Tired of managing certificates? Automate it with ZeroSSL   Learn about ZeroSSL Automation x

SSL Certificate Not Trusted Error

 "The security certificate presented by this website was not issued by a trusted certificate authority."

Certificate Not Trusted Error in Internet Explorer 7

The certificate not trusted error indicates that the SSL certificate is not signed or approved by a company that the browser trusts. This occurs most often for one of the following reasons:

  • The web site is using a self-signed certificate. Self-signed certificates can be generated for free but they don't provide as much trust as a commercial certificate. You can tell your browser to trust the self-signed certificate or you can buy (or ask the site owner to buy) a trusted SSL certificate from a certificate authority.
  • The web site is using a free SSL Certificate. Free SSL Certificates are issued by a couple of free certificate authorities but their Root Certificate must be manually imported to each browser to get rid of this error.
  • The web site is using a trusted SSL certificate but it is missing a chain/intermediate certificate. Most trusted certificates require that you install at least one other intermediate/chain certificate on the server to link your certificate up to a trusted source.

The last option is a very common one. For example, if PayPal installed their server certificate for www.paypal.com without installing VeriSign's Class 3 Extended Validation SSL SGC CA intermediate certificate, a web browser would give the certificate not trusted error.

A Certificate's Certificate Path

Occasionally, certain browsers will give this error when others do not.  For example, Microsoft Internet Explorer can automatically download intermediate certificates the first time you visit a site that needs one while Firefox cannot. Once a trusted certificate is installed properly, all browsers will work without getting this error. You can verify whether the certificate will get a certificate not trusted error by using our SSL Checker. The SSL checker uses the latest roots included in Mozilla's Firefox to determine if a certificate is trusted. For specific compatibility of your certificate see, SSL certificate compatibility.

How to Fix The Untrusted Error

To fix this error, you will need to install one or more intermediate/chain certificates onto the web server. If you have any questions about how to do this, contact your certificate authority or follow their SSL certificate installation instructions listed below:

ThawteThawte SSL Web Server Certificate Installation Instructions

Certificate ProviderLinks to Installation Instructions
Sectigo Sectigo Certificate Installation Instructions
InstantSSL Certificate Installation Instructions
DigiCert DigiCert Certificate Installation Instructions
Entrust Entrust Certificate Installation Instructions
GeoTrust GeoTrust Certificate Installation Instructions
RapidSSL Certificate Installation Instructions
GlobalSign GlobalSign Certificate Installation Instructions
GoDaddy GoDaddy Certificate Installation Instructions
Network Solutions Network Solutions Certificate Installation Instructions

Most web browsers make it clear that you shouldn't just continue when you receive this error. This is because it could indicate that a phisher is trying to pass a website off as a legitimate site (though it is usually just a server misconfiguration). You shouldn't have to continue through this error message on legitimate web sites.

This error is often phrased differently depending on the web browser. These are some common ways the certificate not trusted error is stated in other browsers:

Different certificate not trusted errors in different web browsers

Web Browser Error Message
 Internet Explorer 6 "The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certifying authority."
 Internet Explorer 7 "The security certificate presented by this website was not issued by a trusted certificate authority."
 Firefox 2

"Unable to verify the identity of www.paypal.com as a trusted site.

Possible reasons for this error:

- Your browser does not recognize the Certificate Authority that issued the site's certificate.

- The site's certificate is incomplete due to a server misconfiguration."

 Firefox 3

 "The certificate is not trusted because it is self signed."

 "The certificate is not trusted because the issuer certificate is unknown. (Error code: sec_error_unknown_issuer)"

 Safari 3  "Authentication failed because the server certificate is not trusted."
 Google Chrome "The site's security certificate is not trusted!"

 

Certificate Not Trusted Error in Internet Explorer 6

Certificate Not Trusted Error in Firefox 2

Certificate Not Trusted Error in in Firefox 3

Certificate Not Trusted Error in Google Chrome

Originally posted on Thu Nov 6, 2008

Comments


Sreekanth T(2014-12-13)

Hi
I am using IE7.
I am getting this error on screen like what has shown above.
But in other system IE6 its coming in Pop up message.
Please let me know how to get the same error in Pop ups in IE 7.
Because i am running scripts to test it which can handle the pop ups only.

Nick(2014-12-13)

I used the checker tool on this site and it said the SSL was fine.

Faheem(2014-12-13)

hello hi
i have read the above document but i'm still not able to get rid of the error plz help me in step by step procedure to get rid of ssl error
it would be an honor for me to receive ur feed back
regards
Faheem

ujef(2014-12-13)

i know some time you will get ssl error,
because the ssl provider a using new root in old
browsers and device, intermedia certificate link
the new root and trusted certificate.
check ssl provider.

Andy(2014-12-13)

I'm really confused on why GeoTrust isn't a trusted SSL cert for Google Chrome. None of the other browsers I have tried are giving me errors and things seem to check out.

Even your little SSL checker says it's all good:
http://www.sslshopper.com/s...

Any ideas on why Google Chrome is showing the Not Trusted error message?

Robert(2014-12-13)

Sometimes you will get this error on certain web browsers or devices but not on others. This could be because the SSL provider is using a new Root certificate that isn't included in the old browsers and devices. The error can usually be fixed by installing an Intermediate certificate that will link the new Root certificate to an old trusted certificate. Check with your SSL provider.

Nick(2014-12-13)

I started getting this "not trusted" error on one of my sites today. I have not changed anything about the SSL in months. IE, firefox, and google chrome from my office location started giving me the error. My home location and other computers on a different network do not display the error. Any ideas?

Unknown(2014-12-13)

That's not really the case all the time. For example, we have users in an overseas domain that get this error while domestic users do not. That tells me that it can just as easily be a browser issue or security settings issue.

John(2014-12-13)

These truly are a load of crap. - I have just tried to install their trial certificate only to find that I could not access their tester because trial certificates do not give you an order number or login details ...and that there is a file, cert, etc. available from Thawte to fix this is a complete and total myth.

On the plus side, the certificate did install without problem, though, and the details were available immediately and it was not necessary to wait several hours for them to be emailed to me.

With the IE problems and lack of tester, though, and proposed 'fix' (mutilating your httpd.conf and .htaccess files) I would say avoid at all costs and use Digicert or Comodo.

Robert(2014-12-13)

It's true that some browsers allow you to skip or disable this error, but in the vast majority of cases, this error indicates that you are using an untrusted certificate or you haven't installed all of the Intermediate certificates properly. See http://www.sslshopper.com/s... and it should tell you the specific problem.

Paul(2014-12-13)

I know this is an old post but I am getting this error with a godaddy cert and the ssl checker says all is good but yet anyone who visits in firefox 3.6 sees site not secure i also get this error going to godaddys site to log in

www.godaddy.com uses an invalid security certificate.

The certificate is not trusted because the issuer certificate is not trusted.

(Error code: sec_error_untrusted_issuer)

Is this on my end or is it there trouble they say I am not getting an error and in not so manny words have called me a lier

Robert(2014-12-13)

Hi Andrew,

The solution (as stated in the "How to Fix The Untrusted Error" section) is for the administrator of the website to install one or more intermediate/chain certificates onto the web server. If you aren't the web site administrator, you will need to contact them so they can fix it.

Robert(2014-12-13)

Hi Paul,

I'm not sure why you would receive the error if the SSL checker didn't report any problems. I'm able to access www.godaddy.com in Firefox 3.6 without receiving any errors. Do you receive a similar error in any other web browsers?

Sean(2014-12-13)

I just installed Clear Wimax on two laptops, one running XP the other Vista. Both machines have Chrome and IE7. Using both browsers on both machines I get "untrusted security certificate" Anyone else have this problem? If so, how does one fix this?

Andrew(2014-12-13)

I get this error (on firefox only .. )
with geotrust .....
the article does not include a solution ..... or even a proposed solution, completely pointless ...

MarjanT(2014-12-13)

A vista computer has been connected to internet a week ago for the first time. https connection-->ceritficate invalid because issuers certificate is not trusted/valid was received for provider's digicert isued service site. ssl checker showed certificate OK, with possible issues with intermediates at server site.
The problem this time was client side, the client side certificate store root certificates have been expired.
I had a night work/waiting applying updates (Vista told all updates were applied and SP-1 was not even shown as available).
After all restarting firefox still showed same diagnose. I found I had to access the site in question once in IE (8 after all the updating) and IE certificate finaly got up to date and valid root certificates, and in IE problem got away. For firefox I assume I have to restart firefox (or/and computer) - which I am going to do after sending this

Steve(2014-12-13)

Only solution is the web server vender to work on getting his certificate trusted and not expired.

Steve(2014-12-13)

Means Certificate just got expired recently 0r you have the worng date and time on the system.

Rose(2014-12-13)

Renewed SSL certificate and changed the vendor. Facing this issue on OS AIX, IBM WebSphere Application server. Solving the issue with help of vendor but no solution. Would appreciate if any one can help on this.

mysun(2014-12-13)

Dear sir!
I setup CA local, i setup ssl for web server, i browser such: IE, firefox,... is Untrusted Error
What can I do? i try install root CA for browser but Untrusted

Thanks pro

Justin(2014-12-13)

Hi,

How comes 2 computers using same browser and internet provider but one gives error message when in https and the other does not? Any ideas?

Jeydey(2014-12-13)

Set your time and date in exact

MarjanT(2014-12-13)

After restarting computer (which of course includes stop/start of firefox) ssl checker finds it OK but for 'The certificate is not trusted in all web browsers'.
Issues with IE are over, but firefox (up to date version) still has same problem. Shall forward to mozzila and server owner.

sarang(2014-12-13)

You can add CA certificate in trusted store of a browser.

Jerry(2014-12-13)

Make sure the date and time is current. I got this error fixed after I realized I set the date wrong.

Marty McGee(2014-12-13)

I am running Apache on Windows, and I'm using a GoDaddy-issued certificate. Robert's suggestion to try the SSL-Checker tool made me realize that I had not set a pointer to my GoDaddy Chain File (gd_bundle.crt). So fyi @Paul, GoDaddy DOES use a valid security certificate, as long as you download and install the Chain File correctly.

In Apache, my virtual host settings are now:

SSLEngine On
SSLCertificateFile conf/ssl/www.my-domain.com.crt
SSLCertificateKeyFile conf/ssl/www_my-domain_com.key
SSLCertificateChainFile conf/ssl/gd_bundle.crt ( this was the line I was missing)

Thanks everyone!

Gideon7(2014-12-13)

I ran into a similar problem when renewing my Web SSL Certificate with Thwate on Windows Server 2008 R2 running IIS 7.5. It failed and my e-commerce web site was down for days. Ultimately the problem was traced to a bad intermediate CA.

After hours of debugging I finally figured out the trick was to first delete from my server all of the old intermediate Thawte CA certificates. I then imported the entire chain using my new Web SSL cert file downloaded from thawte.com (which included a new chain of Thawte certificates).

On Windows Server 2008 R2 there is a bogus self-signed cert named "thawte Primary Root CA". This conflicted with my new cert's chain of intermediate CAs (one of which is also named "thawte Primary Root CA") that was embedded in the Web SSL cert that I purchased from thwate.com. The new "thawte Primary Root CA" cert was an intermediate signed above by "Thawte Premium Server CA". (Yes, the so-called 'root' cert was really an intermediate.)

There is a Thawte Knowledge Base article that acknowledges the problem at https://search.thawte.com/s...

The Thawte KB article explains how to disable the old bad root cert "thawte Primary Root CA". However, the workaround in the KB article does not fix the problem. I had to physically delete the entire chain, including the self-signed root cert "thawte Primary Root CA", from my web server's certificate database. It was only after deleting the whole chain and re-importing it that the web server would publish the correct SSL certification chain to web browsers.

Metaljoe(2014-12-13)

I Had this problem on my laptop and could not fix cause the error was not showing all the error when clicking the link to see all the message. I had to hit the tab button to get all the message then was able to continue fixing this error. Strange but it worked.

kameswararao(2014-12-13)

This webpage has a redirect loop
The webpage at https://mail.google.com/mai... has resulted in too many redirects. Clearing your cookies for this site or allowing third-party cookies may fix the problem. If not, it is possibly a server configuration issue and not a problem with your computer.
Here are some suggestions:
Reload this webpage later.
Learn more about this problem.
Error 310 (net::ERR_TOO_MANY_REDIRECTS): There were too many redirects.

rasik.k.t(2014-12-13)

thanks forever....
i update my system time&date
then my problem....has gone

ari(2014-12-13)

#26 (Marty McGee) is the key to SSL Nirvana.

Follow that advice -

In Apache, my virtual host settings are now:

SSLEngine On
SSLCertificateFile conf/ssl/www.my-domain.com.crt
SSLCertificateKeyFile conf/ssl/www_my-domain_com.key
SSLCertificateChainFile conf/ssl/gd_bundle.crt ( this was the line I was missing)

Cheers!

Hameed(2017-11-10)

wow, i also missed that line, thanks for saving my hours :-)

Raadjy Skillz Henry(2018-07-07)

was missing this too!!! you sure it works fine?

Jay(2014-12-13)

Hi guys,

I'd like to add one point that you can check if you got "Untrusted Certificate" error (related to IIS web server).

Check that default website doesn't have https:// binding. If so, remove it because if you server has a single ip, it will conflict with a website in which you're trying to add ssl.

Thanks,
Jay

QMII Inc(2020-09-29)

Hi,
I am a developer and getting this error on installing ssl The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate. Learn more about this error. The fastest way to fix this problem is to contact your SSL provider. for www.qmii.com and www.ijurugsoft.com, and srisriayurvedahospital.org. Any way to quick fix. Its lets encrypt certificates. thanks

Save

Advertisement • Hide