Home » Quick Tips

This Connection Is Untrusted – Part 2

Posted 25 Mar 2011 | Comments Off on This Connection Is Untrusted – Part 2 | 1,979 views

Web browsers will complain when they can not validate a SSL certificate. In the past, I’ve written about the untrusted connection warnings related to unknown certificate authorities and certificate mismatches. I’d like to cover one more scenario – the warning that occurs right after purchasing a new SSL certificate.

The scenario is fairly common. A secure HTTPS website has been running for a while without issues. The SSL certificate is replaced because of a pending expiration, and now the browser complains about the certificate. It’s the dreaded This connection is untrusted warning. Of course, the certificate was purchased from a first tier certificate authority so the warning is a mystery, especially the old certificate was from the same CA.

The most probable cause for the error is that the CA has updated their signing certificates, and the browser is not aware of the new signing certificates. This is a frequent problem with older browser versions that are not aware of updated certificate chains.

For example, you may have found that your browser does not trust your new GeoTrust certificate. If you inspect the certificate carefully, you’ll find that you need both the GeoTrust SSL CA and the GeoTrust Global CA signing certificates to complete the certificate chain. After downloading both of these from the GeoTrust website and installing them, the warning goes away.

How do you avoid this? The answer is easy. Make sure that your browser is current. All of the major certificate authorities plan well in advance to make sure that their updated signing certificates are included in the latest browser releases.

Comments are closed.