How to Fix NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN Error on Google Chrome?
From the SSL errors, one of them is Google Chrome error NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN (also written as ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN OR NET ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN).
This Google Chrome error is the server-side error that appears differently in the Mozilla Firefox browser as MOZILLA_PKIX_ERROR_KEY_PINNING_FAILURE.
How Website Visitors Fix NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN?
- Contact the owner of the website and let them know that their website is facing this SSL certificate pinning error and wait till they fix the issue.
- Another one is not clicking through the warning and trying to connect the website through HTTP. Though trying to connect website via HTTP is not recommended because any details entered on that website such as password remains open and visible to third parties.
How Website Owners Fix NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN?
If an attempt of key pinning backfires, it won’t go as planned. The error itself means that the keys you have tried to pin isn’t bound to the pinned certificate. Also, these keys are not interchangeable, and failing to pin the right key to the right certificate can break the website.
To put it another way, you just don’t have to pin only your own keys, you also have to pin the keys for the whole certificate chain means saving the root, and whose key is included in the root stores. And the reason is that, whenever the visitor arrives at your website, the server on which your website is hosted presents the certificate of the user’s browser. So, the browser uses those public keys for verifying the signature on every certificate and traces it back to the certificate, which has left it.
Nevertheless, there’s always the possibility of mis-pinning other intermediate public keys while pinning your own certificate, and it can create a problem.
The simple fix to avoid such a problem is: STOP KEY PINNING.
Experts also advise the same that it’s best to avoid key pinning. Lastly, it’s best to re-install your SSL/TLS certificate and if there are any intermediates in the standard manner. Ultimately, it can also mean that you may have to remove the configuration made previously, which takes around a few minutes.
Summary
Related Articles:
- How to Fix ERR_SSL_PROTOCOL_ERROR on Google Chrome?
- How to Fix NET::ERR_CERT_AUTHORITY_INVALID Error on Google Chrome?
- How to Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error on Google Chrome?
- Quick Steps to Fix Google Chrome SSL Certificate Errors
- How to Fix NET::ERR_CERT_COMMON_NAME_INVALID on Chrome?
- How to Fix: “SSL Certificate Problem Unable to get Local Issuer Certificate” Error
- Fix Error Message “This site can’t be reached”