How to Remove the ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN Error?

1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...
Fix SSL Pinned Key Not in Cert Chain Error

Have you ever experienced or faced the ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN error? If so, you must know it’s difficult to mitigate or resolve, especially as an end user rather than a webmaster. A webmaster who owns and manages a website is more equipped to handle server-side issues like the ones we are currently discussing.

The ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN error arises from key pinning settings, a part of the now obsolete but once essential HTTP Public Key Pinning (HPKP). This mechanism was designed to safeguard against impersonation through misused or fraudulent digital certificates.

As an end user, your options for resolving this error are limited. One effective solution is using Chrome’s function to remove the – “HSTS key.” Apart from this, notifying the webmaster might also help you. But let me warn you, if you’re a webmaster without deep technical knowledge, it’s advisable to exercise caution with key pinning unless you’re confident in your skills or you are an expert. Otherwise, this error will keep on popping.

What is the ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN Error?

The ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN error is a type of Secure Socket Layer error that typically occurs in – Google Chrome. This error is related to an issue with the website’s SSL certificate, particularly concerning the – public key pinning (HPKP) feature. HPKP is a security mechanism that allows web admins to specify which cryptographic public keys are associated with their SSL certificate. When a browser encounters a key that doesn’t match the pinned keys, it triggers the error in discussion. 

What causes the ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN Error?

This error can arise from “n” number of issues. An incorrect SSL certificate renewal, where public keys aren’t updated as needed, is a common cause. Errors in configuring public key pinning can also lead to this problem, especially if the keys set don’t match those in the SSL certificate. Sometimes, the issue might stem from the browser’s handling of SSL certificates.

How to Resolve the ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN Error?

As a user, there is only one method that you can utilize to resolve the Google Chrome error NET: ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN. You can remove the fixed HSTS key, and once done, reaccess the site and see if the issue has been resolved or not.

Follow the steps mentioned below to remove the fixed HSTS key:

  • Open a fresh tab on Chrome.
  • In the URL address bar, type chrome://net-internals/#hsts and press Enter.
  • The HSTS/PKP window will appear.
  • In the HSTS/PKP window, in the left pane, click Domain Security Policy, if required.
  • In the right pane, under the Delete domain security policies section, in the Domain box, enter the problematic domain name.
  • Click Delete.
  • Try reaccessing the site.

Conclusion

The ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN error in Google Chrome, rooted in public key pinning issues, can be a complex challenge, particularly for end users. While web admins have more control in rectifying this issue, users are not entirely helpless.

The key solution for users lies in removing the HSTS key via Chrome’s internal settings, a straightforward yet effective approach. Webmasters need to approach key pinning with caution and expertise, as errors in SSL certificate renewal or HPKP configuration can lead to this problem.

Related posts:

  1. How to Fix ERR_BAD_SSL_CLIENT_AUTH_CERT Error Chrome? [7 Ways]
  2. What is the WordPress White Screen of Death & How to Fix It?
  3. How to Fix the ERR_SSL_VERSION_OR_CIPHER_MISMATCH Error?
  4. How To Fix CVE-2022-21449- Psychic Signatures Vulnerability In Java?
<?xml version="1.0" encoding="UTF-8"?><svg id="Layer_1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 109.7 29.02"><defs><style>.cls-1{fill:#fff;}</style></defs><path class="cls-1" d="m5.38,22.85c-3.1-.26-5.3-1.92-5.38-4.8h3.6c.1,1.1.67,1.85,1.78,2.09v-4.58c-2.47-.62-5.38-1.32-5.38-4.87,0-2.83,2.26-4.68,5.38-4.92v-1.94h1.54v1.94c3,.24,5.02,1.85,5.23,4.7h-3.62c-.1-.94-.67-1.66-1.61-1.94v4.54c2.5.65,5.42,1.3,5.42,4.85,0,2.45-1.92,4.73-5.42,4.97v1.94h-1.54v-1.97Zm0-10.25v-4.15c-1.1.17-1.87.84-1.87,2.06,0,1.13.77,1.7,1.87,2.09Zm1.54,3.38v4.2c1.22-.22,1.94-1.06,1.94-2.14s-.82-1.68-1.94-2.06Z"/><path class="cls-1" d="m17.62,8.33h-2.33v-3.1h5.78v17.5h-3.46v-14.4Z"/><path class="cls-1" d="m28.27,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m41.28,22.9c-1.22,0-2.09-.86-2.09-1.97s.86-1.97,2.09-1.97,2.04.86,2.04,1.97-.86,1.97-2.04,1.97Z"/><path class="cls-1" d="m49.54,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.91-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m64.56,17.81c.26,1.39,1.15,2.18,2.71,2.18,1.97,0,2.83-1.46,2.83-5.4-.74,1.03-2.16,1.63-3.7,1.63-3.02,0-5.45-1.9-5.45-5.59,0-3.5,2.21-5.81,5.9-5.81,4.75,0,6.22,3.22,6.22,8.76,0,5.95-1.32,9.17-5.95,9.17-3.72,0-5.5-2.38-5.69-4.94h3.12Zm5.23-7.15c0-1.92-1.1-2.98-2.81-2.98s-2.81,1.18-2.81,2.93c0,1.58.89,2.88,2.93,2.88,1.68,0,2.69-1.13,2.69-2.83Z"/><path class="cls-1" d="m81.79,0h3.29l-6.48,27.07h-3.29L81.79,0Z"/><path class="cls-1" d="m96.89,9.43h3.58l-8.23,19.59h-3.58l2.88-6.62-5.33-12.96h3.77l3.43,9.29,3.48-9.29Z"/><path class="cls-1" d="m105.62,22.73h-3.36v-13.3h3.36v2.06c.84-1.37,2.23-2.26,4.08-2.26v3.53h-.89c-1.99,0-3.19.77-3.19,3.34v6.62Z"/></svg>