ERR_BAD_SSL_CLIENT_AUTH_CERT

How to Fix “ERR_BAD_SSL_CLIENT_AUTH_CERT”

SSL / Certificate Error 📄 Chrome, Edge, Brave

⚡ Quick answer

ERR_BAD_SSL_CLIENT_AUTH_CERT means the website requires a client certificate for authentication and the certificate your browser presented was rejected — either missing, expired, invalid, or not trusted by the server.

First, check if your internet is working and what your current IP address is:

🔍 Check My IP Address →

What Causes the “ERR_BAD_SSL_CLIENT_AUTH_CERT” Error?

Some websites (particularly corporate intranets, banking backends, government portals, and APIs) require the client (your browser) to present a certificate proving its identity, in addition to the server's certificate. This error appears when: you don't have the required certificate installed, the certificate has expired, it's the wrong certificate for this server, or the certificate was revoked.

How to Fix It — 5 Methods

1 Check If You Have the Required Certificate ▶

Open Certificate Manager: press Windows+R → type certmgr.msc → Enter. Look under Personal → Certificates. If the site is corporate or institutional, contact your IT department — they need to issue and install the correct client certificate on your machine.

2 Check Certificate Expiry ▶

In certmgr.msc → Personal → Certificates → look at the "Expiration Date" column. If your certificate has expired, you need a new one from whoever issued the original (your IT department, the website's administrator, or a Certificate Authority).

3 Select the Correct Certificate ▶

If you have multiple client certificates, Chrome may be presenting the wrong one. When prompted to select a certificate, carefully choose the one issued for this specific site. If Chrome doesn't prompt you, it may be auto-selecting an incorrect one — check chrome://settings/certificates.

4 Clear Chrome's SSL Certificate Cache ▶

Chrome caches SSL certificate selections. Open Internet Options → Content → Clear SSL State. Restart Chrome. This forces Chrome to re-prompt for certificate selection rather than using a cached (possibly wrong) choice.

5 Contact the Site Administrator ▶

If this is a corporate or government site, this is almost always an IT issue. Contact your IT helpdesk with the exact error and the URL. They will either issue you the correct certificate, configure your machine, or verify the server's accepted CA list includes the certificate you have.

🔒

Some errors are caused by ISP blocks or network restrictions

A VPN bypasses them instantly by routing through a different server.

PureVPN → IPVanish →

✅ Fixed it? Visit tools.examineip.com to confirm your IP address and connection are working correctly.

Frequently Asked Questions

Do normal websites ever require client certificates?

Rarely. Client certificate authentication is mainly used by corporate intranets, banking systems, government portals, and mutual TLS (mTLS) APIs. If you're hitting a public website and getting this error, it may be a misconfiguration on the server's side.

Can I bypass this error?

No — client certificate authentication is a security requirement from the server. Without the correct certificate, you cannot access the resource. There's no browser setting or flag to bypass it legitimately.

What's a client certificate vs a server certificate?

A server certificate (the usual SSL cert) proves the server's identity to you. A client certificate proves your identity to the server. It's two-way authentication — both sides verify each other, making it much harder to spoof either end.

Learn More About IP Addresses & Privacy

← Back to the complete guide: Internet Errors Hub

Last updated: April 2, 2026 • Report an error