Troubleshooting Tip: Resolving NET: ERR_CERT_AUTHORITY_INVALID Error in Google Chrome Behind a FortiGate

Error:

The problem occurs when a user tries to access a website via Google Chrome and encounters the error NET: ERR_CERT_AUTHORITY_INVALID. This error indicates that Chrome detects the SSL certificate is not issued by a trusted Certificate Authority.

Initial Checks:

• Make sure SSL Inspection is enabled on the FortiGate Firewall by navigating to Policy & Objects -> Firewall Policy -> Edit Policy -> SSL/SSH Inspection.
• Verify if a Web Filter is applied in the same policy.

Check DNS Settings:

Go to the affected PC and identify the DNS settings. Note down the DNS server IP and ensure it is being used across the LAN network.

Reset Google Chrome Settings:

• Navigate to Settings -> Advanced -> Reset settings.
• Select Restore settings to their original defaults.
• Confirm by selecting Reset settings.

See screenshots of this process below:

When using deep inspection SSL/SSH profile in the FortiGate, make sure that the Fortinet_CA_SSL certificate should be listed under the list of 'Trusted Root Certificate Authority' list in the browser: 

• Navigate to Setting > Privacy and Security > Security > Manage certificates.

• Navigate to the Trusted Root Certification Authorities and import the certificate as needed: