Solution for certain Windows SSL cert errors

Just an FYI on some of the Windows SSL certificate issues. I’ve seen some different variations or issues on here with browser security issues with the cert and also that support couldn’t duplicate the issue. I think I have found at least one particular case why.

If you get an security issue with the certificate in Chrome or Edge, and if the error is ERR_CERT_AUTHORITY_INVALID in the dev tools security tab - and the cert appears in windows certmgr under Trusted Root Certification Authorities/Certificates, the issue can be resolved by completely exiting chrome or edge and restarting. (wouldn’t hurt to first remove and re-trust the cert as well)

The problem, is, Chrome and Edge caches the CA certs until restart. So it it changes for whatever reason, it will not work. This drove me insane. I spent a long time down a rabbit hole because I thought something was wrong with the nginx config, or the Local cert generation itself. But as it turns out that’s all fine and it’s just a quirk of the caching behavior. Most likely Chrome doesn’t expect root certs to change that often…

You can test this behavior:
If you have a site that works properly with the cert, remove the CA cert from certmgr. Note the the site will STILL work, in the current tab, or a new tab or window. Close the browser and reopen. You’ll get the security issue now. Next trust the cert again. You’ll still have the security error until you restart the browser.

I’m not sure what happened to other people’s CA certs - but in my case I did it to myself. I was using Local for windows and also then on WSL. I removed the cert from certmgr to install one (for the same domain) generated from the WSL instance. Since the old windows one was cached, I could never get a secure connection to WSL, since I never restarted the browser. (which is rare with the number of tabs I usually have open).

Anyway, hope that helps someone - it may be as easy as to just trust the cert and then restart your browser!



Yeah, I know… I’ll show myself out.

1 Like

lol, thanks fixed it


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.