How to fix: err_ssl_pinned_key_not_in_cert_chain error in Google Chrome

How to Fix: err_ssl_pinned_key_not_in_cert_chain Error in Google Chrome

The "err_ssl_pinned_key_not_in_cert_chain" error in Google Chrome indicates a mismatch between the website's SSL certificate and the security pins Chrome has stored for that site. This means Chrome expects a specific cryptographic key to be present in the certificate chain, but it's missing. This usually points to a problem with the website's server configuration, not your computer. The solution therefore often lies outside your direct control. However, there are a few troubleshooting steps you can take.

First, ensure your system clock is accurate. An incorrect system time can cause SSL certificate validation failures. Check your computer's date and time settings and correct them if necessary. Restart your browser after making the adjustment.

Second, clear your browser's cache and cookies. Sometimes, outdated cached data can interfere with SSL certificate verification. In Chrome, go to Settings > Privacy and security > Clear browsing data. Select "Cached images and files" and "Cookies and other site data," and choose a time range (at least the last hour, or better yet, "All time"). Click "Clear data." Restart Chrome.

Third, try a different browser. If the error persists in Chrome but works fine in another browser like Firefox or Edge, the problem is almost certainly with Chrome's configuration or cached data.

Fourth, update your operating system and Chrome. Outdated software can sometimes cause compatibility issues with SSL certificates. Ensure both your operating system and Chrome are up-to-date.

What Causes the "err_ssl_pinned_key_not_in_cert_chain" Error in Chrome?

The root cause of the "err_ssl_pinned_key_not_in_cert_chain" error stems from a discrepancy between the SSL/TLS certificate presented by the website's server and the security pins (also known as certificate pinning) that Chrome has stored for that specific site. Certificate pinning is a security mechanism where a website's developers explicitly specify the public key certificate they expect their server to use. This is done to prevent man-in-the-middle attacks where a malicious actor might intercept the connection and present a fraudulent certificate.

However, several factors can lead to this mismatch:

• Changes on the website's server: The website might have updated its SSL certificate, potentially changing the key, without updating its pinned certificate information in the application or browser configuration. This is the most common cause.
• Incorrect server configuration: The server itself might be misconfigured, not presenting the expected certificate chain.
• Intermediate certificate issues: Problems within the certificate chain, like a missing or invalid intermediate certificate, can also lead to this error.
• Rarely, a browser bug: Although less likely, a bug in Chrome's handling of certificate pinning could theoretically cause this error.

Is There a Way to Bypass the "err_ssl_pinned_key_not_in_cert_chain" Error Temporarily?

There's no safe and officially supported way to bypass this error temporarily. Attempting to do so would likely compromise your security, potentially exposing you to malicious websites. The error is a security feature designed to protect you. Ignoring it could have serious consequences.

The only temporary "bypass" would involve disabling SSL certificate checking entirely within Chrome. This is strongly discouraged, as it would render your browsing extremely vulnerable to various attacks. You should only consider this if you are absolutely certain you understand the risks and the website you're trying to access is trustworthy. Even then, it's not recommended.

How Can I Permanently Resolve the "err_ssl_pinned_key_not_in_cert_chain" Error on My Computer?

A permanent resolution usually involves the website fixing its server-side configuration. You, as the user, generally have limited control over this. The website's administrators need to:

• Update their pinned certificates: If they've updated their SSL certificate, they must also update the pinned certificate information within their application's code to match the new certificate.
• Correct server configuration: They need to ensure their server is correctly configured to present the complete and valid certificate chain.
• Investigate intermediate certificate issues: They need to verify that all intermediate certificates in their chain are valid and accessible.

If the problem persists after trying the troubleshooting steps mentioned in the first section, contact the website's support team and inform them of the error. They are the ones who can address the underlying server-side issue. Providing them with the exact error message and any relevant details will help them diagnose and resolve the problem.

The above is the detailed content of How to fix: err_ssl_pinned_key_not_in_cert_chain error in Google Chrome. For more information, please follow other related articles on the PHP Chinese website!