Google Chrome SSL Certificate Errors and Troubleshoot Guide

Step by step Fixing SSL Certificate Error for “ERR_SSL_PROTOCOL_ERROR” in Google Chrome

Google Chrome, an advanced web browser developed by Google in Sep-2008, is today the world’s most secure web browser & covers market shares of 48.26% of desktop users & 36.29% of mobile users. Google Chrome offers speed, security, and privacy to their users.

SSL Certificates are used to secure communication between a client (browser) and a server. If a website is secured with an SSL Certificate, that means the data entered is encrypted with high cryptographic algorithms and it is not accessible by others and no one can tamper with it.

Today, Google Chrome is more concerned about the security of its users; It will display an SSL certificate errors if there is a single mistake in a website.

Generally, a user may get an SSL certificate Error on Google Chrome that states: “Cannot connect to real domain-name.com”. You may also come across invalid  SSL certificate error.

SSL Certificate error in a browser is also known as Chrome SSL Connection Error.

Main reasons behind SSL Certificate Error on Google Chrome are:

1. The System Time is not the real-time.
2. The SSL certificate has Expired.
3. Google Chrome is not updated.
4. The SSL certificate is not Installed properly.
5. The SSL certificate is not issued by a Trusted Certificate Authority (CA) or a self-signed certificate is used to secure a website.
6. The website is secured with an outdated 128-bit SSL.
7. The website is secured with an outdated SHA-1 Algorithm.
8. Untrusted SSL Client Certificate error.

Troubleshoot Guide for SSL Certificate Errors on Google Chrome

Common Google Chrome SSL Certificate Errors and Troubleshoot Guide

1. System Time is not real-time

• If the system time is not set with real-time, Google Chrome will display an error.
• To avoid this error, set the system time with the real-time based on the location of your country.

2. SSL certificate is Expired

• If a website is running with an expired SSL Certificate, it may harm users and Google Chrome is not considering that website as secure.
• If you are the website admin, the solution to eliminate the error is to renew the SSL certificate or purchase a new SSL.
• If you are not the website admin, please contact the website admin about this concern.
• if a user wants to test whether the SSL Certificate is expired or not, or when the SSL was expired, use this free SSL Checker tool.

3. Google Chrome is not updated

• The user may get the error if the Google Chrome version is not updated. It is recommended to use the updated Google chrome version.
• In your Google Chrome, click on Options >>About Google Chrome, here you will get the information about the Google Chrome version. If the version is older it will ask you to update, which we highly recommend.

Technical Google Chrome SSL Certificate Error and Troubleshoot

4. SSL certificate not Installed Properly

• To load a website securely over the internet and to avoid browser errors, proper certificate installation must be performed. If the SSL certificate is not installed properly, Chrome will display the error.
• The solution to troubleshoot this error is: the website admin needs to install the SSL certificate properly into the web server. Or, the admin can read our SSL certificate installation guides based on the server here.

5. The SSL certificate is not issued by a Trusted CA (Certificate Authority) or a self-signed certificate is used to secure the website

• Google Chrome accepts SSL certificates issued by trusted CAs and self-signed SSL certificates with some limitations. As self-signed certificates are used for security testing purpose, its lifespan is 90 days. If the website is still using self-signed certificate after the lifespan period is completed, or the SSL not issued by trusted CA, Chrome displays the error.
• The best solution is to get a domain validated SSL certificate if the website is small or medium-sized. And if the website is a large sector business then organization validation SSL is the best option. Make sure the SSL certificate must be issued by a trusted CA.
• Note: The lifespan of the self-signed certificate may vary depends on Certificate Authority.
• Read the Google Chrome Root certificate policy for a better understanding on the trusted Certificate Authority.

6. A website is secured with outdated 128-bit encryption

Recently Google has announced that it will not consider a website as secured if it is secured with older 128-bit encryption. As Google’s security team found 128-bit encryption vulnerable and its security level is very lower compared with 256-bit encryption.

Solution:

• If you have already purchased an SSL with older 128-bit encryption, contact your Certificate Authority to reissue your certificate and create a new CSR with 256-bit encryption. After generating the CSR, reinstall your SSL certificate on your web server.
• If you are buying a new SSL certificate, generate the CSR with 256-bit encryption and install it on your web server.

7. A website is secured with outdated SHA-1 Algorithm

Google also announced that it is discontinuing support for less secured SHA-1 algorithm secured website and encouraging all website admin to switch to the secured SHA-2 algorithm.

The reason behind this switch from SHA-1 is its hash value; SHA-1 uses maximum 160bit hash value which higher the possibility of collision attacks. Whereas SHA-2 algorithm’s hash value is up to 512-bit which avoid the chances of collision attacks.

Solution:

• If your website is secured with the old SHA-1 algorithm the solution is to migrate your certificate from SHA-1 to SHA-2. Contact your certificate authority to reissue your certificate and create new CSR with the SHA-2 algorithm. After generating CSR reinstall your SSL certificate your web server.
• If you are buying a new SSL certificate, generate a CSR with 256-bit encryption and install it on your web server.

8. Untrusted SSL Client Certificate error

• CA/B Forum manages the guidelines and privacy policy for Certificate Authority and Browsers. As per their guideline, CA/B Forum member are only allowed to issue the SSL certificate for public/client.
• If your website is signed with an SSL which is not the member of CA/B Forum, your website will be considered as Untrusted in Google Chrome and it will display an error message as “The site’s security certificate is not trusted!”

How to Fix Untrusted SSL Client Certificate Error

• The only solution to fix the untrusted client certificate error message is; get the SSL certificate for your website from a genuine and trusted Certificate Authority which must be the member of CA/B Forum.
• Read the official Google guide to understand more on “what does security error untrusted server certificate mean in a browser?”.

For more information on the official Google statement to quit their support for the SHA-1 algorithm, read here.

Related Posts

• Your Connection is not Private Error – A Fixing Guide for all devices
• What is Mixed Content Error & How to Disable it on Chrome
• How to Fix ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error
• Apache Server: Common SSL Errors and Troubleshooting Guide
• Brief Account on SSL Certificate Technical Errors
• How to Get Rid of ERR_SSL_PROTOCOL_ERROR in Google Chrome Browser
• How to Fix NET::ERR_CERT_COMMON_NAME_INVALID
• How to Fix ERR_CERTIFICATE_TRANSPARENCY_REQUIRED Error in Chrome