Multiple Certificate Errors Can Simply Mean a Date Mismatch

image

The Signs: Secured web sites that use “https:” as part of their address appear to get some sort of certificate error, an issue with invalid certificate or a failure of the secure connection. Usually this will happen on multiple sites you access.

The Reason: It’s likely that your system date does not match the current date.

The Story:  The solution sounds pretty weird and disconnected, doesn’t it? How could all these website errors actually be just because the date of the machine is wrong? It’s also be embarrassing for those of us to who are tech-wise and likely to dig deep into the system. There we are, looking for data corruption or other sophisticated sources of trouble before checking the computer’s notion of the today’s date.

So, what is the connection between the system date and these problems? It’s the classic case of your computer responding to specific symptoms without understanding the central cause.

What are Security Certificates?
For all of its greatness, the Internet is still a frontier populated by anonymous web sites and users looking to connect.

In the real world, it is the same when you first arrive in town. You have to learn who to trust, who will hire you, where you can put your money, as well as where good places to shop and eat are. It all comes down to building “trust relationships.”

Most of these relationships start with recommendation from friends or friends of friends. You know where your bank branch is and often the people who work there.

Building Trust through Association

Web sites, especially ones where you want to share personal information, buy, sell, or move money need a way to prove they are really who they say they are. The lack of personal connection or physical location means there has to be a different way to prove their identity and a security certificate is a way to do that. So, sites register for these certificates like applying for a business license.

Instead of registering with local government, they register with companies like Verisign, Thawte, or Entrust. These companies provide what is known as “authentication services” and certify that the web site is registered with them. Their whole reputation is built around being a trusted source, not only with the companies that register sites with them but also with Microsoft, Mozilla, and Google, and others who build the web browsers we use to explore these web sites.

Each time you access a web site over a secure “https:” (also known as SSL) connection, that web site shares its security certificate with your web browser. As your web browser also has certificates from the authentication service companies, it can compare information and, if everything checks out, authenticates the web site. Since the web site is trusted by the authentication service and your browser also trusts than same service, you have that “friend of a friend” trust relationship.

How your system date fits into the picture.
One of the many items checked in the authentication process is the valid date range of the certificates.  If the system’s date is within the valid dates on any of the certificates involved. I say “any certificates” because there can be multiple  certifications the browser need to review in order to complete its checks. The date range supplied with each certificate can vary quite a bit. I have seen ranges from a year to nearly a decade. If your computer’s date is outside the date on any certificate, the following errors will display when you try to reach that web site:

Internet Explorer:

There is a problem with this website’s security certificate

Firefox:

Secure Connection Failed

Chrome:

The server’s security certificate is not yet valid!or
The site’s security certificate has expired!

Chrome’s message seems to be the clearest. The body of the Chrome’s error message actually suggests you check the system date! However, this hasn’t stopped people discussing this problem over and over again on the Google forums and elsewhere. For the current versions of Firefox and Internet Explorer, it is easier to understand the confusion.

To be fair, there can be other causes for this error on a specific website. Malware, settings corruption, or simply an out-of-date certificate from the web site could be a cause. However, my experience is that when you get these errors on multiple secure web sites, the culprit is  is an incorrect system date.

What can cause your system date to change?
This may be the biggest mystery for many people. While programs and users are capable of changing system dates, Windows has been become more restrictive in how this is done in recent versions. The reports I get around this problem usually occur in Windows XP.

XP makes it really easy to double-click on the date on the right side of the Task Bar to look up a calendar. It’s also very easy to click on “OK” and press “Enter” and actually save that date you looked up as your system time…and never notice that a change was made. In Windows Vista and Windows 7, it’s easier to look up the calendar (single-click versus double-click) but you have to go through a few more steps to actually change the date.

Another possibility might be the CMOS battery that helps hold the system date while your computer is off. If you don’t turn the computer on much, this battery gets more of a workout and might fail over time, the causing the system to revert to an earlier date. If your computer loses its date frequently, the battery is probably the culprit. These batteries are often removable and replaceable. You can either do this yourself, or have a professional do it for you.

Resources:

Troubleshooting Certificate Errors

 

Microsoft:

About certificate errors

 

TroubleFixers:

Security Certificate Error While Opening Web-sites

 

Google:

Are you seeing red?
 

Lockergnome:

How Do I Fix “Invalid Or Expired Security Certificate” Errors?

Learning More about Certificates

 

Microsoft:

Using certificates for privacy and security

 

Mozilla:

Using Certificates

Changing the Date

 

eHow:

How to Change Time and Date on Windows XP
 

Microsoft:

Set the clock (Windows Vista)
 

SevenForums:

How to Change the Date and Time in Windows 7

 

Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s