SSL Certificate Not Trusted Error

 "The security certificate presented by this website was not issued by a trusted certificate authority."

Certificate Not Trusted Error in Internet Explorer 7

The certificate not trusted error indicates that the SSL certificate is not signed or approved by a company that the browser trusts. This occurs most often for one of the following reasons:

  • The web site is using a self-signed certificate. Self-signed certificates can be generated for free but they don't provide as much trust as a commercial certificate. You can tell your browser to trust the self-signed certificate or you can buy (or ask the site owner to buy) a trusted SSL certificate from a certificate authority.
  • The web site is using a free SSL Certificate. Free SSL Certificates are issued by a couple of free certificate authorities but their Root Certificate must be manually imported to each browser to get rid of this error.
  • The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source.

The last option is a very common one. For example, if PayPal installed their server certificate for www.paypal.com without installing VeriSign's Class 3 Extended Validation SSL SGC CA intermediate certificate, a web browser would give the certificate not trusted error.

A Certificate's Certificate Path

Occasionally, certain browsers will give this error when others do not.  For example, Microsoft Internet Explorer can automatically download intermediate certificates the first time you visit a site that needs one while Firefox cannot. Once a trusted certificate is installed properly, all browsers will work without getting this error. You can verify whether the certificate will get a certificate not trusted error by using our SSL Checker. The SSL checker uses the latest roots included in Mozilla's Firefox to determine if a certificate is trusted. For specific compatibility of your certificate see, SSL certificate compatibility.

How to Fix The Untrusted Error

To fix this error, you will need to install one or more intermediate/chain certificates onto the web server. If you have any questions about how to do this, contact your certificate authority or follow their SSL certificate installation instructions listed below:

Certificate Provider Links to Installation Instructions
Comodo Comodo Certificate Installation Instructions
InstantSSL Certificate Installation Instructions
DigiCert DigiCert Certificate Installation Instructions
Entrust Entrust Certificate Installation Instructions
GeoTrust GeoTrust Certificate Installation Instructions
RapidSSL Certificate Installation Instructions
GlobalSign GlobalSign Certificate Installation Instructions
GoDaddy GoDaddy Certificate Installation Instructions
Network Solutions Network Solutions Certificate Installation Instructions
Network Solutions list of Intermediate Certificates
StartCom StartCom Certificate Installation Instructions
StartCom list of Intermediate Certificates
Thawte Thawte SSL Web Server Certificate Installation Instructions
Thawte SSL123 Certificate Installation Instructions
Thawte SGC SuperCert Certificate Installation Instructions
VeriSign VeriSign Certificate Installation Instructions
VeriSign list of Intermediate Certificates

Most web browsers make it clear that you shouldn't just continue when you receive this error. This is because, while most of the time it doesn't, it could indicate that a phisher is trying to pass a website off as a legitimate site. You shouldn't have to continue through this error message on legitimate web sites unless the web site owner just doesn't want to spend a little money to buy a trusted SSL certificate. You definitely shouldn't continue through this error on big websites like your bank.

This error is often phrased differently depending on the web browser. These are some common ways the certificate not trusted error is stated in other browsers:

Different certificate not trusted errors in different web browsers

Web Browser  Error Message
 Internet Explorer 6 "The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority."
 Internet Explorer 7 "The security certificate presented by this website was not issued by a trusted certificate authority."
 Firefox 2

"Unable to verify the identity of www.paypal.com as a trusted site.

Possible reasons for this error:

- Your browser does not recognize the Certificate Authority that issued the site's certificate.

- The site's certificate is incomplete due to a server misconfiguration."

 Firefox 3

 "The certificate is not trusted because it is self signed."

 "The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)"

 Safari 3  "Authentication failed because the server certificate is not trusted."
 Google Chrome "The site's security certificate is not trusted!"

 

Certificate Not Trusted Error in Internet Explorer 6

Certificate Not Trusted Error in Firefox 2

Certificate Not Trusted Error in in Firefox 3

Certificate Not Trusted Error in Google Chrome

Originally posted on Thu Nov 6, 2008

Comments (32)

  1. rasik.k.t:
    Dec 28, 2012 at 11:32 PM

    thanks forever.... i update my system time&date then my problem....has gone

  2. Jay:
    Jul 12, 2012 at 02:10 AM

    Hi guys, I'd like to add one point that you can check if you got "Untrusted Certificate" error (related to IIS web server). Check that default website doesn't have https:// binding. If so, remove it because if you server has a single ip, it will conflict with a website in which you're trying to add ssl. Thanks, Jay

  3. ari:
    May 08, 2012 at 01:26 PM

    #26 (Marty McGee) is the key to SSL Nirvana. Follow that advice - In Apache, my virtual host settings are now: SSLEngine On SSLCertificateFile conf/ssl/www.my-domain.com.crt SSLCertificateKeyFile conf/ssl/www_my-domain_com.key SSLCertificateChainFile conf/ssl/gd_bundle.crt ( this was the line I was missing) Cheers!

  4. kameswararao:
    Feb 24, 2012 at 02:02 AM

    This webpage has a redirect loop The webpage at https://mail.google.com/mail/?shva=1 has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer. Here are some suggestions: Reload this webpage later. Learn more about this problem. Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

  5. Metaljoe:
    Feb 12, 2012 at 12:30 PM

    I Had this problem on my laptop and could not fix cause the error was not showing all the error when clicking the link to see all the message. I had to hit the tab button to get all the message then was able to continue fixing this error. Strange but it worked.

  6. Gideon7:
    Jan 27, 2012 at 09:26 PM

    I ran into a similar problem when renewing my Web SSL Certificate with Thwate on Windows Server 2008 R2 running IIS 7.5. It failed and my e-commerce web site was down for days. Ultimately the problem was traced to a bad intermediate CA. After hours of debugging I finally figured out the trick was to first delete from my server all of the old intermediate Thawte CA certificates. I then imported the entire chain using my new Web SSL cert file downloaded from thawte.com (which included a new chain of Thawte certificates). On Windows Server 2008 R2 there is a bogus self-signed cert named "thawte Primary Root CA". This conflicted with my new cert's chain of intermediate CAs (one of which is also named "thawte Primary Root CA") that was embedded in the Web SSL cert that I purchased from thwate.com. The new "thawte Primary Root CA" cert was an intermediate signed above by "Thawte Premium Server CA". (Yes, the so-called 'root' cert was really an intermediate.) There is a Thawte Knowledge Base article that acknowledges the problem at https://search.thawte.com/support/ssl-digital-certificates/index?page=content&id=SO10664 The Thawte KB article explains how to disable the old bad root cert "thawte Primary Root CA". However, the workaround in the KB article does not fix the problem. I had to physically delete the entire chain, including the self-signed root cert "thawte Primary Root CA", from my web server's certificate database. It was only after deleting the whole chain and re-importing it that the web server would publish the correct SSL certification chain to web browsers.

  7. Marty McGee:
    Jan 10, 2012 at 11:35 AM

    I am running Apache on Windows, and I'm using a GoDaddy-issued certificate. Robert's suggestion to try the SSL-Checker tool made me realize that I had not set a pointer to my GoDaddy Chain File (gd_bundle.crt). So fyi @Paul, GoDaddy DOES use a valid security certificate, as long as you download and install the Chain File correctly. In Apache, my virtual host settings are now: SSLEngine On SSLCertificateFile conf/ssl/www.my-domain.com.crt SSLCertificateKeyFile conf/ssl/www_my-domain_com.key SSLCertificateChainFile conf/ssl/gd_bundle.crt ( this was the line I was missing) Thanks everyone!

  8. Jeydey:
    Dec 30, 2011 at 08:41 AM

    Set your time and date in exact

  9. mysun:
    Oct 19, 2011 at 02:00 AM

    Dear sir! I setup CA local, i setup ssl for web server, i browser such: IE, firefox,... is Untrusted Error What can I do? i try install root CA for browser but Untrusted Thanks pro

  10. Andy:
    Aug 24, 2011 at 09:37 AM

    I'm really confused on why GeoTrust isn't a trusted SSL cert for Google Chrome. None of the other browsers I have tried are giving me errors and things seem to check out. Even your little SSL checker says it's all good: http://www.sslshopper.com/ssl-checker.html#hostname=www.momagenda.com Any ideas on why Google Chrome is showing the Not Trusted error message?

  11. ujef:
    Jun 13, 2011 at 11:27 PM

    i know some time you will get ssl error, because the ssl provider a using new root in old browsers and device, intermedia certificate link the new root and trusted certificate. check ssl provider.

  12. Faheem:
    Jun 05, 2011 at 11:38 PM

    hello hi i have read the above document but i'm still not able to get rid of the error plz help me in step by step procedure to get rid of ssl error it would be an honor for me to receive ur feed back regards Faheem

  13. Sreekanth T:
    May 18, 2011 at 10:32 PM

    Hi I am using IE7. I am getting this error on screen like what has shown above. But in other system IE6 its coming in Pop up message. Please let me know how to get the same error in Pop ups in IE 7. Because i am running scripts to test it which can handle the pop ups only.

  14. sarang:
    Apr 07, 2011 at 03:56 AM

    You can add CA certificate in trusted store of a browser.

  15. Justin:
    Mar 05, 2011 at 05:31 AM

    Hi, How comes 2 computers using same browser and internet provider but one gives error message when in https and the other does not? Any ideas?

  1. 1
  2. 2
  3. 3




Allowed tags: <b><i><br>Add a new comment: