After VPN into work network - get error on many sites “NET::ERR_CERT_AUTHORITY_INVALID”

Question

After VPNing into a work network, I can no longer access many sites that use https such as StackOverflow, Slack, Workflowy, many more. I get this message:

Your connection is not private Attackers might be trying to steal your information from stackoverflow.com (for example, passwords, messages, or credit cards). Learn more NET::ERR_CERT_AUTHORITY_INVALID

I'm using Chrome but the same thing happens in Firefox.

Some sites allow me to bypass this message with the Advanced button, but most do not.

However, Gmail works! As do all google sites (google.com, youtube.com, etc). And outlook.Microsoft.com. And Amazon.

What could be causing this? Any workarounds? My laptop is not part of the domain. HTTP sites work fine.

Answer 1

This commonly happens with corporate networks where as @SpiderIce mentions there is a proxy in place to manage internet traffic. I had similar issues at my last workplace. The certificate would show up as invalid because it did not match the domain. Some sites that used HSTS were not able to be bypassed even with the cert installed!

I found in Chrome, some versions support typing badidea on the cert warning screen and it let me past. Others were simply unusable.

I would inspect the certificate, if it is from your employer and looks trustworthy then make sure the certificate is installed in your cert stores.

If it's already installed, then I would reach out to your IT department to explain the problem and see if they can get it fixed.

Answer 2

That could depend on the software providing the VPN connection, I had the same issue with a Sophos appliance: allowed sites were working, other were not.

You can easily find out what kind of certificate you're actually using on Firefox on their website.

Check for the certificate and who issued it, that's more than likely coming from your appliance (or software).

If that's the case, you need to change its configuration to sort this out.