NET ::ERR_CERT_INVALID error in Google Chrome when visiting websites using a private (Root) certificate

We were introduced with a rather strange issue where a website using an internal URL with an SSL certificate was deemed invalid by Google Chrome for about 30% of the company.

Both the website and root certificates are not expired and available through the Windows Certificate Store. Microsoft Edge and Microsoft Internet Explorer (I know, sorry!) did not show any issues while visiting the same websites.

After spending a fair amount troubleshooting this issue, I bumped into a Chromium blog post which announced the launch of the Chrome Root Program in September 2022. This program gave Google Chrome its one certificate store which contains certification authorities (CA) that Chrome considers as safe. Our private CA was naturally not part of this list, so our internal websites are considered unsafe.

Luckily Google was so kind to give us the option to disable the Chrome Root Store, making our internal websites available again. This can be done by create a DWORD registry entry.

Open the registry editor (start –> run –> regedit) and add the following.
Path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
New DWORD (32bit) entry: ChromeRootStoreEnabled
Value: 0

You can verify the setting by restarting Chrome and going to the Chrome policies (chrome://policy/)
The policy ChromeRootStoreEnabled is shown with the value false.

CAUTION: This document includes instructions for modifying the registry on your computer. Modifying the registry improperly can result in Windows becoming corrupted. You should only attempt these directions if you have your data backed up and are willing to risk creating additional problems. You should also back up the Windows registry before attempting any changes.

0 thoughts on “NET ::ERR_CERT_INVALID error in Google Chrome when visiting websites using a private (Root) certificate

Leave a Reply

Your email address will not be published. Required fields are marked *