How do I deal with NET:ERR_CERT_AUTHORITY_INVALID in Chrome?

NET::ERR_CERT_AUTHORITY_INVALID message in Chrome

My work place intercepts SSL connections, looks at their contents, and then passes the data to and from my machine and remote hosts - a kind of man-in-the-middle attack. This is not uncommon in corporate or enterprise environments. Now I have a virtual machine running on my computer. The virtual machine does not have the certificates the actual machine has which enable the MITM to work transparently. As a result, I get this message: What can I do to resolve this?

asked Jun 2, 2016 at 19:36 3,471 2 2 gold badges 22 22 silver badges 25 25 bronze badges Install the fake certificates on the virtual machine. Commented Jun 2, 2016 at 21:04

@Ƭᴇcʜιᴇ007: Corporate ID didn't want to touch the issue. Don't let the word "corporate" throw you, this is a perfectly legitimate question about certificate authorities.

Commented Jun 2, 2016 at 21:33 @Ramhound: The difficult I had was in finding said certificates. Commented Jun 2, 2016 at 21:34 In 2020 you can just go to chrome://flags and select "Insecure origins treated as secure" option Commented Dec 21, 2020 at 12:43

8 Answers 8

First thing's first:

DO NOT DO THE FOLLOWING IF YOU DO NOT TRUST THE CERTIFICATE ISSUER

Doing this allows a man-in-the-middle to see all of your communications. This fix should only be employed if you are in a situation which warrants it, not if you're sitting at a coffee shop and having problems connecting to things.

The first step is to acquire the certificate of the MITM.

To do so, click the little HTTPS lock and hit details:

Page details

Click "View Certificate" in the dialog that comes up.

Certificate details pane

Hit "Details" in the Certificate viewer and select the top certificate, which should be from an address other than the one you were trying to get to (see picture):

Certificate viewer

Then hit "Export" and save the certificate file.

Now, go to Settings → Advanced → Manage Certificates. → Authorities

Settings menu

And hit "Import". Select the certificate file you saved previously and hit all of the check boxes that appear, authorizing it to certify everything.