0Pricing
Cryptology Academy · Lesson

TLS Certificate Warnings and What to Do

Learn to interpret browser certificate errors and decide when to proceed vs when to leave.

Expired Certificate Warning

NET::ERR_CERT_DATE_INVALID appears when a certificate's validity period has ended. The "Not After" date in the certificate has passed. This warning is typically a server administration error: the administrator forgot to renew the certificate.

An expired certificate provides no security guarantee because the CA has stopped vouching for the certificate's validity. While the site may still be the legitimate site, the certificate infrastructure has broken down.

Unknown CA Warning

NET::ERR_CERT_AUTHORITY_INVALID appears when the certificate was signed by a CA not in the browser's trusted root store. This occurs with self-signed certificates, certificates from internal corporate CAs, or certificates from small CAs not included in major root programs.

Browser root programs (Mozilla, Google, Apple, Microsoft) maintain strict lists of trusted CAs. A CA must meet extensive audit requirements to be included. Certificate from non-included CAs trigger this warning.

All lessons in this course

  1. The Padlock Icon: What It Really Means
  2. How Websites Get SSL Certificates
  3. TLS Certificate Warnings and What to Do
  4. HTTP Downgrade and Mixed Content Risks
← Back to Cryptology Academy