Computer lessons

Ssl connection error how to fix on phone. SSL connection error, what should I do? How to fix SSL connection error

If the site has SSL installed, the page opens securely https protocol:

The green color in the address bar signals to users: personal data (bank card number, email account, password) will not be stolen here.

It’s annoying when a green traffic light turns red at the wrong time. It’s doubly annoying if, instead of a secure connection, you suddenly see on the website: SSL protocol error. Why this happened and how to fix and remove the SSL connection error, read below:

Check in advance

Make sure you don't confuse the SSL connection error with other problems. If your website stops opening in your browser, first check:

    Is a redirect from http to https configured for /;

    What domain is the SSL certificate installed on? An SSL certificate is registered for a specific domain. That is, if the certificate is installed on a domain and you accessed through the address shop., then an SSL error will be shown.

If you have a free SSL certificate installed, it only applies to the domain itself and the “www” subdomain: and www.. It does not work for other subdomains. If you need an SSL certificate on a subdomain, order a separate certificate for the subdomain:

If there are no problems with this, continue reading the article.

Why does the SSL error occur?

  • The system clock or calendar settings have gone wrong;
  • your antivirus program scans data transmitted via the HTTPS protocol and may block some traffic;
  • the settings of the browser itself have changed;
  • a malicious script is triggered.

SSL protocol error, what to do?

Below are 4 drop-down blocks. Each contains an answer to the question of how to correct the error depending on the cause.

System clock and calendar settings

If the time settings on the computer are lost, the browser will warn:

In Google Chrome

In Mozilla Firefox

The solution is simple: set the correct date. To prevent the error from recurring, enable synchronization with a time server on the Internet (system settings Dates and times).

Antivirus program settings

If everything is fine with the clock and the SSL error is still there, check your antivirus program settings. Most likely it includes "check https protocol". Check if it is enabled, the program will not accept or the certificate is protected Let's Encrypt. Try disabling the function and visiting the site again.

If the SSL error persists, disable your antivirus program and open the site. Did this solve the problem? Changing the utility will help.

If this does not help, do not forget to enable your antivirus program and look for the solution below.

Browser settings

  1. Open the site in another browser;
  2. Check if you are using the latest version of your browser. If not, update it to the latest and open the site again;
  3. This is probably a browser glitch. In this case, restart your browser and try to access the site again;
  4. If the problem persists, disable web antivirus components in the Extensions.

A radical way is to reset the settings to the original ones. Use it as a last resort.

You can also change your browser to Internet Explorer until the problem is resolved. There is no SSL error in this browser.

Sometimes an SSL error indicates a real threat: your browser is protecting you from online scammers. It is likely that your browser opens a clone site to which you are redirected.

If you suspect hostile interference, scan your computer with an antivirus program and remove any existing viruses.

If the problem remains after the listed options, contact a specialist who will diagnose the specific case, identify what the ssl connection error means and fix it.

SSL- this is the name of the cryptographic protocol that ensures the security of the communication connection.

When you receive an “SSL error” while browsing the Internet, this may indeed mean that someone is accidentally or deliberately trying to obtain the data you are sending to the Internet. But it’s not always worth being afraid and trying to fix an SSL error right away. Often, such an error can only mean incorrect browser settings, interception of connections by your own antivirus (the antivirus is mistaken for an attacker, and you shouldn’t be afraid of the data it receives), or in general there are problems not with you, but with the site you are trying to access.

If you still have the slightest doubt, it is better to reconnect to the Internet, log in from a different browser and check if the SSL connection error appears in this case.

Let's look at possible options for fixing SSL errors in specific situations.

How to fix SSL error in Google Chrome and Yandex browser.

So, you are unable to access this or that site - a problem with the security certificate “pops up”. As already mentioned, there is no need to worry - first, just reconnect and change the browser. If the error continues to appear, then:

  • Check that the Date and Time are set correctly on your computer;
  • Completely scan your computer for viruses;
  • Check your antivirus settings carefully. It has already been said that it is the antivirus that a “frightened” browser can often mistake for an attacker and rush to the owner’s defense. Usually the problem here is checking the https protocol, try to find it in your antivirus and disable it (if you don’t know where, help and search the Internet by the name of your antivirus program will help). In general, disabling this check will have virtually no effect on the functionality of your antivirus software. If the ssl error continues to appear, try disabling the antivirus altogether for a short time (if this doesn’t help, then it’s definitely not the problem, if it helps cure it, maybe it’s worth changing the security program).
  • Try updating your operating system and browser to the latest versions;
  • Try creating a new user in your operating system and accessing sites through him;
  • Try logging in from a different IP address or even a computer;
  • If you cannot fix the SSL error, try combining several of the above methods at once.

If all this does not help resolve the ssl error, you can disable SSL checking in the browser, but this may not be entirely secure. It’s better to study all the information about the suspicious site before doing this.

Resolving SSL errors on a tablet is a much more pressing issue than on a computer.

The fact is that, starting with Android 2.3, encryption algorithms on tablets have become noticeably weaker and the likelihood of them being decrypted by attackers (i.e. gaining access to your data) is much higher. This leads to a not very favorable situation:

  • firstly, SSL errors can very easily occur where in fact there is no danger;
  • secondly, on the contrary, truly experienced hackers can force the protocol to trust certificates where the danger occurs.

Basic security measures and error resolution are given above and many of them are suitable for tablets, but if you value the security of certain data, for now it is better to refrain from entering it on tablets unless absolutely necessary on suspicious sites.

SSL is a secure protocol used when visiting resources whose address begins with HTTPS. Data is transferred in encrypted form, and you don't have to worry about confidentiality. But if the certificate has expired or was not made properly, the web browser will show an SSL connection error when you try to open the site.

Causes

The failure may be caused by the server from which information about the site is requested, or by the computer running the browser. Usually the error appears in browsers running on Chromium: Google Chrome, Yandex.Browser, Opera, Comoda Dragon.

Mozilla Firefox reports this failure as "This connection is untrusted."

If the certificate works properly, then when you click on the padlock next to the address you will see the following picture:

If an error occurs in the definition of the SSL protocol, part of the address will be crossed out (https//), and in additional information you will read that the site’s identification data has not been verified and the connection is encrypted using outdated technologies.

This situation will repeat on all sites that you try to open.

Important: if an SSL connection error appears only on one web resource, then the cause of the failure is on the site’s side, that is, the page actually has problems with encryption.

You should use the methods below to fix a connection error only if no website that uses the HTTPS protocol can open on your computer.

Bug fix

If, when opening additional connection information, you see a message that the certificate is not yet/no longer valid, check the date on your computer. If it seriously differs from reality forward or backward, then the protocol will not work, and accordingly, an error will appear when accessing the site.

Usually the time and date are lost due to a dead CMOS battery. You can also replace it yourself by purchasing a new power supply in the store. But before you change the battery, look at what is currently installed in the system unit or laptop. If you have a battery with a wire, then you need to purchase a similar power source.

Browser check

If the date on your computer is set correctly, but the connection still fails, pay attention to the state of the browser. You must have the latest version of your web browser. If you're using Google Chrome, go to Settings and open the About section. In other browsers, version checking is done in a similar way.

Typically, web browsers update without user interaction. But, for example, new versions of Chrome are not supported on XP and Vista. Accordingly, when working with older operating systems, you may not be able to access some sites.

Another reason for the connection error may be the action of extensions. They will not necessarily be malicious: completely legal add-ons can also conflict with sites.

To test this hypothesis:

  1. Open settings, go to the list of extensions.
  2. Disable all extensions for a while, and then try to access the site again.

If the problem persists, reset your proxy settings. They may become confused due to the fact that you connected to the Internet through a proxy, or due to the actions of other applications. To reset proxy settings in Chrome:


If sites open normally in other browsers, but the connection error appears in only one browser, reset its settings. This will delete all data, but will help solve the problem.

Setting up an antivirus

In addition to the wrong date and problems with the browser, a connection error can be caused by excessive curiosity of the antivirus and firewall. Security software checks the SSL connection. Some sites may define such a check as an attempt to interfere and block access to information.

To check whether your antivirus or firewall is to blame for the error, temporarily disable your computer's protection. This should only be done if you are confident that the site you are trying to access is secure.

If web pages open without failures when security software is disabled, configure the https scanning mode in your antivirus.

In Avast, for example, you need to go to settings, open the “Active Protection” section, click “Settings” and uncheck “Enable HTTPS scanning”.

In Kaspersky Internet Security, the same settings are located in the “Network” section of the advanced settings.

All antiviruses have similar options, so you just need to find them and disable HTTPS checking.

There are no similar articles.

In each situation, the cause of the SSL Connection Error is individual. It can be caused either by the server from which information about the site is requested, or by the user’s computer. If the source of the problem is the site visitor’s computer, the solution should be sought in the browser from which the resource is accessed.

SSL Connection Error is a typical error for browsers running on the Chromium platform. Such browsers include not only Google Chrome, but also its various analogues: Yandex.Browser, modern versions of Opera, Comoda Dragon and others. In all of them, the error is caused by a problem with the client authentication certificate.

If an SSL connection error occurs, the browser will not be able to access one or more sites due to the message SSL Connection Error appearing in the window. To continue using the Internet to its fullest extent, you need to get rid of the problem. Below we discuss what to do if an SSL connection error appears in Google Chrome, but the instructions are universal and the problem is fixed in a similar way in other browsers:

  1. Please update your browser. If you encounter any problems related to connecting to sites on the Internet or playing content on them, you should first install the latest version of your browser. Most often, the Google Chrome browser updates automatically or prompts the user to download the latest version, but many ignore the recommendations, which leads to various problems.

To update the Chrome browser, you need to go to the settings and click on the “About” item. Next, you need to pay attention to whether the latest version is installed. If not, your browser will need to be updated.

  1. Examine installed extensions. Often problems with browser performance arise due to various extensions. Inexperienced users may accidentally install virus extensions that harm the computer. Also, some licensed extensions may conflict with certain sites or scripts running on them, which will result in an SSL connection error.

To check if the error is related to extensions, go to the Google Chrome settings and then switch to the “Extensions” item. Disable all running extensions and try again to connect to the site where the SSL Connection Error message appeared. If the error is not corrected, proceed to the next step.

  1. Reset your proxy settings. To connect to sites on the Internet, Google Chrome uses proxy server settings. They can go wrong for various reasons: due to the actions of a third-party extension, a virus, one of the installed programs on the computer, and so on.

Resetting the proxy server settings to default values ​​is quite simple. Just go to the Google Chrome settings, select “Show advanced settings” and in the “Network” column click on the “Change proxy server settings” button. Next, you just have to select the option with automatic detection of parameters and you can try to launch the site on which the SSL Connection Error appeared.

  1. Make sure the problem is not related to your antivirus. Antivirus applications do not work perfectly, and because of them, various problems may arise when connecting to sites on the Internet. To check whether the antivirus is related to the SSL Connection Error, you need to disable the anti-malware program and try to access the site.

Important: Disable your antivirus only if you are sure that the site you are visiting does not contain viruses.

If disabling your antivirus helped fix the SSL error, you will need to find an item in its settings that allows you to create an exception for the SSL protocol.

When none of the above tips help get rid of the problem, you should make sure that the site is currently accessible. It is possible that the error occurs on the server side, and it is not possible to access the resource from all devices.

Client Authentication Certificate. What does authentication mean? Causes of SSL Errors

Here's a typical question:

Error 107 appears when accessing https://vk.com/. When I try to log in, a message appears: “Cannot authenticate via a secure connection. Most often this happens when the current date and time are set incorrectly on your computer. Please check your system date and time settings and restart your browser."

Date and time are correct. The hosts file is also normal. There are no viruses. Reinstalling Chrome didn't help.

Here we suggest how to fix an SSL connection error connecting to vk.com or other sites. For example, a secure connection to the server cannot be created. There may be a problem on the server, or a client authentication certificate is needed, which you do not have and is issued:

Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Such VK ssl errors or yandex, google ssl errors can often occur if you do not solve some problems. Here are some guidelines to resolve the SSL error. So, if you encounter an SSL error, try these steps:

  • Check if the date and time on your computer are set correctly.
  • In your antivirus settings, try temporarily disabling HTTPS protocol checking
  • If the problem occurs on Windows XP SP2, update it to SP3.

SSL protocol error This often happens with the Eset Smart Security 5 antivirus, which incorrectly filters the https protocol. You need to disable https check and everything should work.

If everything is fine with SSL on the site, then most likely the problem is that Kaspersky intercepts SSL connections and then proxies them to the browser using its own crooked certificate. A normal browser will display an error warning about a MITM attack. You should try disabling SSL connection checking.

Often, if there is an SSL error, all installed browsers refuse to work. The only way out is to use standard IE, which in 90% of cases does not produce such an error. This browser can be used until a solution to the problem is found. In simple words, an SSL error indicates that a connection to the server cannot be established for some reason.

As noted above, you need to check the settings of your antivirus, since it can block connections, which is why all the problems arise. You may need to add your browser to exceptions and set less stringent controls on incoming and outgoing traffic.

  • Check your firewall settings. If necessary, lower the protection level.
  • Also at Google, an SSL connection error can occur when you do not have an antivirus program and the system is infected. In principle, this can be solved either by reinstalling the OS or by scanning the system for infected files.
  • The time settings are lost. Consequently, a discrepancy is detected on the server, and the connection is determined to be unreliable or insecure.
  • An outdated browser is also a cause of SSL errors.
  1. How to recover the password for access to the profile on MAMBA dating, I can’t log into the dating site mamba.ru. Blocking of a profile by IP address due to violation of the agreement. Technical support address.
  2. This is necessary to know, for example, to organize an xml search on Yandex. It indicates the IP address of your server from which search requests are coming.

Public key protocols allow you to establish authorized encrypted communications between nodes in internal networks and on the Internet. There are three models of authentication carried out in these protocols; they are used both individually and in combination.

  • Client authentication. Allows a Windows 2000 VPN server or IIS Web server to authenticate a user using standard public key encryption methods. Verifies the authenticity of the client certificate and public ID, and verifies that this data was generated by a certificate authority whose root certificate is installed in the list of trusted CAs. This verification is very important if the server is a bank that transmits confidential financial information to the client and needs to confirm the identity of the recipient. Figure 8.1 shows the authentication process.
  • Server authentication. Allows the VPN client or SSL/TLS client browser to verify the server's identity by verifying that the server's certificate and ID are correct and that the certificates were issued by a certificate authority (CA) whose root certificate is present in the client's list of trusted CAs. This confirmation is important for a website user who is submitting a credit card number over the Internet and wants to ensure that it is the correct server.
  • Mutual authentication. Allows the client and server to authorize each other at the same time. Mutual authentication requires that the client and server have digital certificates and corresponding root CA certificates in their trusted CA lists.

Most commercial CAs, such as Verisign, are built into Netscape and Microsoft browsers as default root certificates. Users and network managers do not need to install certificates; server authentication works automatically. If the organization acts as its own certificate authority, then it is necessary to additionally install the root certificate on all browsers of intranet client computers and provide appropriate instructions.

Figure 8.1 shows how SSL/TLS authentication works. In practice, most websites only use server-side authentication using a digital certificate, since distributing client certificates to all site visitors is a huge undertaking (somewhat easier if clients are connected to an intranet).

An argument against using certificates on client computers is that it opens the system to potential dictionary attacks. The browser client authenticates the server using public key methods, but the server simply uses passwords to authenticate its clients, so a hacker can perform a password guessing attack. The management of companies that do not use certificates believes that the cost of development is higher than the real threat; Like most business decisions, this statement is based on economic factors.

Almost every user has encountered many problems in the browser. One of these problems is SSL connections, which prevents you from viewing the pages you need. Let's look at all the ways to fix this problem.

A few more simple ways to solve the problem

If you don’t have time to deal with browser settings or scan the system, then you can try several times in a row which you need to log into. It is likely that after this the information will be partially displayed. However, in the future you will need to do everything according to the instructions. Another way out is to reset your browser settings to Default, that is, to standard ones. This will enable/disable all necessary plugins and scripts. It is also recommended to clear the cache, which sometimes gives a positive result. You can also go to the Windows folder, then system 32, and then to drivers to find the “etc” file there. The last line should look like this: 127.0.0.1. Everything below this inscription must be removed. After this, Google's SSL connection error will disappear.

Please note that sometimes sites without reliable or expired certificates are a kind of virus carrier. In this case, it is normal to see a window that says “SSL connection error.”

What to do if you still need to visit the resource, you ask. To do this, you must continue the connection by confirming your decision. In this case, you may get a virus on your computer, which is not good. Although if you have it installed, it will give you a corresponding message and automatically block you from working with the malicious site.

Now you know what an SSL connection error is. We also figured out how to fix it. I need to say a few more words about the fact that you need to periodically clear Cookies in your browser. This will not only speed up page loading, but will also relieve you of the problem described above. It is advisable to at least occasionally conduct a full system scan for viruses and suspicious files.

You must understand that if you get this kind of error, then something is wrong with your computer. First of all, check the time. If the year, month or time of day is not correct, you need to correct it. To do this, in the desktop tray of your operating system, click on the clock several times and set the real values. This usually solves the problem immediately. If this does not happen, go to and see if SSL protocol support is enabled. If everything is as it should be, then most likely the problem is an antivirus program or a malicious file that is blocking the connection. Removing or moving to quarantine should help.

Authentication is a procedure for verifying the identity of an object or subject.

  1. We can talk about verifying the user's authenticity by comparing the password he entered with the cipher stored in the database.
  2. Authentication is also called checking the checksum of a file for compliance with the amount that was declared by the author of the file.

Client Authentication Certificate

Client certificates are intended for owner authentication when it comes to secure client-server applications, or for use in electronic document management systems during the creation and verification of an electronic digital signature (EDS).

Strict control of the reliability of the information in the certificate allows us to ensure the strictest cryptographic authentication, which makes it possible to confirm the signature of the certificate owner under electronic documents.

The production and maintenance of client certificates is carried out on a paid basis.

Other materials in the series:

  • Authenticating Clients to Online Services Using Digital Certificates - Summary

In the first part of a series of posts about client authentication using certificates, we did a throw-in and talked about the main points of this topic. We realized that certificates are much more secure than your passwords (if you prepare them correctly!). In this part I propose to engage in theory. Long, difficult, tedious, but necessary. Today's theory will consist of studying the general principle of how certificate authentication works and how it looks in communication between client and server.

General certificate authentication scheme

When a user authenticates with a certificate on a website, the process goes something like this:

  1. A user requests access to some network service;
  2. Upon request, the server sends its server certificate (SSL certificate) to the client. The client checks it for validity. If the check fails, that's the end of it;
  3. If the check is successful, the client requests access to the service resources;
  4. The service is configured to require user authentication and sends the available (on the server) authentication methods to the client. In our case, this is a requirement for a client certificate;
  5. The client sends to the server the public part of its certificate and a certain amount of data signed with the client certificate. The server checks the client certificate for validity. If the certificate does not pass verification, the conversation between the client and server ends. If the certificate passes verification, the server attempts to match (or associate) the certificate with the user account. If the matching fails, the conversation ends.
  6. If the account is found and the certificate can be associated with it, the server begins establishing a secure channel. After establishing this channel, the server provides the user with resources to the extent that access lists (ACLs, for example) allow it.

I found it necessary to expand on the last point a little so that you understand the general structure of this channel (since people have some misconceptions about this):

  1. The client requests the establishment of a secure channel;
  2. The server agrees and sends the client a list of supported symmetric encryption protocols;
  3. The client sends its list of symmetric encryption protocols to the server;
  4. The client and server negotiate and select the most appropriate protocol. For example, - I can do DES and 3DES, but what can you do? - And I only know 3DES and AES. - Great, let's use 3DES then;
  5. The client, on its side, generates a session symmetric encryption key and encrypts it with the public key of the server certificate. This process is called Key exchange. As we know, only the web server can read this key, because only he owns the private key that is associated with a specific SSL certificate;
  6. After this, all transmitted data is encrypted with this particular session key. Remember that when transferring data, certificates are no longer used (and many people believe that all data is encrypted with public keys of certificates). Certificates are used only when updating the session key (which changes periodically).

A slightly different process occurs during an interactive login or login to a terminal server via Remote Desktop using a smart card.

Logon with a smart card or PKINIT

Interactive authentication in Active Directory using a certificate is not an independent mechanism. As always, the main authentication protocol in the domain is Kerberos. To ensure interaction between smart card authentication and Kerberos, a simple PKINIT protocol is used. PKINIT, in turn, is just an add-on to Kerberos (or a protocol extension). Here's roughly how it works:

Note: If the user already has a corresponding service ticket (TGS), only steps 5 and 6 are performed.

  1. The user enters the smart card PIN and sends an AS-REQ request to the domain controller (aka Key Distribution Center - KDC). This request contains the pre-authentication data PA_PK_AS_REQ, which in turn contains the login certificate and signed timestamp and optional attributes. As optional attributes, the client sends a list of supported algorithms, root CAs, Diffie-Hellman parameters, etc. A more detailed request structure (and there are quite interesting things there) can be found in RFC 4556 §3.2.1 (clause 5 on page 12). In this regard (for example, transferring a list of trusted root CAs from the client to the server), the time of logging in with a smart card will be much slower than with a login/password combination. Plus the costs of cryptographic operations.
  2. The KDC server verifies the request and tries to associate the received certificate with the user account. If the matching of the certificate to the account is successful, the KDC generates an AS-REP response, including a Ticket-Granting Ticket (TGT) and other necessary information. The response is signed with the certificate of the KDC itself (which is why, when using a smart card for login, the KDC server must have its own certificate (we will talk about it in the following articles).
  3. The client validates this response and verifies the signature (along with the KDC certificate). If everything is fine with the response and certificate, the client, based on the existing TGT, generates a Ticket Granting Service request - TGS-REQ for access to a specific service and sends it to the KDC.
  4. The KDC checks the TGS-REQ request and, if the verdict is positive, generates a Ticket-Granting Service (TGS-REP) response, including all the necessary information for an interactive login, including all the necessary SIDs and credentials for authentication using NTLM.
  5. The client generates a special GSS-API token (

Ssl error how to fix:

1. Check the time and date.

As you can see, in the second case there is the text “The server certificate is not yet valid.” those. The certificate's start date has not yet arrived. This is unlikely to be a site problem. Most likely the problem is on our side.

In this case, everything is corrected simply. Let's check the time on our computer (tablet). Not true.

The battery on the computer's motherboard died, which led to the time being reset back to 2002. Having set the time, we see that the SSL protocol error has disappeared and the site opened safely.

2. Check your antivirus and firewall settings.

The SSL error associated with an incorrect date is the most common. But what if the date is okay? What else could cause the error?

Most antiviruses and firewalls check the ssl protocol and it often happens that the server with which you are exchanging data mistakes your antivirus for a spy - an attacker who is trying to intercept your data. You can disable the https:// check function and check whether the error appears again.

Let's look at disabling https checking using the example of one of the most popular free antiviruses - Avast.

Open the antivirus management window, select “Settings”, then “Active protection”. Click on the button<Настройки>Web screen. A third window will open in which you need to uncheck “Enable HTTPS scanning”.

Within the scope of this article, we will not be able to consider all popular antiviruses and firewalls. Yes, there is no need. In other antiviruses the logic is approximately the same. So we hope you can figure it out for yourself.

3. Browser and system update.

The time is set correctly, HTTPS checking is disabled in the antivirus, and the SSL error haunts me. The advice is pretty standard, but nonetheless effective. Update your browser, update your operating system.

I remember in 2012, the Google Chrome browser was updated to version 18.0.1025.151. For everyone who had Windows 7 - x64 installed at that moment, it made it impossible to connect via ssl. Everything was fixed with the next update.

It happens that an update simply “corrects” some shortcomings, replacing outdated information (settings) with new information.

Be that as it may, it won't hurt to update.

4. Malware, viruses and other “evil spirits”.

Lately, there have been so many computer “evil spirits” that there is simply no way to keep track of what they can do and what they can’t do. Malware is especially famous for this - a type of malware that can:

  1. Bypass antivirus protection.
  2. Make the computer “invisible” to other computers on the network.
  3. Block access to sites, such as Kaspersky and Doctor Web.
  4. Attract advertising to all browsers.
  5. Replace browser start pages without asking.
  6. Download even more Malware.
  7. Block connections on port 80, as well as block ssl

… and many many others. How much imagination is enough?

So, download CureIT and Anti-Malware Bytes, update your antivirus, turn off its screens for a while so as not to interfere. And start scanning. In 90% of cases, on a seemingly “clean” computer, these two programs find something.


More on the topic of the article: