Good day!
I think that almost every user (especially recently) has encountered an error in the browser stating that the certificate of such and such a site is not trusted, and a recommendation not to visit it.
On the one hand, this is good (after all, the browser, and in general the popularization of such certificates, ensures our security), but on the other hand, such an error sometimes pops up even on very well-known sites (on the same Google).
The essence of what is happening, and what does it mean?
The fact is that when you connect to a site on which the SSL protocol is installed, the server sends a digital document to the browser ( certificate ) that the site is genuine (and not a fake or a clone of something there ...). By the way, if everything is fine with such a site, browsers mark them with a "green" lock: the screenshot below shows how it looks in Chrome.
However, certificates can be issued, as well-known organizations (Symantec, Rapidssl, Comodo, etc.) , and in general anyone. Of course, if the browser and your system "do not know" who issued the certificate (or there is a suspicion of its correctness), then a similar error appears.
Those. I lead to the fact that both completely white sites and those that are really dangerous to visit can fall under the distribution. Therefore, the appearance of such an error is a reason to take a close look at the site address.
Well, in this article I want to point out several ways to eliminate such an error, if it began to appear even on white and well-known sites (for example, on Google, Yandex, VK and many others. You will not refuse to visit them?).
*
How to fix the error
1) Pay attention to the website address
The first thing to do is just pay attention to the website address (you may have typed the wrong URL by mistake). Also, sometimes this happens due to the fault of the server on which the site is located (perhaps, in general, the certificate itself is simply outdated, because it is issued for a certain time). Try visiting other sites, if everything is OK with them - then most likely the problem is not with your system, but with that particular site.
Example of error "The site's security certificate is not trusted"
However, I note that if the error appears on a very well-known site that you (and many other users) fully trust, then there is a high probability of a problem in your system ...
2) Check the date and time set in Windows
The second point - a similar error can pop up if your system has an incorrect time or date. To correct and clarify them, just click on the "time" in the Windows taskbar (in the lower right corner of the screen). See screenshot below.
Date and time setting
After setting the correct time, restart your computer and try to reopen the browser and the sites in it. The error should be gone.
I also draw your attention to the fact that if your time is constantly getting lost, you probably have a low battery on the motherboard. It looks like a small "tablet", thanks to which the computer remembers the settings you entered, even if you disconnect it from the network (for example, are the same date and time somehow calculated?).
Battery on PC motherboard
3) Try updating your root certificates
Another option for how you can try to solve this problem is to install an update for root certificates. Updates can be downloaded from the Microsoft website for different operating systems. For client operating systems (i.e. for ordinary home users), these updates are suitable: //support.microsoft.com/
4) Installing "trusted" certificates into the system
Although this method is working, I would like to warn you that it "can" become a source of problems in the security of your system. At least, I advise you to resort to this only for such large sites as Google, Yandex, etc.
To get rid of the error associated with the inaccuracy of the certificate, a special one should come up. package GeoTrust Primary Certification Authority .
You can download GeoTrust Primary Certification Authority from the website: //www.geotrust.com/resources/root-certificates/index.html
By the way, there are several more certificates on this page, they can also be added to the system.
By the way, to download GeoTrust Primary Certification Authority:
- right-click on the download link and select the "save link as ..." option;
Save link as ...
- then specify the folder on the disk where the certificate will be downloaded. This will be a PEM format file.
PEM file extension
Now you need to install the downloaded certificate into the system. How to do this, I'll tell you the steps below:
- first press the combination of buttons Win + R, and enter the commandcertmgr.msc, click OK;
- Windows CA should open. You must expand the tab Trusted Root Certification Authorities / Certificates, right-click on it and select "All tasks - import".
Importing a certificate
- then the certificate import wizard will start. Just click "Next".
Certificate Import Wizard
- then click the "Browse" button and specify the certificate we downloaded earlier. Click "Next" (example is shown below);
We indicate the certificate that was uploaded
- in the next step, specify that the certificates should be placed in trusted certification authorities and click "Next".
Put certificates into trusted ones. Further
- in the next step, you should see that the import completed successfully. Actually, you can go check how the site will be displayed in the browser (you may need to restart your PC).
5) Pay attention to anti-virus utilities
In some cases, this error may occur due to the fact that some program (for example, antivirus) checks https traffic. This sees the browser that the received certificate does not match the address from which it was received, and as a result, a warning / error appears ...
Therefore, if you have an antivirus / firewall installed, check and temporarily disable the https traffic scanning setting (see an example of AVAST settings in the screenshot below).
Avast - basic settings (disable scanning of https traffic)
*
That's all for me ...
For additions on the topic - a separate merci!
All the best!
