An Untrusted Server Certificate error indicates that the certificate (one of the elements proving that data is only going to trusted locations online) that the Zoom application is seeing is not the certificate that was expected. This can happen for a variety of reasons.
Untrusted Server Certificate alerts are a proactive security measure provided by Zoom. You are notified that there is something unexpected in how your data from Zoom is being handled. While this can be indicative of a Man-In-The-Middle (MITM) attack, it is more commonly misconfigured networking gear within your home or enterprise. In today’s heavily work-from-home (WFH) culture, VPN connections can often create this notification as well.
Follow this article if you see the following error notification from Zoom:
Security Warning: Untrusted Server Certificate
Your connection is not private. Attackers might be trying to steal your personal or financial information from Zoom. This server could not prove that it is Zoom. Its certificate is from Gateway Authentication.
Note: Untrusted Server Certificate alerts will now provide additional information about the error such as the server name on the certificate is incorrect, failed revocation check, untrusted certifying authority, or an invalid certificate or associated chain. Users will also be able to view the certificates to assist in troubleshooting.
This article covers:
The most common cause of certificate issues is time-misalignment. This can occur when the time or date set for your device is incorrect or different then what the system expects. If you are a frequent traveler, you have likely encountered this in the past. Most personal devices today utilize some type of widely available Network Time Protocol (NTP) Server, but some machines are set to use a local NTP Server set up in the office which you may not be able to reach from home.
If your time is incorrect, you can start by changing this setting and rebooting before trying to connect again. If your time is correct, you may be under the effects of the network security infrastructure.
If correcting the time doesn't help, typically, your IT Admin(s) would need to procure and install a signed and trusted certificate online. They would then apply this onto your device—or into the system they’re using—that is not passing the expected certificate on to you. All enterprise IT environments are different; so, your IT organization will independently decide how (or if) to resolve this message. They may also just tell you to click Trust Anyway and continue connecting.
At home, there are many products and services that would generate this kind of alert automatically. An example of this would be the Circle by Disney®. In the case where the device is known and you trust it, you could click Trust Anyway and continue uninterrupted on desktop clients.
For Zoom Rooms devices, NTP/timing errors are often seen immediately after coming online for the first time as the device time has yet to update or cannot reach the designated Network Time Protocol (NTP) server.
Zoom cannot know the detailed information about your individual networking environment. It is always best to verify any connection before selecting Trust Anyway. If you’re in a public Wi-Fi environment (coffee shop, library, etc.), you should always be more cautious.
| Error Code | Additional Information |
|
1 | Invalid hostname. This error will appear when the Zoom Rooms software attempts to make an HTTPS connection to a particular domain, but receives a server certificate that does not match the requested domain. This error may be caused when the local network is routed through a network access control system, web proxy, "captive portal," or similar system that intercepts the Zoom Rooms network connection to prevent Internet access. Consult your network administrator for assistance, and ensure the Zoom Room has access to the Internet as outlined in Zoom network firewall or proxy server settings. |
| 2 |
Certificate revoked. This error will appear when the Zoom Rooms software attempts to make an HTTPS connection to a particular domain, but receives a server certificate that has been revoked by the issuer. This issue is rarely encountered. If the domain shown in the error message is a Zoom domain, contact Zoom support. If the domain shown in the error message belongs to a 3rd party service, contact the 3rd party service's support - Zoom cannot resolve certificate issues for 3rd party services. |
| 3 |
Online Certificate Status Protocol (OCSP) error. This error is similar to Error code: 2 and will appear when the Zoom Rooms software attempts to make an HTTPS connection to a particular domain, but receives a server certificate that has been revoked by the issuer. This issue is also rarely encountered, but sometimes may occur if the Zoom Rooms system time is not correct. First check the system time of the Windows PC, Mac computer or Zoom Rooms appliance - if it is incorrect, correct the system time and reboot or restart the Zoom Rooms application. If the system time is routinely incorrect, you may need to modify Windows OS, macOS or Zoom Rooms appliance firmware time synchronization features (consult OS or vendor documentation for details). If this issue occurs regularly even when system time is known to be correct, and the domain shown in the error message is a Zoom domain, contact Zoom support; if the domain shown in the error message belongs to a 3rd party service, contact the 3rd party service's support - Zoom cannot resolve certificate issues for 3rd party services. |
| 4 |
Certificate Transparencty (CT) invalid. This error will appear when the Zoom Rooms software attempts to make an HTTPS connection to a particular domain, but receives a server certificate that has invalid or incorrect certificate transparency (CT) information. This issue is rarely encountered. If the domain shown in the error message is a Zoom domain, contact Zoom support. If the domain shown in the error message belongs to a 3rd party service, contact the 3rd party service's support - Zoom cannot resolve certificate issues for 3rd party services. |
| 5 |
Certificate expired. This error will appear when the Zoom Rooms software attempts to make an HTTPS connection to a particular domain, but receives a server certificate that it considers either expired or not yet valid. This issue may occur if the Zoom Rooms system time is not correct. First check the system time of the Windows PC, Mac computer or Zoom Rooms appliance - if it is incorrect, correct the system time and reboot or restart the Zoom Rooms application. If the system time is routinely incorrect, you may need to modify Windows OS, macOS or Zoom Rooms appliance firmware time synchronization features (consult OS or vendor documentation for details). |
|
6 |
Untrusted certificate issuer. This error will appear when the Zoom Rooms software attempts to make an HTTPS connection to a particular domain and receives a server certificate that matches the requested domain but is issued by a certificate authority the Zoom Rooms device operating system or firmware does not trust. This error may be caused when the local network is routed through a network access control system, web proxy, "SSL inspection" device, firewall or similar system that intercepts the Zoom Rooms network connection and substitutes its own certificate for the connection. This issue can be corrected by loading the root certificate (and any intermediate certificates) used by the network intercepting device, usually from an internal Enterprise Public Key Infrastructure (PKI) service. Consult your network administrator for assistance, and ensure the Zoom Room has access to the Internet as outlined in Zoom network firewall or proxy server settings. |
| 7 |
Invalid certificate purpose. This error will appear when the Zoom Rooms software attempts to make an HTTPS connection to a particular domain and receives a server certificate that has invalid "certificate purpose" metadata. This error may be caused when the local network is routed through a network access control system, web proxy, "SSL inspection" device, firewall or similar system that intercepts the Zoom Rooms network connection and substitutes its own certificate for the connection. This issue cannot be corrected on the Zoom Room itself. Instead, consult your network administrator for assistance, and ensure the Zoom Room has access to the Internet as outlined in Zoom network firewall or proxy server settings. |
|
100 |
Miscellaneous error. Send a problem report from the Zoom Rooms Controller, and contact Zoom support for further assistance. |