SSL Error: Your Certificate Is Not Trusted – How to fix it
Why you may be getting an SSL Certificate error and how to fix it when you do
With cybercrime becoming more prevalent and more sophisticated, users all across the internet have become more vigilant when it comes to looking out for their own safety. The average internet user is now more likely to look for visual indicators like the green “https” and the padlock in the address bar, or site seals on homepages.
That means getting an invasive browser warning about your SSL Certificate not being trusted is now even more damaging to your website. The vast majority of internet users are not going to continue on to a site when a browser tells them it’s unsafe. That’s why it’s vital to understand what causes these errors and know how to fix them.
First a brief overview of what the SSL Error – the problem that causes you to get a warning about an untrusted certificate – even is. SSL is a protocol used to encrypt information being sent to a web server from a web browser. Without encryption, this information would be sent unprotected and could be stolen or manipulated by any interested third party. When you get the SSL error, the browser is literally telling you that something has prevented your computer from being able to initiate a secure session with the website you’re attempting to visit.
This can happen for a number of reasons:
- The certificate is not issued by a recognized third party – The browsers only trust a handful of certificate authorities to issue SSL certificates and validate their recipients. While anyone can issue an SSL certificate, the browsers will only recognize one from a trusted CA.
- The Site’s Certificate is not up to date – SSL Certificates have a lifespan of 1-3 years. At the end of this period they have to be renewed or else they cease working. If you visit a site with an expired SSL Certificate – or if your computer’s internal clock is off – you may get the SSL error because of that.
- The connection between the browser and the website might not be secure – Sometimes you may be on public wifi or have an internet connection that is, itself, unsecure. This can cause your browser to give you the SSL error.
How to Fix an SSL Error
Fortunately, there are plenty of ways to fix an SSL error, everything from simply making sure your system’s time and data settings are correct all the way up to making smart choices about which CAs to buy from and making sure that you install your certificate correctly.
It’s very important that you go with a trusted Certificate Authority when selecting an SSL Certificate. Not only do trusted CAs guarantee that the browsers will recognize your certificate and facilitate an encrypted connection with your site, but trusted CAs also tend to have a better level of support as well.
While it may seem like an attractive option to go with a free DV cert, as is being offered by a number of vendors, you may want to think twice about it given the lack of support generally being offered alongside them. If you buy an SSL Certificate from a CA like Comodo, not only is it guaranteed that the browsers will trust the certificate, you also have the comfort of knowing support is there to assist you should any errors occur. If you went with Let’s Encrypt and the browser starts giving you trouble, good luck sifting through old forum posts looking for a fix.
In addition to choosing a higher quality SSL Certificate from a trusted CA, it’s also vital that you make sure you install it correctly on your server. Some CAs require you to chain intermediate certificates with root certificates, it can be a complex process – another reason why it’s good to select a CA that offers customer support – and it’s vital that it be done correctly so that the website can be served over HTTPS and avoid browser errors.
The SSL Error can be extremely dangerous to a website. You never want to give potential visitors a reason not to come to your site. But, it’s also a fairly easy problem to fix if you know the cause. If you get an SSL error, don’t panic. Just check to make sure your certificate isn’t expired, that it’s installed properly and remember—make sure to go with a trusted CA.