Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, June 6, 2019 12:22 PM
Browsing to any site from any of my domain controllers results in NET::ERR_CERT_AUTHORITY_INVALID
Expanding the Certificate Information in Chrome yields: "Windows does not have enough information to verify this certificate."
Running "certutil -f -verifyCTL AuthRootWU"
Dumps all the certificates until:
[5f43e5b1bff8788cac1cc7ca4a9ac6222bcc34c6]
CertId = 1.3.6.1.4.1.311.10.11.3, "CERT_SHA1_HASH_PROP_ID"
Subject = "CN=Cybertrust Global Root, O=Cybertrust, Inc"
FriendlyName = "Cybertrust Global Root"
EKU = 1.3.6.1.5.5.7.3.1, "Server Authentication"
EKU = 1.3.6.1.5.5.7.3.2, "Client Authentication"
EKU = 1.3.6.1.5.5.7.3.3, "Code Signing"
EKU = 1.3.6.1.5.5.7.3.4, "Secure Email"
EKU = 1.3.6.1.5.5.7.3.8, "Time Stamping"
Policy = 1.3.6.1.4.1.6334.1.100.1, "", 1.3.6.1.4.1.311.60.1.1, "Root Program Flags", 0xc0
CertUtil: -verifyCTL command FAILED: 0x8007000d (WIN32: 13 ERROR_INVALID_DATA)
CertUtil: The data is invalid.
All the workstations can browse without issue. Where do I go from here?
Alan
All replies (8)
Friday, June 7, 2019 6:14 AM
Hello,
Thank you for posting in our TechNet forum.
1. Whether we can browse to any site through IE or Windows Edge from any of our domain controllers?
2. Would you please provide the detailed error message about "NET::ERR_CERT_AUTHORITY_INVALID" with screenshot?
Might similar case, we can refer to it.
How do I deal with NET:ERR_CERT_AUTHORITY_INVALID in Chrome?
https://superuser.com/questions/1083766/how-do-i-deal-with-neterr-cert-authority-invalid-in-chrome
Tip: This answer contains the content of a third-party website. Microsoft makes no representations about the content of these websites. We provide this content only for your convenience.
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Friday, June 7, 2019 12:37 PM
IE and Edge both display the same errors. Also, I have discovered that all workstations in the domain while they can browse to websites without raising certificate errors they too produce the same error when running "certutil -f -verifyCTL AuthRootWU"
Here are the screenshots from Chrome
Monday, June 10, 2019 8:58 AM
Hi,
Do we have our own internal certification authority in our domain?
Where is Google Internet Authority G3 from?
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 10, 2019 10:47 AM
Yes, it is installed on one of the GC's
Alan
Tuesday, June 11, 2019 10:02 AM
Hi,
Is the root certificate-Google Internet Authority G3 issued by our root certification authority in our domain?
Or is the root certificate-Google Internet Authority G3 issued by an internal CA?
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, June 12, 2019 9:30 PM
Hi Daisy,
I found an article that suggested I install the R2 GlobalSign Root Certificate into my certificate store directly.
That fixed the problem. Thanks for your help.
Alan
Thursday, June 13, 2019 5:37 AM
Hi,
Thank you for your update and sharing! I am so glad that the our problem has been resolved.
As always, if there is any question in future, we warmly welcome you to post in this forum again.
Have a nice day!
Best Regards,
Daisy Zhou
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, November 4, 2019 1:32 PM
If you got this error in your computer only, then probably your antivirus has blocked SSL connections, or maybe something goes wrong with your Google Chrome.
In this case, I would recommend follow these steps https://www.devicetricks.com/net-err-cert-authority-invalid/