Helping people with computers... one answer at a time.

https uses certificates to validate the site you're connecting to, as well as encrypt the data. Certificate errors are worth paying attention to.

I have a laptop that consistently has a problem when it accesses a site online each and every time I get the same message from the site I am visiting. The message is strange and I have no knowledge of how to correct the implied problem.

The message is: "There is a problem with this website's security certificate. The security certificate presented by this website has expired or is not yet valid."

This message appears when I try to access my email account.

The problem is most likely not yours to correct. In the case you're asking about, more often than not, it's a problem with the web site itself.

Though you still need to be careful.

Let's look at security certificates on https connections, what they mean and what you should do when faced with messages such as this.

Here's an example of the type of error that we're talking about, as displayed in Internet Explorer 7:

Certificate Error as displayed by IE7

That's one you can see yourself by going to https://ask-leo.com - there is no https version of the site, but there is enough in place should I want one, that it will currently cause that error.

You'll note that specific error is different than that in the question. I'll address that shortly.

"Security certificates are used as part of the https protocol for two purposes: to validate that you're actually connecting to the site you think you are, and thereafter to encrypt the data ..."

Security certificates are used as part of the https protocol for two purposes: to validate that you're actually connecting to the site you think you are, and thereafter to encrypt the data going back and forth between you and the site. It's that first purpose - validation - that these errors are concerned with.

I'm going to purposely gloss over the geeky details, but in short, when a browser attempts to connect with a remote server using the https protocol, it receives a packet of digital information that has been cryptographically "signed" by a trusted third party. Distributed with the browser (and periodically updated) are the root keys that can be used to validate that signature.

A "valid" signature means that a) the decryption of the signature worked, and b) the information accompanying the signature matches what's expected, and finally c) the signature has not expired.

Let's look at what each of those means:

  • If the signature can't be decrypted, that implies that the signature was not signed by a trusted third party. The process of getting a valid security signature requires that the web site owner contact one of a handful of certificate issuing authorities to get a certificate. If they generate one on their own (as I have with https://ask-leo.com), https can still be used for encryption, but it in no way validates that you are in fact connected to the site you think you are.

    The error "The security certificate presented by this website was not issued by a trusted certificate authority." implies exactly that - no third party was used to generate an official security certificate, so the contents of the certificate cannot be trusted.

    Unless you know what you're doing, it's safest at this point to least suspect the validity of the entire site and not continue..

  • Certificates are issued for the specific domain you connect to. So, for example, if you attempt to connect to https://ask-leo.com and the certificate comes back and says "I'm the certificate for server1.pugetsoundsoftware.com", that's a certificate error. It could imply that your connection attempt has been hijacked, and that you're possibly not connecting to the site you think you are.

    The error "The security certificate presented by this website was issued for a different website's address." indicates that this is the case. (The equivalent error message in FireFox will further indicate exactly what site the certificate claims to be. There you'll see that an attempt to connect to https://ask-leo.com will in fact return a certificate issued to "server1.pugetsoundsoftware.com".)

    This actually happens from time to time by accident. For example "example.com" and "www.example.com" are two different domains, and would require two separate certificates and it's easy to overlook that.

    Valid redirection attempts can also apparently trigger this error if not handled properly. At this writing https://www.gmail.com/ has this problem. If you are not logged into GMail, attempting to connect securely to Google Mail via gmail.com will generate the error. If you click on "Continue to this website" you'll be redirected instead to the account login page on https://www.google.com/. I suspect that the wrong certificate is being presented for the initial contact. (You can avoid this path and get an always-valid secure path by going to https://mail.google.com which appears to handle the situation properly.)

    Domain mismatches are almost always suspect, and the safest thing is not to continue unless you have other strong reasons to believe that the error is, itself, in error.

  • Certificates are valid only for specific periods of time and are issued with start and end dates. If the website owner installs a certificate before its start date, or neglects to renew a certificate before it expires, that too is a certificate error.

    "The security certificate presented by this website has expired or is not yet valid." is the error that results when certificate is used outside of its assigned date range.

    Date errors aren't as serious as the other errors above, particularly if the certificate expiration and or start date (if the browser shows you) is within a few days.

Most of the time the problems are simply oversights and omissions on the part of the server administrator. In your case, for example, I'd simply guess that the administrator of your email server has simply failed to update their certificate. You might contact them and let them know.

The whole point of security certificates, however, is to detect those errors because they may indicate various forms of server compromise, or even a compromise of your own computer. If your computer thinks it's going to https://yourbank.com but due to a malware infestation on your machine it's being directed to a hacker's computer overseas, https will tell you.

And, of course, when in doubt take the safe route. You should not continue, but instead double check that you've typed in the correct domain name or URL, and perhaps contact the site owner via other means to determine what's happening.

Article C3581 - December 3, 2008 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

30 Comments
Rachel
December 6, 2008 8:12 PM

I have this same error message, but it's for major sites that certainly aren't having a certificate problem (like facebook and ebay). HOw can I simply turn this option off on my computer. I have searched for many answers on computer so far and have tried the following things: Changed Advanced Internet options, lowered security filters, turned off phishing filters, installed the security certificates of the websites that have the error, and added URL's to the "trusted sites" list. None of this has changed anything. And, after each change, I have closed the broswer and restarted it. nothing... Help!

You can't turn this off. In fact, you shouldn't turn this off, since it does indeed imply a problem of some sort. One possibility I was reminded of by my friend Dave Taylor is that the clock on your PC might be wrong.
- Leo
07-Dec-2008

Jeffrey
December 7, 2008 11:30 AM

If it happens every site you go to, check your date and time on your computer. If your computer's date is off by a certain amount of time, usually I have seen 1 year. In other words if today is 12/7/08 and your computer shows 12/7/07 you will see this error, for nearly every web site you go to.

Derus Berg
December 9, 2008 9:49 PM

I get this certificate error when i connect remotely to access my Exchange mail on my own 2003 server. I can't figure out what certificate it's talking about

Glenn P.
December 10, 2008 4:23 AM

I have another question regarding security certificates. It concerns a button that I see (when I view it in MSIE6.0) on the certificate, labelled "Install Certificate". Why is this button there? I mean, clearly, the certificate works just fine without having been installed (else the web page would fail). Is there any value to installing a web certificate? Is there any case where this would be appropriate???

There are cases, but they're typically very geeky in nature, and not something that the average user ever needs to consider. Essentially it's saying "permanantely trust this certificate", but you should not do this unless you really, absolutely, positively know what you're doing. Cert warnings exist for a reason, and the underlying issues that cause them should be investigated and resolved, not worked around.
- Leo
10-Dec-2008

sudhamol
January 6, 2009 11:34 PM

hi leo ,
i read the problem which is faced by other when the access to the desire website because i also face the same problem , now i have one double will this problem prevent to install any new software for eg , i am trying to install the new version of yahoo messanger 9 but i cant do so , can u help me out ...

Kayren
February 28, 2009 2:04 PM

I tried to get on this website i usually go on quiet regular. I sign in but it keeps saying i am having a certificate problem. I couldn't understand what it meant. Somehow i've done something with the URL. So now its coming up: The requested URL/login/was not found. How do i sort this problem? I would be grateful if you could help me because i don't have a clue? And i need to get back on this site.

Paul
April 12, 2009 8:39 PM

I get it on a select few...and in order to help a neice with a governement website (child support) I tried to find out why she gets this same error.

I get it too and my system is totally different than hers.

But also neither of us have trouble with the site when we use anything other than IE.


To me the problem is IE related whether its something I can fix or not.

Solution: Dont use IE if you get this error.
I use both Safari & Firefox often for this reason alone.

Its also one of the top reasons (that and UAC) that I will go Linux or OSX on my next computers.

sheila slater
June 24, 2009 12:41 PM

my daughter trying get on facebook and bebo, it is saying security certicate and wont let her sigh in, whats could be the problem

Dwayne
September 20, 2009 2:34 PM

Posted by: Rachel at December 6, 2008 8:12 PM
I changed the date on my computer and WOW! that fixed the certificate problem for me. It's an old post but, Thank you Rachel.

Axel Grude
October 30, 2009 2:58 AM

I have that problem on our Company's webmail exchange server ("not issued by trusted authority" and "issued for a different website's address") I have talked to our IT dept. and they can not (or don't want to) change that.
I have tried adding the domain to my trusted sites and to my intranet sites, all to no avail. Surely it must be possible to bypass this for ONE site????????
I have also tried group policy editor, but did not find any suitable option.

It is really ridiculous that I have to click this link every time I need to access my work email! This needs an easy workaround by Microsoft especially for those IT workers who need to access their Intranet stuff remotely.

eliot
December 14, 2009 4:10 PM

thankyou my comp was dated back to 2002
i dont know why but ive changed it and
hope everything is going to be ok

Teresa
January 13, 2010 6:43 AM

I get a certificate error for EVERY website I try to visit. Does this mean my computer has been hijacked?

kiki
March 17, 2010 2:05 PM

You were soooo right i changed the date on my comp. becaouse it was dated to last year and now i can log into were i coudnt before yay!! thanx Leo.

Ed
April 21, 2010 7:27 AM

Leo I love your column. However the phrase: "...but there is enough in place should I want one, that it will currently cause that error." is not very clear. Why will the browser sometimes go automatically to https even though you type http?
Thanks!

Goobys
April 24, 2010 1:06 AM

Ok i read this article, but i am still confused. I'm sorry i am not very good with computers. I had no idea what a cookie was until today. :/ Everytime i try to log into [Site Removed] it says that 'The security certificate presented by this website has expired or is not yet valid.' You mentioned that above, but how do i fix this problem? I tried enabling my cookie and when i try to log into my account on DA it says that the cookie used to remember my password and username (which were correct) was not remembered. How do I make it remember the cookie? How do i validate the security certificate? I'm so confused. Please help. >_

Security certificates are not related to cookies, and they are not something you can fix. It's an issue with the website you're visiting, and something they have to fix.
Leo
24-Apr-2010

Ramon
May 19, 2010 10:15 AM

I am getting the error message you show, when visiting web sites I know are safe, and that I had no problem with a few days ago.
If I visit them on a different pc, no problem, and the support people at the sites cannot replicate my problems.
So what can I do about this?
They are https sites, btw.

Thank you.

John Jeffrey Larrett
June 21, 2010 1:04 AM

I have read the article - check my clock & still have the problem. My wife has a laptop & we share the same SP via the same modem & she has no problem. I have checked with the website & they assure me the certificate is up to date & valid. I tried to subscribe to your RSS feed but failed. Any other suggestions. Thanks

arif
March 14, 2011 5:19 AM

check u r date and time and also anti virus is update to to the date because some malwares are blocked that security setting file

arif
March 14, 2011 5:21 AM

reset the host file in the systems

Donna
May 8, 2011 3:45 PM

go in to youi date and time on the task bar and make sure the date, especially the year, is right!

siamak
May 24, 2011 6:50 AM

i could solve the problem.
change date & time settings

Stormy
September 26, 2011 11:51 AM

i want to thank you very much on the information posted. I had let a friend use my laptop and when it was return. It was not working as given after reading your posted inregards to website certificate it was a minor thing the computer date was really off.

Siddharth
September 30, 2011 10:48 PM

thank you.just change in time and date helped me

Dave Markley
December 6, 2011 10:01 AM

I agree with Leo that it is almost always the website's problem, not you or your computer. But, I have found (as many have mentioned) that if the date and time is wrong in your computer, the website certificate's date won't show as valid. What I didn't see anyone say is that if your computer's date and/or time is incorrect, (aside from you changing it, or a 'sloppy' installation of Windows), most likely your CMOS battery is going bad. This is usually a little 'watch' battery on your motherboard. In a desktop PC it's easy to just replace for about $4 from anywhere that sells batteries, just make sure you get the same 'model number' battery as there may be a difference in voltage. In a laptop, it is most likely a watch battery, but some use a tiny capsule or disk-shaped battery soldered to the motherboard - these require professional replacement.

Hirut
March 20, 2012 10:55 PM

Thank you Leo, I just change the date and the time and it worked!!!! I am so glad!!! you are willing to help.

tarun singh rathore
July 23, 2012 2:27 AM

hello, friends.
I 'am tarun, i have a problem. that is - whenever i start my pc, message appears - " Date & time wrong " what should i do... ?
solution of this problem is very important for me........
THANXXX......

Mark J
July 23, 2012 3:04 PM

@Tarun
The most common cause of having to set the Date and Time on startup is the CMOS battery.
http://ask-leo.com/why_does_my_clock_reset_on_every_poweron.html

saiyad
August 6, 2012 3:46 PM

i have the above problem each time i go to check my email the message comes up when i open the page "there is a problem with the security certificat....what should i do

Linda
December 3, 2012 6:16 PM

I have a bb curve 9300 and it has a few certificate4 not trusted,should I delete them in my options/security settings.don't know anything about internet workings at all really and also why does it say everytime I goto my gmail,press to redirect you,should I delete these not trusted and then change my email add password.thank you for your time.

maho
April 11, 2013 1:18 AM

check ur system clock a wrong time or date will give a certificate conflict

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.