ERR_CERT_AUTHORITY_INVALID for internal websites

Bugra Keskin 106 Reputation points

Hi, I am encountering the ERR_CERT_AUTHORITY_INVALID error on all browsers, except for Firefox and IE, regardless of whether the computer is domain-joined or not. This issue is not related to distributing the Root CA via GPO, as both root and intermediate certificates are already installed on user computers. When I double-click the certificate on any computer, I see that there are no issues with the certificate. However, for some reason, the browsers have stopped trusting the internal certificates that I issued via Microsoft CA. All certificates are 256-bit SHA. any ideas?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,307 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,001 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. risolis 8,701 Reputation points

    Hello @Bugra Keskin Thank you for posting this concern on this community space. I have read your whole case scenario description and I just wanted to ask few questions down below:

    1. -When you were referring to Internal websites... Are you talking about intranet websites that you own?
    2. -How are those internal websites being accessed via S2S VPN between Azure and on-premises or ExpressRoute circuit?
    3. -Is there any Firewall in the middle of the website server and your end users?
    4. -When did this stop working properly?
    5. -Are the end users computers using the same OS version? Looking forward to your feedback, Cheers, Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
    0 comments No comments

  2. Bugra Keskin 106 Reputation points

    Hello @risolis thank you for your reply There's totaly on-premise environment, no azure. Yes internal or intranet doesn't matter, it can be portal or exchange web services or a site that hosted on IIS. There's firewall of course but no SSL inspection. It is not OS related. Until last week there was no such problem with edge. somehow browsers started not trusting certificates generated from local CA.