such: IE, firefox,... is Untrusted Error
What can I do? i try install root CA for browser but Untrusted

Thanks pro
Andy
Posts: 28
Comment
Google Chrome not trusting GeoTrust Cert
Reply #23 on : Wed August 24, 2011, 11:37:33
I'm really confused on why GeoTrust isn't a trusted SSL cert for Google Chrome. None of the other browsers I have tried are giving me errors and things seem to check out.

Even your little SSL checker says it's all good:
http://www.sslshopper.com/ssl-checker.html#hostname=www.momagenda.com

Any ideas on why Google Chrome is showing the Not Trusted error message?
ujef
Posts: 28
Comment
SSL Error
Reply #22 on : Tue June 14, 2011, 01:27:31
i know some time you will get ssl error,
because the ssl provider a using new root in old
browsers and device, intermedia certificate link
the new root and trusted certificate.
check ssl provider.
Faheem
Posts: 28
Comment
ssl certificate error on google chrome
Reply #21 on : Mon June 06, 2011, 01:38:25
hello hi
i have read the above document but i'm still not able to get rid of the error plz help me in step by step procedure to get rid of ssl error
it would be an honor for me to receive ur feed back
regards
Faheem
Sreekanth T
Posts: 28
Comment
I want this error in pop up -IE7
Reply #20 on : Thu May 19, 2011, 00:32:07
Hi
I am using IE7.
I am getting this error on screen like what has shown above.
But in other system IE6 its coming in Pop up message.
Please let me know how to get the same error in Pop ups in IE 7.
Because i am running scripts to test it which can handle the pop ups only.
sarang
Posts: 28
Comment
Solution to fix this error
Reply #19 on : Thu April 07, 2011, 05:56:27
You can add CA certificate in trusted store of a browser.
Justin
Posts: 28
Comment
SSL Error
Reply #18 on : Sat March 05, 2011, 07:31:32
Hi,

How comes 2 computers using same browser and internet provider but one gives error message when in https and the other does not? Any ideas?
Jerry
Posts: 28
Comment
Re: SSL Certificate Not Trusted Error
Reply #17 on : Sat February 26, 2011, 02:16:49
Make sure the date and time is current. I got this error fixed after I realized I set the date wrong.
MarjanT
Posts: 28
Comment
Confirmed fixed - this time clienside issue
Reply #16 on : Sat January 15, 2011, 06:31:36
After restarting computer (which of course includes stop/start of firefox) ssl checker finds it OK but for 'The certificate is not trusted in all web browsers'.
Issues with IE are over, but firefox (up to date version) still has same problem. Shall forward to mozzila and server owner.
MarjanT
Posts: 28
Comment
Client side problem resolved
Reply #15 on : Sat January 15, 2011, 05:02:42
A vista computer has been connected to internet a week ago for the first time. https connection-->ceritficate invalid because issuers certificate is not trusted/valid was received for provider's digicert isued service site. ssl checker showed certificate OK, with possible issues with intermediates at server site.
The problem this time was client side, the client side certificate store root certificates have been expired.
I had a night work/waiting applying updates (Vista told all updates were applied and SP-1 was not even shown as available).
After all restarting firefox still showed same diagnose. I found I had to access the site in question once in IE (8 after all the updating) and IE certificate finaly got up to date and valid root certificates, and in IE problem got away. For firefox I assume I have to restart firefox (or/and computer) - which I am going to do after sending this
Rose
Posts: 28
Comment
facing same issue
Reply #14 on : Wed October 13, 2010, 04:50:20
Renewed SSL certificate and changed the vendor. Facing this issue on OS AIX, IBM WebSphere Application server. Solving the issue with help of vendor but no solution. Would appreciate if any one can help on this.
Steve
Posts: 28
Comment
Continues
Reply #13 on : Fri September 17, 2010, 02:26:11
Only solution is the web server vender to work on getting his certificate trusted and not expired.
Showing comments 1 to 20 of 32 | Next | Last

Write a comment


If you have trouble reading the code, click on the code itself to generate a new random code.
Security Code:
 
Post Comment