ERR_BAD_SSL_CLIENT_AUTH_CERT appears when a website requires a client-side SSL certificate for authentication, but the certificate your browser presents is invalid, expired, revoked, or not trusted by the server. Client certificate authentication is a two-way SSL process: instead of only the server proving its identity, you must also prove yours using a digital certificate installed on your device.
This error is common in corporate environments, government portals, banking applications, and healthcare systems that use client certificates (also called mutual TLS or mTLS) for strong authentication. Personal web browsing rarely triggers this error unless a website has incorrectly configured its SSL to request client certificates from all visitors.
What Causes ERR_BAD_SSL_CLIENT_AUTH_CERT
The most frequent cause is an expired client certificate. Corporate and government certificates typically have validity periods of 1 to 3 years. Once expired, the server rejects them with this error. Other causes include: a revoked certificate (your administrator invalidated it), the certificate was issued by a Certificate Authority (CA) that the server does not trust, an incorrect system date/time making a valid certificate appear expired, corrupted certificate storage in your browser or OS, and browser or OS updates that change which CAs are trusted.
Fix 1: Check Your System Date and Time
SSL certificates are validated against your system clock. If your date or time is wrong, a valid certificate may appear expired or not-yet-valid. On Windows, right-click the clock, select “Adjust date/time,” and enable “Set time automatically” and “Set time zone automatically.” On macOS, go to System Settings, General, Date & Time, and enable automatic time. Restart your browser after correcting the clock.
Fix 2: Update or Renew Your Client Certificate
Check if your client certificate has expired. In Chrome, go to Settings, Privacy and Security, Security, Manage certificates. On Windows, this opens the Certificate Manager. Look under the “Personal” tab for your client certificates and check the expiration date. If expired, contact your IT administrator or the certificate issuer to get a renewed certificate. Import the new certificate following your organization’s instructions.
Fix 3: Clear Browser SSL State
Corrupted SSL cache can cause Chrome to present the wrong certificate or a corrupted version. On Windows, open Internet Options (search from Start menu), go to the Content tab, and click “Clear SSL State.” In Chrome, also clear browsing data (Ctrl+Shift+Delete) with “Cookies and other site data” selected. Restart Chrome completely and try the site again. Chrome should prompt you to select a client certificate from your installed certificates.
Fix 4: Reinstall the Client Certificate
If your certificate file is available (.pfx, .p12, or .pem format), delete the existing certificate from your system and reinstall it. On Windows, open the Certificate Manager (certmgr.msc), find the problematic certificate under Personal, Certificates, delete it, then double-click your certificate file to reimport it. Follow the import wizard and make sure to mark the private key as exportable if you may need to transfer it to another device later.
Fix 5: Update Chrome and Your Operating System
Browser and OS updates can change the list of trusted Certificate Authorities, causing previously working certificates to fail validation. Update Chrome to the latest version (Menu, Help, About Chrome) and install all pending Windows or macOS updates. If the error started after an update, your certificate’s issuing CA may have been removed from the trust store. Contact your certificate issuer for a replacement certificate from a currently trusted CA.
Frequently Asked Questions
What is a client certificate?
A client certificate is a digital certificate installed on your device that proves your identity to a web server. In standard HTTPS, only the server presents a certificate to prove it is legitimate. With client certificate authentication (mutual TLS), both sides present certificates. Organizations use client certificates as a strong authentication method, often in addition to username/password login.
Why does this error appear on only one website?
Each website that uses client certificate authentication may trust different Certificate Authorities and have different certificate requirements. Your certificate may be trusted by one server but not another. Additionally, only websites configured for mutual TLS request client certificates, so the error only appears on sites that require this type of authentication.
Can I bypass ERR_BAD_SSL_CLIENT_AUTH_CERT?
No. This error cannot be bypassed because the server requires valid client authentication before establishing a connection. Unlike some SSL warnings that Chrome lets you click through, client certificate failures result in a complete connection refusal. You must fix the certificate issue (renew, reinstall, or obtain a valid certificate) to access the site.
