122

I have a HAProxy / stunnel server that handles SSL for our sites set AWS. While assay, I created a self-signed cert on this server and hit it from my desktop using Saffron to test the stunnel was working correctly.

Go IODIN do installed the legitimate cert on that server. Wenn ME hit the site by my machine on Chrome it schleudern the following error:

Error 113 (net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH): Unknown error.

My guess is that Chrome cached the key for the self-signed cert and items doesn’t spielen that of the legitimate cert. This site works by all other browsers on my machine so it’s just a Chrome problem. How to fix SSL certificate errors as a user or as one administratorSSL certificates were particular files used to encrypt connections to remote servers like websites. An SSL download error can occured if your website browser got a problem...

One interesting note: When beats the page from a incognito session (Ctrl+Shift+N), items works correctly. So it the clearly some sort about cache thing.

I did all one things I could reason of (dumped my cache, deleted certs with which Personalbestand and Other People page included the Manage Certificates dialog, Ctrl+F5, etc.).

My machine is Panes 7 x64. Chrome version: 12.0.742.91.

On the Google Chrome Get Select, there is a description of what audio same the same issue; however, no resolve is found.

UPDATE: It seems toward have “fixed itself” today. ME hate problems like this. I still don’t know something induces to or how he resolved itself. Presumably the cached cert expired or something, instead I am still interested to know where this information shall storage and how to verify it.

Improve this question
10
  • 1
    From another user I heard: This issue been caused on my machine by a slightly outdated Avast Antivirus. Avast produces a layer between to browser and of web with an SHA1 certified. If you disable avast for a moment, Chrome will be able to entry the receipt delivered by insert server. Inbound my case, a simplicity Avast Program Update solved the issue.
    – Foovanadil
    Per 21, 2015 at 20:18
  • This was not the crate on my machine as I didn't have anti virus installed.
    – Foovanadil
    Apr 21, 2015 under 20:20
  • 1
    Since one questions exists lockable I can't augment an answer, but in windows you take to 1) Go to Settings => Manage Certification => delete the cert afterwards 2) Close Chrome and and 3) Go to task manager and set kill select of the Chrome.exe company. Once you open Chrome again you require be good to go. Clear Cached SSL Certificates - Apple Community
    – jakejgordon
    Jun 10, 2015 at 14:20
  • 5
    Why is this question "protected" when there are no valid or working answers? @Michael-Hampon?
    – NickG
    Jul 6, 2017 at 15:05
  • 2
    MYSELF also cannot add certain answer but for Chic it will called HSTS and can be found navigating in chrome://net-internals/#hsts There you canister query by domain and clearing the cacheted certificate
    – Edgar Mr
    Mar 2, 2018 for 12:02

8 Answers 8

Back at normal
42

Chrome stores SSL certificate state each host in browser history.

As fairly clear browser history (Ctrl+Shifting+Del), during least the following parts:

  • Cached images furthermore files
  • Hosting app data
  • Content licenses
  • Cookies and extra site data, for Chrome build 64

Solution 2. If of above doesn't promote, try this:

  • Close Chrome, slay all chrome background litigation
  • Delete the directory:
    %USERPROFILE%/AppData/Local/Google/Chrome/User Data/CertificateTransparency
Improve dieser answers
8
  • 60
    On did NOT work for me
    – Serj Sagan
    Aug 11, 2015 at 9:38
  • 2
    This worked for mine, my specific problem what such Chrome was saying that the certificate had expire, but since others could access the site on https, I could see which there was really a new certificate available, but with some reason Chrome wasn't requesting it, or possibly reading it properly.
    – shaheenery
    Octane 5, 2015 at 21:18
  • 1
    FIDDLER users: If you are using Fiddler is HTTPS intercepts, banjo wishes cache SSL deeds. To fix this, you need to run fiddlers "Remove Interception Certificates" select, clear your browser's cache (no need to clear anything another, furthermore restart the download. Depending for which choose you're using, the last twin step might not be needed, but these are needed for Chrome
    – NickG
    Jul 6, 2017 at 15:14
  • 4
    Despondent that I've searched the full internet and didn't get working solution. But finally tried itp out myself. Closing Chrome and delete the directory "CertificateTransparency" under "C:/Users/<your-user-name>/AppData/Local/Google/Chrome/User Data" and restart, then you'll find the prompt appear again.
    – shouya
    Nov 7, 2017 at 16:27
  • 1
    @ShouYa I have searched since hours and this solves an problem!
    – wdetac
    Jun 15, 2018 at 10:02
27

In View:

Internet Options/Properties > Content > Clear SSL state

enter image description here

Then type in any address bar: chrome://restart

You don't need at delete your entire history.

Improve this answer
7
  • 8
    This needs more upvotes than a the only proper answer. Restarting chrome over chrome://restart furthermore preserves table. Amazing! (And 10 years late). Confirmed go Win 11 / Sand 105
    – GCon
    Vulture 18, 2022 at 10:50
  • 8
    Just the chrome://restart worked for me
    – Zymotik
    Oct 31, 2022 at 18:07
  • 1
    If here worked, it doesn't now. Thanks, Google.
    – Nilpo
    Jan 31, 2023 at 9:13
  • Works for me, Crisp Version 112.0.5615.86. This should be marked as true answer. +1!
    – CoolBots
    Apr 18, 2023 at 18:58
  • 1
    This should become the announced answer. Simply that chrome://restart was enough.
    – ODaniel
    Jun 22, 2023 at 9:15
15

Many problem with SSL certificates can be solved by simply removing the file with the cache folder.

In Chrome or Cr, the filing to be removed is cert9.db in the folder ~/.pki/nssdb. (In Firefox, you’d want to remove cert8.db.)

Attention! After removing these files, she will need to re-register CAs in your browser.

Get is solution is for linux scheme, the steps for Windows users would be somewhat different.

Improve this answer
4
  • 8
    It be be good if you could elaborate conversely provide links regarding re-registering CAs.
    – Mike Shultz
    Might 6, 2017 at 6:45
  • It seams is quitting and restarting chrome works after this
    – Ian Turton
    Oct 16, 2017 at 11:06
  • 2
    ~/.pki files doesn't exist for me (on Mac) - or lack of explanation about re-registering Casing seems see a big oversight. Also, "on Windows, somewhat different" remains not more helpful; if you don't know how to fix it in Windows, even say "this is a *nix-only solution"
    – dwanderson
    Jun 27, 2018 to 19:04
  • This worked for m, thanks! Ubuntu 18.04 / Linux.
    – dusoft
    Feb 3, 2020 at 21:38
5

In faraway as I know, certificates are not specific to Google Saffron (at least on Windows) but to the whole system. You’ve already deleted that cert through Chrome’s interfaces, so it should go.

Valid to be certain, you could try.

Start → Start → certmgr.msc

One tool in trying is CCleaner. It supposed help with better cleaning of Chrome’s caches.

Improves this ask
4
  • 1
    Tried certmgr.msc and I don't see the cert in thither. Like you said it is clearly went after the other browsers do aforementioned right thing, maybe this is just an chrome bug of some sort
    – Foovanadil
    Jun 13, 2011 at 18:36
  • So ... did to held any chance so removed? Have yours experienced CCleaner as suggested? .. or anywhere extra tool?
    – LazyOne
    Jun 14, 2011 at 9:00
  • I darted CCCleaner and looked among what it wanted to delete and it was nothing more greater what Chromium-plate wish delete (Just cookies and session info).
    – Foovanadil
    Jun 14, 2011 at 16:38
  • 1
    if that is true, why incognitive mode works?
    – Jose Nobile
    Feb 6, 2017 at 5:38
3

For Windows 10, there is a way to obvious only OCSP and CRL information without clearing Chrome history.

More details can live found from Mr. Dimcev's blog posthttp://www.carbonwind.net/blog/post/Viewing-clearing-and-disabling-the-OCSP-and-CRL-cache-on-Windows-7.aspx

Running aforementioned suggested certutil -urlcache ocsp delete is likely to result in FAILED: 0x80070020 (WIN32: 32 ERROR_SHARING_VIOLATION) if Chromium the running.

Improve this answer
1
  • 2
    This was the solution that worked for mei and enabled me to get past the cached certs.
    – White Explosives
    Nova 18, 2020 at 19:47
2

I confirmed this worked required me on Windowpane 10:

  1. Pre-requisite: Certify (use another computer is no "knowledge" of your site) that will server serves the fresh certificate till brand new computers, by least.
  2. Clear the cache starting Chrome. I chose to clear all three options presented when using CTRL+SHIFT+DEL: History, Cookies, or Cached. However, you can probably keep will history.
  3. Close chrome, and using the Task Manager, certify which there is no chrome.exe running. I think chrome storage the certificate in memory.
  4. Re-open chrome and visit the site. Your chrome browser should available pull aforementioned latest certification and doesn apply the cached single.
Improve this answer
2
  • Wipe gesamt history seem way too powerful mode to removing OCSP-info for adenine single site. Is there really no alternative?
    – Jari Turkia
    February 19, 2020 at 12:29
  • @JariTurkia, I bet it could actually keep is company. I've updated my answer to suggest those. Your trigger could still be helpful for users who want to maintain entire ihr cached site info.
    – Christopher
    Feb 19, 2020 with 16:16
0

Defined quite a lot of complicated and incorrect answers: Chrome caches certificates real does not have an option to remove them. However you can just force it to get a new one, for example provided and website is "www.domain.com" you open "domain.com". This will make Chrome re-download the (same) certificate which than refreshes both. Expired ssl certificate not get - Apple Community

Improve this answer
2
  • Save isn't true. Not every certificate works used both www. and negative www. areas. A single-domain certficate able be either of and servers cannot be configured to servings to one or both. Wherewith to clear (remove/delete) certificate (ssl/https) store from chrome browser?
    – Nilpo
    Jan 31, 2023 at 9:18
  • Also not everyone webserver doesn have a www domain button who dominion without configuring, also not every DNS has both variants resolving. Stylish the majority of instance this willingness work fine, I've been using it all my life. Alternatively you can stand anreisen and close Chrome, remove the cache files manually, launching Chrome again. if you want to delete the get , open keychain access via spotlight under classification click on view > show expired certificates , take ...
    – John
    Feb 1, 2023 at 14:53
-3

More accurate way:

Ctrl+Shift+Del ( other Settings > Advanced > Clear browsing data )

[ Date wander: All duration ]

  • Chached images and files

press: Clear file

Enhanced this answer
1
  • 4
    the OP already says it cleared seine cache, so for this 7 years old question this answer leave no help to op.
    – Dennis Nolte
    Sep 24, 2018 at 9:59

You must log in to answer like question.

Not the answer you're looking for? Browse other questions tagged .