- What is SSL?
- Why SSL?
- PKI Overview
- SSL Certificate Features
- Ordering a Certificate
- What is a CSR?
- SSL Certificate Installation
- SSL Certificate Errors
- SSL Details
- Special Types
- Copying a Certificate
- The Most Common Java Keytool Keystore Commands
- How to use SSL Certificates with Exchange 2007
- How to Create a Self Signed Certificate using Java Keytool
- How to Create and Install an Apache Self Signed Certificate
- More Discussion About How Firefox 3 Handles SSL Certificates
SSL Certificate Not Trusted Error
"The security certificate presented by this website was not issued by a trusted certificate authority."
The certificate not trusted error indicates that the SSL certificate is not signed or approved by a company that the browser trusts. This occurs most often for one of the following reasons:
- The web site is using a self-signed certificate. Self-signed certificates can be generated for free but they don't provide as much trust as a commercial certificate. You can tell your browser to trust the self-signed certificate or you can buy (or ask the site owner to buy) a trusted SSL certificate from a certificate authority.
- The web site is using a free SSL Certificate. Free SSL Certificates are issued by a couple of free certificate authorities but their Root Certificate must be manually imported to each browser to get rid of this error.
- The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source.
The last option is a very common one. For example, if PayPal installed their server certificate for www.paypal.com without installing VeriSign's Class 3 Extended Validation SSL SGC CA intermediate certificate, a web browser would give the certificate not trusted error.
Occasionally, certain browsers will give this error when others do not. For example, Microsoft Internet Explorer can automatically download intermediate certificates the first time you visit a site that needs one while Firefox cannot. Once a trusted certificate is installed properly, all browsers will work without getting this error. You can verify whether the certificate will get a certificate not trusted error by using our SSL Checker. The SSL checker uses the latest roots included in Mozilla's Firefox to determine if a certificate is trusted. For specific compatibility of your certificate see, SSL certificate compatibility.
How to Fix The Untrusted Error
To fix this error, you will need to install one or more intermediate/chain certificates onto the web server. If you have any questions about how to do this, contact your certificate authority or follow their SSL certificate installation instructions listed below:
Most web browsers make it clear that you shouldn't just continue when you receive this error. This is because, while most of the time it doesn't, it could indicate that a phisher is trying to pass a website off as a legitimate site. You shouldn't have to continue through this error message on legitimate web sites unless the web site owner just doesn't want to spend a little money to buy a trusted SSL certificate. You definitely shouldn't continue through this error on big websites like your bank.
This error is often phrased differently depending on the web browser. These are some common ways the certificate not trusted error is stated in other browsers:
Different certificate not trusted errors in different web browsers
|Web Browser||Error Message|
|Internet Explorer 6||"The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority."|
|Internet Explorer 7||"The security certificate presented by this website was not issued by a trusted certificate authority."|
|Firefox 2|| |
"Unable to verify the identity of www.paypal.com as a trusted site.
Possible reasons for this error:
- Your browser does not recognize the Certificate Authority that issued the site's certificate.
- The site's certificate is incomplete due to a server misconfiguration."
|Firefox 3|| |
"The certificate is not trusted because it is self signed."
"The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)"
|Safari 3|| "Authentication failed because the server certificate is not trusted." |
|Google Chrome||"The site's security certificate is not trusted!"|