[Solved] Security Error Untrusted Server Certificate
An untrusted Server Certificate error is usually triggered when there is some anomaly identified in the way a website or an application handles your data. This commonly happens when your home or enterprise network is not configured properly.
In today’s environment where work from home is becoming more common, WiFi or VPN connections also tend to cause this error. There is, however, a chance that it is an attempt by hackers to initiate a man-in-the-middle attack. To mitigate that risk, it’s important that we understand the basics of what a server certificate is, as well as some of the common security errors of untrusted server certificates and how to solve them.
What is a Server Certificate
Server certificates, also known as SSL certificates, are certificates that are used to verify the identity of a server for anyone who is trying to access it. The two most widely used types of server certificates are a RADIUS server certificate and a web server certificate.
An SSL certificate, when installed on a website, converts the protocol on the website to HTTPS from HTTP, an indicator that guarantees the authenticity of the website. Additionally, it also helps in encryption, thus keeping the information secure from potential hackers. The common name (CN) on RADIUS server certificates assures the connecting device that they are connected to the right server.
In this article, we will focus on the security error for server certificates and their fixes.
Security Warning: Untrusted Server Certificate
“Your connection is not private. Attackers might be trying to steal your personal or financial information from website/applicationname. This server could not prove that it is website/applicationname.”
This is an example of a message that will display when there is a security warning for an untrusted server certificate. The error message will contain additional details regarding the error message like-
- Failed revocation check,
- Untrusted certificate authority (CA)
- Invalid certificate or associated chain
- The name on the certificate is incorrect
This information can help you understand the root cause and to resolve the error. The steps to check this information are as follows.
How to Check Untrusted Server Certificate Errors
There are two steps to determine the type of the error message in order to understand how to fix it. To explain these steps, we take the example error “Untrusted server certificate error due to CN being incorrect.”
- Click on “advanced” and you get a detailed message about the error. For example, “This server could not prove that it is www.rightserver.com. Its security certificate is from www.right-server.com. This may be caused by a misconfiguration or an attack intercepting your connection.”
- Click on the padlock>Details>View Certificate to get details on the certificate like the CN that is assigned to the certificate. Online SSL checkers will give you information on what is wrong with the certificate. It will have the message-” None of the common names in the certificate match the name that was entered (www.rightserver.com). You may receive an error when accessing this site in a web browser. Learn more about name mismatch errors.
Types of Error Messages of Untrusted Server Certificate Errors
Name Mismatch Error
A name mismatch error means the CN (Common Name is provided as input to indicate the domain name of the server that you are hosting) or the domain name in the certificate does not match the address on the address bar of the browser.
For example, if a certificate has the common name www.right-server.com and the domain name that you are trying to access is www.rightserver.com then the error that you get is a name mismatch error.
SSL Certificate Not Trusted Error
This usually means that the domain name in the certificate is not a match to the URL typed in the browser. This error could be triggered by simple factors for example your certificate is registered for www.examplesite.com and you typed https://examplesite.com.
Expired Certificate Error
This error could pop up primarily because of two reasons, the system date, time, month, or year does not match the expiry date on the certificate or the certificate has expired. Issuing a certificate and forgetting to renew it before it is due to expire is a pretty common mistake with self-managed certificates.
Certificate Revoked Error
This error could mean your certificate has been rocked by your certificate CA or a wrong key was issued. This could also be because the website acquired the certificate using false credentials either in error or intentionally. It is always safe to check with your CA when you get this error message.
How to Fix Untrusted Server Certificate Errors
Once you determine the details of the error, there are two primary ways you can apply to fix the issue.
Check for Time-Misalignment
Oftentimes, certificate issues are due to time misalignment. When the time and date of your machine are different than what the system expects, the certificate will show an error. This may happen if your machine is set up to use a Network Time Protocol (NTP) Server that is local and you are trying to access the network from your home using a WiFi connection. Most machines nowadays are configured with a widely used NTP and you may face an issue with them because of a change in the time zone if you are traveling.
You can try to fix this problem by changing the time and date settings, then rebooting your system before trying to access your network.
To change the time and date settings for Windows machine or Google Chrome, follow the below steps:
- Right-click on the “Time & Date” that is on the bottom left section of the taskbar in your machine.
- Turn off the “Set time automatically” & “Set time zone automatically” options.
- Click the “Change” option under “Change date & time” to select the correct time, date, month, and year.
- Open “Services” from the search menu bar.
- Go to “Windows Time” and select the option “Automatic” from the drop-down for the option “Start-up Type” in the “General” section.
- Click ‘Start” under ‘Service Status” click on “OK” and then “Apply”
- Right-click on Windows Time and Start/Restart the Service. Once it is complete, reboot your computer to see if the error is fixed.
If the issue occurs when the machine has the correct time, it may be because of the network security infrastructure. In that case, try this next solution:
Resolve Untrusted Certificate
If the first step of checking and correcting the system time is not helpful, and you are trying to connect to an enterprise network, you will need to contact your IT administrator to resolve the issue. Depending upon the network infrastructure policies of your company, here are a few options your IT admins opt to resolve untrusted certificates.
- Procure and install a signed and trusted certificate. They would then apply this on your devices to resolve the untrusted server certificates.
- If the certificates are self-managed by your company’s IT, then they will try to fix the error by editing the certificate attributes.
- They may ask you to click “Trust Anyway” and continue connecting to the application or website.
Eliminate Untrusted Server Certificate Errors with SecureW2
Certificates are undoubtedly the most secure way to authenticate a user to an application, a website, or a network. For them to be an effective mechanism for network security, they require a not insignificant amount of infrastructure on the backend. Setting up a robust Public Key Infrastructure (PKI) requires detailed planning and in-depth knowledge which could be difficult without prior experience. Distributing those certificates to devices, managed or BYOD can be nearly impossible to scale without an onboarding solution.
SecureW2 offers simplified and easy-to-implement solutions that make the entire certificate lifecycle management process seamless. Our JoinNow MultiOS solutions are most trusted by our customers. SecureW2 solutions automate the entire process of certificate configuration and eliminate the need for a configuration guide. Talk to our industry experts to know more about our solutions.