This ultimate resource on 10 common security certificate errors will help you eliminate these issues from your site
Become an SSL security certificate error buster! Today, we’ll look at 10 of the most common security certificate error messages you’ll see in Chrome, Firefox, and OpenSSL. Each resource:
- explains what the HTTPS certificate error is,
- shows you what it looks like in up to two of the major browsers, and
- provides solutions for how to fix it and eliminate it from your website.
Guide to 10 Security Certificate Error Issues and How to Fix Them
Click on the relevant SSL certificate error in the table below. Each link will direct you to a detailed resource on that specific security certificate error code and provide solutions on how to resolve it quickly.
| Category | Security Certificate Error Code | What This Security Error Means |
| 1. Expired Certificate | Chrome: NET_ERR_CERT_DATE_INVALID Firefox: SEC_ERROR_EXPIRED_CERTIFICATE OpenSSL: X509_V_ERR_CERT_HAS_EXPIRED | The certificate is expired, and data may be compromised. |
| 2. Revoked Certificate | Chrome: NET:ERR_CERT_REVOKED and NET_ERROR(CERT_REVOKED, -206) and Firefox: SEC_ERROR_REVOKED_CERTIFICATE OpenSSL: X509_V_ERR_CERT_REVOKED | SSL/TLS revocations can stem from misconfigurations, key compromises, certificate misissuance issues, fraudulent certificate uses, etc. |
| 3. Untrusted Certificate Authority | Chrome: NET::ERR_CERT_AUTHORITY_INVALID or ERR_CERT_AUTHORITY_INVALID (-202) or ERR_SSL_SERVER_CERT_BAD_FORMAT Firefox: SEC_ERROR_UNKNOWN_ISSUER OpenSSL: X509_V_ERR_OCSP_CERT_UNKNOWN | The SSL/TLS certificate is expired, you’re using a self-signed certificate, or the certificate isn’t correctly installed. |
| 4. Certificate Misconfiguration | Chrome: NET::ERR_CERT_COMMON_NAME_INVALID or ERR_CERT_COMMON_NAME_INVALID (-200) Firefox: SEC_ERROR_CERT_NOT_IN_NAME_SPACE OpenSSL: X509_V_ERR_HOSTNAMEMISMATCH | The error can be caused by a domain name mismatch, a redirection issue, a wildcard problem, or the use of a self-signed certificate. |
| 5. Weak Algorithm | Chrome: NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM or ERR_CERT_WEAK_SIGNATURE_ALGORITHM (-208) Firefox: SEC_ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED OpenSSL: X509_V_ERR_CA_MD_TOO_WEAK | The certificate is using an outdated, insecure hash algorithm. |
| 6. Public Key Pinning Issue | Chrome: NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN Firefox: Error code: MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE | The public key doesn’t belong to the pinned certificate or hasn’t been pinned. |
| 7. Certificate Transparency | Chrome: ERR_CERTIFICATE_TRANSPARENCY_REQUIRED Firefox: MOZILLA_PKIX_ERROR_INSUFFICIENT_CERTIFICATE_TRANSPARENCY OpenSSL: X509_V_ERR_INVALID_CA | Your website uses an SSL/TLS certificate that isn’t on the public certificate transparency logs. |
| 8. Protocol or Cipher Problem | Chrome: ERR_SSL_VERSION_OR_CIPHER_MISMATCH (formerly SSL_OBSOLETE_VERSION) Firefox: Error code: SSL_ERROR_NO_CYPHER_OVERLAP OpenSSL: X509_V_ERR_SIGNATURE_ALGORITHM_MISMATCH | The available SSL protocol version or cipher suite is too old, or the website doesn’t support or use the SSL protocol. |
| 9. Protocol Issue | Chrome: ERR_SSL_PROTOCOL_ERROR or ERR_SSL_VERSION_INTERFERENCE (NOTE: This second error code is an old one Google has now removed) Firefox: Error code: SSL_ERROR_UNSUPPORTED_VERSION OpenSSL: TLS_PROCESS_CLIENT_HELLO:UNSUPPORTED PROTOCOL | Your server supports only TLS 1.3, or there’s an incompatibility issue between the browser and the website. |
| 10. Unsecure Connection | Chrome: ERR_SSL_UNRECOGNIZED_NAME_ALERT Firefox: Error code: SSL_ERROR_UNRECOGNIZED_NAME_ALERT | The browser doesn’t recognize your SSL certificate or the website isn’t configured to load over HTTPS. |
Final Thoughts About How to Fix the Most Common Security Certificate Error Messages
A security certificate error can impact your reputation and credibility as a website owner. If not fixed, this issue can compromise the security of your customers and leave your in-transit data vulnerable. The solutions mentioned in this article will help you correctly identify the root cause and fix the SSL error.
Pro tip: Be proactive. Use only publicly trusted SSL/TLS certificates obtained from a publicly trusted CA or an authorized reseller like CheapSSLsecurity.com. This simple action will help reduce the risk of getting a security certificate error in the first place.
