Mac OSX

Solve NET::ERR_CERT_REVOKED in Google Chrome Running on Catalina

Security risks pose a threat to your system, as a result, developers try their best to decrease the level of it by pushing updates and patches. One such security warning appears in Chrome running on Catalina. The Chrome generates the following warning message with error code NET::ERR_CERT_REVOKED.

You cannot visit [this website] right now because its certificate has been revoked. Network errors and attacks are usually temporary, so this page will probably work later.

The above warning is equally important for users and administrators. Furthermore, users reported that they couldn’t override this error. Definitely, the purpose of this warning isn’t to let users override it. Otherwise, the entire purpose of the security is defeated.

Why Chrome on Catalina throws NET::ERR_CERT_REVOKED?

This particular error code is about websites running on HTTPs. A certificate is an important component of SSL/HTTPs which allows the computer to identify that the source/website is trustable. This particular error occurs when macOS can’t verify the status of the SSL certificate. Subsequently, with the release of iOS 13 and macOS 10.15, the following requirements of a TLS certificate should be followed:

  1. The minimum key size of certificates should either be 2048bits or greater.
  2. The certificate must be signed through a has algorithm belonging to the SHA-2 family.
  3. DNS names should be mentioned in SubjectAltName rather than in CommonName.

Furthermore, a certificate with issuing date after July 1, 2019 must contain an ExtendedKeyUsage extension having the id-kp-serverAuth OID (object identifier) and the certificate itself must have a validity period of 865 days or fewer.

Solve NET::ERR_CERT_REVOKED:

There are two scenarios in which someone will like to resolve this error. One is from the point of view of a user, the other is from the server administrator’s perspective.

Troubleshoot: NET::ERR_CERT_REVOKED as a server administrator:

If you are a server administrator then this error will cause you to lose traffic. All you’ve to do is to log in to your analytics account and look if users running macOS are fewer than the past. In case, if you notice a traffic drop then the error is effecting everyone universally running Catalina and Chrome.

You need to update your server’s ssl certificate. If you are running apache/nginx, all you’ve to do is to update your SSL certificates attached to that particular domain. However, before updating certificate keep the points mentioned above in your mind. The updated certificate requirements in Catalina must be fulfilled.

In case if you’ll check your website on Windows, you’ll not notice this error.

Troubleshoot: NET::ERR_CERT_REVOKED as a website user:

If you are a user, and you really want to visit your favourite website throwing this error, then you should contact the webmaster. You must ask him to update his SSL certificate, particularly in the case the website collects your data.

However, if you are sure that the website does not pose a threat, then you can start chrome with a flag. Bring up spotlight (Spacebar + Command) and run Terminal; in there type the following command and hit enter.

open -a "Google Chrome" -ignore-certificate-errors

This flag allows the Chrome browser to ignore any errors due to certificate issues. However, it’s not a permanent fix and you should not run Chrome using this flag unless it’s an absolute necessity.

Trusting certificate locally using Keychain:

Another workaround is to download the certificate from the website and adding it to your macOS keychain.

  1. Download the certificate of the website and open it using Keychain.
  2. Install it under the login and set the certificate to Always Trust by double-clicking it.

However, keep in mind that you follow this procedure only for the website which you trust. Don’t do this for unknown websites.

Keychain Certificate Installation

Conclusion:

This particular error appearing in Chrome running on Catalina is actually about user security. You should only bypass this error when you are sure about your own security. If you are a system administrator then you should update your SSL certificate with the required hash and parameters.