# Err::CERT_DATE_INVALID on chrome



## rtsiresy (Apr 3, 2019)

Hey everyone,
so I was working on a virtual Lab where I have a freeBSD webserver and a Windows client with Chrome installed.
I set up SSL configs in the webserver and made the windows client trust his certificate. But the thing is I keep getting the following error





when I click in the error text it shows *expires date january 2020* and *current date* the exact current date
I also checked the server time and the client; the server' s is the same as the client's
I'm lost here ... Please help ...


----------



## SirDice (Apr 3, 2019)

rtsiresy said:


> I set up SSL configs in the webserver and made the windows client trust his certificate.


Make sure you install the whole certificate chain on the webserver, not just the server's certificate. Also make sure the start date is correct. You can create certificates that are valid from a date in the future. If the certificate's start date is in the future it's not valid today.  

Is this a self-signed certificate?


----------



## rtsiresy (Apr 3, 2019)

yes it is...


----------



## rtsiresy (Apr 3, 2019)

SirDice said:


> Also make sure the start date is correct. You can create certificates that are valid from a date in the future. If the certificate's start date is in the future it's not valid today.



how can I see/set start date???


----------



## SirDice (Apr 3, 2019)

Not sure with this browser but you can usually look at the details of the whole certificate. Besides an end-date, certificates also have a start date.


----------



## rtsiresy (Apr 3, 2019)

wait I see it is valid from today to january 2020 ...


----------



## SirDice (Apr 3, 2019)

What about the dates on the CA certificate you generated?


----------



## rtsiresy (Apr 3, 2019)

and what did you mean I have the whole certificate chain on the server??


----------



## SirDice (Apr 3, 2019)

What is the SSL Certificate Chain? - DNSimple Help
					

The difference between the root certificate, intermediate certificates, and server certificate.




					support.dnsimple.com


----------



## rtsiresy (Apr 3, 2019)

SirDice said:


> What is the SSL Certificate Chain? - DNSimple Help
> 
> 
> The difference between the root certificate, intermediate certificates, and server certificate.
> ...


I have both root certificate and server certificate on my server ... I created a rootCA and used it to sign the server certificate as I said it was a selfsigned one ... In the windows client, I imported both the root and server certs in both personal and trusted root certificates
So what do I need to do ???


----------



## SirDice (Apr 3, 2019)

You should only import the root CA (your self-signed one) on the client.


----------



## rtsiresy (Apr 3, 2019)

Still get the same error (ERR::CERT_DATE_INVALID)


----------



## VladiBG (Apr 3, 2019)

Is your computer clock correct?


----------



## rtsiresy (Apr 3, 2019)

VladiBG said:


> Is your computer clock correct?


yes it is correct, when i run `date` on the server, it gives the same time as the windows client


----------



## rtsiresy (Apr 3, 2019)

Do I need something else??? Please help ...


----------



## VladiBG (Apr 3, 2019)

How To Fix NET::ERR_CERT_DATE_INVALID Error On Google Chrome - Comodo SSL Resources
					

Follow this step-by-step process to troubleshoot and fix the NET::ERR_CERT_DATE_INVALID security warning on Google Chrome.




					comodosslstore.com
				




It should be expired certificate or incorrect date double check them.


----------



## rtsiresy (Apr 3, 2019)

VladiBG said:


> How To Fix NET::ERR_CERT_DATE_INVALID Error On Google Chrome - Comodo SSL Resources
> 
> 
> Follow this step-by-step process to troubleshoot and fix the NET::ERR_CERT_DATE_INVALID security warning on Google Chrome.
> ...



Certificate expires on january 2020
Dates are all corrects


----------



## SirDice (Apr 3, 2019)

If possible can you start fresh? Generate a new CA certificate, sign it, then generate a new server certificate. You can spend a couple of days trying to figure it out or start fresh and have it working in less than an hour. I sometimes get weird issues too, usually because I accidentally got the order wrong or missed some option I should have set. Starting over is often the quickest way to fix it.


----------



## rtsiresy (Apr 3, 2019)

Hey guys ... I figured it out ... certificate start date was for today, so I changed the windows client date to the next day and BAM it worked ....
Anyway thank you guys


----------

