Skip to content

Fix: X509: Certificate signed by unknown authority

  • by
  • 3 min read

As amazing as it is, the internet can also often be dangerous. That’s why we have security certificates in place that differentiate safe websites from unsafe ones. However, installing these SSL certificates isn’t always easy, and they have problems that can leave you scratching your head.

In this article, we’re talking about the “X509: Certificate signed by unknown authority” error, its causes and what you can do to fix the problem.

Also read: How to fix SSL_error_handshake_failure_alert?

What causes the “X509: Certificate signed by unknown authority” error?

The issue often arises when using self-signed certificates instead of trusted CA-signed certificates. The error often occurs because a self-signed certificate is installed to enable HTTPS on the website. Other causes include:

  • CA certification isn’t valid
  • The authorising body doesn’t identify your CA

How to fix the “X509: Certificate signed by unknown authority” error?

You can try the following four fixes. 

Get a reliable SSL certificate

If you’re getting your certificates from a not-so-popular issuing authority or signing it yourself, chances are your SSL certificate is at fault. We recommend using LetsEncrypt or ZeroSSL to get SSL certificates that don’t cause such problems. 

What are cyber-physical systems and the technologies that enable it

Update your TLS version

If your web server uses an older version of TLS, you need to upgrade your TLS/SSL library to support the latest standard. While your hosting provider should automatically implement this, in case you see the error, updating the library manually shouldn’t be too much of a hassle.

You will need to contact your hosting provider for the exact steps. 

Use HTTPS

If you’re using HTTP to connect to the server, try switching it to HTTPS. Currently, most SSL certificates don’t allow HTTP as it’s less secure and more prone to attacks.

This is an image of https 3344700 1280

For self-signed applications

If you’re using a certificate for your REST applications, make sure you place the .CRT certificate file in the following directory.

/usr/share/ca-certificates

Once done, edit the /etc/ca-certificates.conf file and add your certificate’s name. Last but not least, update the file by running the following command.

sudo update-ca-certificates

Also read: How to fix SSL_Connect_Error?

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of facebook featured

Meta plans to introduce full passkey support for Facebook on mobile

This is an image of cloudflare featured office san fran 1

Cloudflare blocks record-breaking DDoS attack

This is an image of cyber security hacked breach

UBS employee data leaked following Chain IQ data breach

This is an image of duckduckgo 3909sdi9903

DuckDuckGo’s browser is expanding its scam defence

This is an image of scam call featured 1

Netflix, Microsoft, and Bank of America websites hijacked by scammers

Photo by jivacore/shutterstock. Com

Novel Linux flaw lets attackers get root access

>