How to solve Certificate_Verify_Failed error?

Encountering the Certificate_Verify_Failed error while browsing can be frustrating, especially when accessing secure websites that require an SSL certificate. This error usually happens when there is an issue verifying the authenticity of the website’s SSL certificate, which prevents your browser from establishing a secure connection.

In this guide, we will walk you through the reasons behind the Certificate_Verify_Failed error and provide step-by-step solutions for fixing it on Google Chrome, Firefox, and other browsers. Let’s get started!

What is the Certificate_Verify_Failed Error?

The Certificate_Verify_Failed error is typically caused when the browser is unable to verify the SSL certificate of a website. SSL certificates ensure secure communication between the browser and the server, and when the certificate cannot be verified, it results in an error. This can be caused by several issues such as:

• Expired SSL certificates.
• Mismatched domain names in the certificate.
• Untrusted Certificate Authorities (CAs).
• Problems with the intermediate certificate chain.
• Incorrect system date or time.

The error may appear in various browsers with slightly different messages, but it commonly appears as:

• “Certificate_Verify_Failed”
• “SSL Certificate Error”
• “Your connection is not private”

Why Does the Certificate_Verify_Failed Error Happen?

The Certificate_Verify_Failed error can occur for several reasons:

1. Outdated or Expired SSL Certificate: SSL certificates have an expiration date. If the certificate is outdated, browsers will not accept the website’s connection.
2. Untrusted Certificate Authority (CA): If the certificate is signed by an untrusted or self-signed certificate authority, browsers will fail to verify the certificate.
3. Mismatched Domain Name: If the SSL certificate does not match the domain name of the website, it leads to a verification failure.
4. Intermediate Certificate Issues: Sometimes, intermediate certificates that link the website’s SSL certificate to the trusted root certificate authority are missing or incorrectly configured.
5. System Time and Date Issue: If the system’s time and date are incorrect, SSL certificates may not be verified correctly, leading to errors.

How to Fix the Certificate_Verify_Failed Error

Let’s walk through various methods for fixing the Certificate_Verify_Failed error. The solutions can vary based on whether you are a user encountering this error while browsing or the website administrator.

Fixing the Certificate_Verify_Failed Error as a User

1. Check and Update the System Date and Time

Incorrect system date and time are one of the most common causes of SSL certificate verification errors. SSL certificates are time-sensitive, and if your computer’s date and time settings are incorrect, SSL verification will fail.

Steps:

• For Windows: Right-click on the time in the taskbar > Adjust Date/Time > Enable Set time automatically and Set time zone automatically.
• For Mac: Go to Apple menu > System Preferences > Date & Time > Check the option for Set date and time automatically.

Once the system time is fixed, restart your browser and try loading the website again.

2. Clear Browser Cache and Cookies

Sometimes, cached data or cookies may be causing the issue. Clearing your browser’s cache can resolve the Certificate_Verify_Failed error.

Steps for Google Chrome:

1. Open Google Chrome and click on the three vertical dots (menu) in the top-right corner.
2. Go to More tools > Clear browsing data.
3. Select Cookies and other site data and Cached images and files.
4. Click Clear data.

Steps for Mozilla Firefox:

1. Click on the three horizontal lines (menu) in the top-right corner.
2. Go to Settings > Privacy & Security.
3. Under Cookies and Site Data, click on Clear Data.
4. Select Cookies and Site Data and Cached Web Content, then click Clear.

3. Disable SSL Scanning in Antivirus Software

Some antivirus programs have SSL scanning features that may interfere with SSL certificate validation, causing the Certificate_Verify_Failed error. Disabling this feature temporarily may resolve the issue.

Steps:

1. Open your Antivirus Software (e.g., Norton, McAfee, etc.).
2. Look for SSL scanning or HTTPS scanning settings (this might be under Web Protection or Advanced Settings).
3. Disable SSL scanning temporarily.
4. Restart your browser and try visiting the website again.

4. Check for Browser Updates

Ensure your browser is up to date, as older versions may lack support for modern SSL/TLS protocols, leading to errors.

Steps for Google Chrome:

1. Click the three dots in the top-right corner of Chrome.
2. Go to Help > About Google Chrome.
3. Chrome will automatically check for updates and install them.
4. Restart Chrome and check if the error is resolved.

Steps for Mozilla Firefox:

1. Click the three horizontal lines in the top-right corner.
2. Go to Help > About Firefox.
3. Firefox will check for updates and install them.
4. Restart Firefox and check if the error persists.

5. Manually Add the Certificate (For Self-Signed Certificates)

If you encounter this error on a website with a self-signed certificate, you can manually add the certificate to your trusted store.

Steps for Google Chrome:

1. Click on the Not Secure warning next to the URL.
2. Click Certificate and then Export the certificate to a file.
3. Open the Windows Certificate Manager by typing certmgr.msc in the Start menu.
4. Import the exported certificate into the Trusted Root Certification Authorities store.

This process may vary slightly depending on the operating system and browser.

Fixing the Certificate_Verify_Failed Error as a Website Administrator

If you’re the website administrator, here are some steps you can take to resolve the Certificate_Verify_Failed error for your visitors:

1. Renew or Replace Expired SSL Certificates

If your SSL certificate has expired, browsers will fail to verify it, causing the Certificate_Verify_Failed error. Make sure your SSL certificate is renewed before it expires.

Steps:

• Log in to your Certificate Authority (CA) account.
• Renew or replace the expired certificate.
• Install the new certificate on your server.

2. Ensure Correct Certificate Chain

Ensure that the full certificate chain, including any intermediate certificates, is properly configured on your server. Missing intermediate certificates can cause SSL verification errors.

Steps:

• Check the full certificate chain using SSL tools like SSL Labs’ SSL Test.
• Install any missing intermediate certificates.
• Restart your web server to apply the changes.

3. Verify Domain Name in SSL Certificate

Ensure that the SSL certificate’s domain name matches the domain of your website. If the domain name in the certificate is incorrect or does not match, browsers will fail to verify the SSL certificate.

Steps:

• Check your certificate’s Common Name (CN) and Subject Alternative Name (SAN) fields to ensure they match your domain name.
• If they do not match, issue a new certificate with the correct domain.

4. Update Your Server’s SSL/TLS Configuration

Make sure your server is configured to support modern SSL/TLS protocols like TLS 1.2 and 1.3. Older protocols may be incompatible with newer browsers.

Steps:

• Disable old protocols like SSLv2 and SSLv3.
• Enable TLS 1.2 and TLS 1.3 on your server.
• Ensure that your server supports strong cipher suites.

Conclusion

The Certificate_Verify_Failed error is a common SSL issue that occurs due to a variety of reasons, including expired certificates, mismatched domain names, and misconfigured server settings. Whether you’re a user or a website administrator, understanding the root causes and following the solutions outlined in this guide can help you resolve the error and ensure a secure browsing experience.

By updating your system time, clearing your browser cache, and ensuring that your server is correctly configured with a valid SSL certificate, you can easily fix the Certificate_Verify_Failed error and enjoy safe, secure web browsing.