[SOLVED] "NET::ERR_CERT_AUTHORITY_INVALID" and other network errors ?

[Zarconian]

Hello!

3/8/2022 there was a windows 10 update that caused my network to not work unless I am on a VPN. I get the error on my internet browsers across the board. I would play a round of fortnite or a game of league of legends, then get disconnected and it won't allow the connection to go through.

I have McAfee as my antivirus software.

I have done the following:

1. ipconfig release/renew
2. uninstalled McAfee
3. Turned off Firewall
4. Resetarted computer
5. Unistalled Windows Update
6. Changed internet security settings

The only thing that works is using a VPN and I don't want to do that. Is there anything that I can do to fix this issue?

 

[Ralston18]

Make and model router?

The router's logs (if available and enabled) may provide some clue. Who has full admin rights to the router?

You will need help from that person.

 

[Murissokah]

That error occurs when a certificate's issuing authority is not trusted / cannot be verified. It would be a common thing to happen if it was one site, but if it happens accross the board that indicates something else. A few possibilities:

1. You have a proxy configured, either manually on the browser of by use of security software that proxies your connections. If that proxy's certificate is wrong, you'd get the error for everything the browser tries;
2. Something is redirecting your http connections to an error page that has a bad certificate. I've seen access points do that in the past, when they can't connect properly they redirect to a custom error page. If that page's certificate is bad you get the scenario you are describing.

So to troubleshoot this, the first thing would be to find out what is returning the bad certificate. You can try entering any site that gets the error and opening the certificate on the browser (in chrome, click the red exclamation, then "invalid certificate" and see what it says).

You can also use curl in Linux or powershell in windows to get more info on the response and try to track down what is answering your http requests. In windows, you could use the following powershell script:

#this is to ignore SSL check in this powershell session, otherwise the request will fail like it does on the browsers
add-type @"
    using System.Net;
    using System.Security.Cryptography.X509Certificates;
    public class TrustAllCertsPolicy : ICertificatePolicy {
        public bool CheckValidationResult(
            ServicePoint srvPoint, X509Certificate certificate,
            WebRequest request, int certificateProblem) {
            return true;
        }
    }
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

#This is send the request to a test site
$httpResponse = Invoke-WebRequest -uri "YOUR SITE HERE URL (use https://)"

#This will give you some basic info of the HTTP response, including the server identification
$httpResponse.BaseResponse