Bobcares

Could Not Establish Trust Relationship for the SSL/TLS error

by | Jan 30, 2023

Wondering how to resolve could Not Establish Trust Relationship for the SSL/TLS error? Our Server management Support team is here to lend a hand with your queries and issues.

Could Not Establish Trust Relationship for the SSL/TLS error

Here are the main causes of the “Could not establish trust relationship for the SSL/TLS Secure Channel with Authority” message:

  • Self-signed certificates: These certificates are often generated for free. However, they don’t provide as much trust as commercial certificates.
  • Expired certificates: Most SSL certificates are only valid for a year. Therefore, you’ll need to renew your certificate as it nears its expiration date.
  • Certificates not signed by a trusted Certificate Authority (CA): Like self-signed certificates, a lesser-known certificate provider might not be trusted by every browser.
  • Free SSL certificates: There are a few free CAs, but sometimes their root certificates must be manually imported into your browser to clear the error.
  • Certificates that are missing a chain/intermediate certificate: Most trusted certificates ask you to install at least one other chain/intermediate certificate to link your SSL certificate to a trusted source. However, this process depends on the browser you use. For example, Internet Explorer can automatically download intermediate certificates, but Mozilla Firefox can’t.

The “Could not establish trust relationship” error often signifies that your SSL certificate is invalid.

Today, let us see the steps followed by our support techs to resolve Trust Relationship for the SSL/TLS error

Step 1: Check the Certificate Errors

Firstly, you’ll need to find the cause of the error. This process will differ depending on the browser you’re using to access the website.

For instance, in Safari, you can click on Show Details to find out what’s behind the warning message. Then, you can proceed to the website or view its certificate:

If you select the latter option, you will sometimes see the root cause of the issue. In the example below, you can see that the website is using a self-signed certificate that hasn’t been verified by a third party:

However, in Chrome, this process is slightly different. Instead, you’ll head to the Not Secure warning in the search bar:

Click on the warning message to identify the general issue (although you likely won’t find the root cause at this stage). Here, you can simply see that the website’s certificate is not valid:

If you click on Certificate is not valid, a popup will appear where you can find out more details about the error. For instance, you can see the issue and expiry dates, as well as find the CA that verified the certificate.

Below, you can see that the SSL certificate has expired:

If you switch to the Details tab, you can view the certificate’s serial number, the signature algorithm, and the public key information.

Whichever browser you’re using, it’s essential to identify the error’s root cause before moving on to the next step. Otherwise, you might waste your time on ineffective troubleshooting methods.

Step 2: Try General Troubleshooting Tips

Before tackling the error with more specific measures, we recommend trying some general troubleshooting tips first. It’s easy to overlook simple things that you might not realize are affecting your browser or system

On Mac, you’ll need to head to your System Preferences and then select Date & Time:

To make any changes, you can hit the lock icon at the bottom of the popup:

You can either select your time zone using a map or manually input the correct information on this page.

Another common issue is that your browser or system has not been updated. Running old software can cause glitches. Plus, it can make your site more vulnerable to security breaches.

To check whether your Mac is up-to-date, visit System Preferences. Then, click on Software Update:

You can also check that your browser is up-to-date. You can find this information in Google Chrome by clicking on the three dots within your browser. Then, hover over Help to access the dropdown menu and click on About Google Chrome:

Chrome will automatically start checking for updates:

Then, relaunch the browser to conclude the update. Remember that this process will be slightly different if you’re working with a browser other than Chrome.

Step 3: Identify the Best Solution for Your Error

The resolution to your error will depend on the cause you identified in the first step of this tutorial. Here are four common scenarios!

Your Domain Name Doesn’t Match the Name on the Certificate

Typically, this occurs when the common name on the SSL certificate doesn’t match the domain/URL in your browser’s search bar. You can find the common name (hostname) of the certificate by viewing the certificate and expanding the Details section:

Struggling with downtime and WordPress problems? Kinsta is the hosting solution designed to save you time! Check out our features

Under Common Name, verify that the name matches the URL that you use to visit the website. Sometimes, it can be as simple as missing the “www”.

Many websites include their domain names both with and without “www” so that browsers don’t penalize users who type the address differently. However, you’ll need a certificate that accommodates multiple domains.

If you find a disparity between the names and currently have a single-domain SSL certificate, you’ll need to get a new certificate issued. However, if you have a multi-domain certificate, you can add/remove Subject Alternative Names (SANs) to your certificate.

Your Certificate Has Expired

If you’re using an expired certificate, your visitors and website are more vulnerable to attacks. In fact, a hacker can take advantage of this situation by impersonating your site and stealing from visitors who land on it.

Therefore, if you find that your SSL certificate has expired, you’ll need to install a valid certificate to preserve authenticity and trust on your site. We also recommend setting up a future reminder to renew the certificate before it expires.

Your Certificate Root Authority Can’t Be Trusted

If the certificate authority can’t be trusted, you’ll need to add the certificate to the trusted store in your browser.

In Safari, you can do this for each website by clicking on View the certificate. Then expand the Trust section in the popup and scroll down to the part that reads When using this certificate:

Here, use the dropdown box to select Always Trust.

You can also modify all the certificates on your Mac system by clicking on the question mark icon in this popup. Then, hit Open Keychain Access for me:

Under System Roots, navigate to Certificates:

Here, you can view your certificates and manage the trust settings by right-clicking on the relevant certificate and selecting Get Info.

If you’re using Windows, head to the search menu and type in “mmc” to open Microsoft Management Control. Next, head to File > Add/Remove Snap-in:

Select Certificates and then click on Add:

Check the box for Computer account and then hit Next. In the following popup, choose Local computer and then click on Finish:

On the next screen, click on OK to exit.

Now, double-click on Certificates and find Trusted Root Certification Authorities. Right-click here, then hover over All Tasks and select Import:

This will open the Certificate Import Wizard. Click on Next, and then you can type in the filename you want to import or find the certificate on your computer

To finish adding an SSL certificate to the trusted root certification authorities on your computer, simply hit Next.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

In conclusion, our Support Engineers demonstrated how to resolve Could Not Establish Trust Relationship for the SSL/TLS error

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.