kCFURLErrorServerCertificateUntrusted

kCFURLErrorServerCertificateUntrusted Server Certificate Untrusted Error

Category: SSL / TLS Errors | Platforms: macos

What This Error Means

The kCFURLErrorServerCertificateUntrusted error in macOS indicates that the system's trust store does not recognize the server's SSL/TLS certificate as valid. This typically means the certificate is self-signed, expired, revoked, or issued by an untrusted Certificate Authority (CA). Consequently, the secure connection cannot be established.

Common Causes

  • The server is using a self-signed certificate which is not trusted by default.
  • The certificate has expired or is not yet valid (clock skew issues).
  • The certificate was issued by a Certificate Authority (CA) that is not trusted by the system's trust store.
  • The certificate has been revoked.
  • The certificate's Common Name (CN) or Subject Alternative Name (SAN) doesn't match the server's hostname.

How to Fix It (For Users)

  1. 1 Ensure your system's date and time are correct to prevent issues with certificate validity periods.
  2. 2 Avoid accessing sensitive information on websites displaying this error unless you are certain of their authenticity.
  3. 3 If you trust the server, you *can* manually add the certificate to your Keychain as trusted (proceed with extreme caution and only if you fully understand the risks). This is NOT recommended for general browsing.
  4. 4 Contact the website administrator to report the issue.

For Site Owners / Developers

  1. Obtain a valid SSL/TLS certificate from a trusted Certificate Authority (CA) such as Let's Encrypt, DigiCert, or Sectigo.
  2. Ensure the certificate is properly installed and configured on the server.
  3. Verify the certificate's Common Name (CN) or Subject Alternative Name (SAN) matches the server's hostname.
  4. Regularly renew certificates before they expire.
  5. Implement Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) stapling for improved security.

When It Is NOT Your Fault

Sometimes, this error arises from misconfigured servers or compromised Certificate Authorities. If the website is widely used and trusted, the problem likely lies with the server's certificate configuration or a broader CA issue, and the website owner needs to resolve it. Checking the validity of the certificate with online tools (e.g., SSL Labs' SSL Server Test) can confirm this.

Check if this outage affects everyone globally

This error often indicates a wider problem. Use our tool to verify if the site is down for everyone.

Check Website Status →

Recommended Tool to Prevent This Error

Get free, automatic SSL certificates and fix handshake errors instantly.

Cloudflare Universal SSL

Related Errors