FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 278490
Description This article describes how to troubleshoot and resolve the NET: ERR_CERT_AUTHORITY_INVALID error in Google Chrome when behind a FortiGate.
Scope FortiGate, Google Chrome.





The problem occurs when a user tries to access a website via Google Chrome and encounters the error NET: ERR_CERT_AUTHORITY_INVALID. This error indicates that Chrome detects the SSL certificate is not issued by a trusted Certificate Authority.


Initial Checks:

  • Make sure SSL Inspection is enabled on the FortiGate Firewall by navigating to Policy & Objects -> Firewall Policy -> Edit Policy -> SSL/SSH Inspection.
  • Verify if a Web Filter is applied in the same policy.


Check DNS Settings:

Go to the affected PC and identify the DNS settings. Note down the DNS server IP and ensure it is being used across the LAN network.


Reset Google Chrome Settings:

  • Navigate to Settings -> Advanced -> Reset settings.
  • Select Restore settings to their original defaults.
  • Confirm by selecting Reset settings.

See screenshots of this process below:


Chrome 1.jpg

Chrome 2.jpg

Chrome 3.jpg


When using deep inspection SSL/SSH profile in the FortiGate, make sure that the Fortinet_CA_SSL certificate should be listed under the list of 'Trusted Root Certificate Authority' list in the browser: 

  • Navigate to Setting > Privacy and Security > Security > Manage certificates.




  • Navigate to the Trusted Root Certification Authorities and import the certificate as needed: