You'll see this error "Your clock is behind" or "Your clock is ahead" or "NET::ERR_CERT_DATE_INVALID", your computer's inaccurate date and time are causing an SSL error . To get rid of this message, update your device's clock.

Why Chrome detects system time incorrectly

This problem can be fixed in a matter of seconds:

  1. Click on the date and time on the taskbar.

  2. After that click on "Date and time settings."

  3. If you have windows 10 then make "Set time automatically" to "On."
Fix Your Clock is Ahead / Behind Error

For other Windows Operating systems when you will click on Date and time settings a new window will open and from there go to the tab "Internet Time."

  1. Click on the date and time on the taskbar.

  2. Select the "Internet Time" tab.

  3. Click on "Change settings" and tick mark on "Synchronize with an Internet time server" and inside server select "time.windows.com" after that click on update now and then OK.
Why your computer clock falls behind, and how to fix it

After change the above settings, restart chrome and see if the issue is resolved or not.

Why is Chrome reporting "Your clock is ahead" message?

All browsers have default inbuilt certificate list of various SSL's (secure socket layer). In SSL , clocks are used for certificate validation . Certificates used by websites which are considered to be secure (their URL begins with "https://") are only issued for a certain period of time. If a website presents a certificate with a validity period that doesn't match the current value of your system's clock, browsers can't verify that the connection is secure. Any mismatch in the certificates causes SSL Connection Error in the browser.

Time syncs can prevent replay attacks . Without them, someone could record the packets sent between client and server, decrypt, modify data, then resend the packet stream and no one would be the wiser. But, because decryption takes time, a timestamp (validated on both sides) can indicate that the stream is a 'replay'.

That means, the client needs to make sure that it talks to the right server; for that, the client will validate the server's certificate . Validation implies verifying a lot of things; two of them involve clocks:

  1. The server's certificate must include the present time in their validity time range. Each certificate as a notBefore and a notAfter fields; the current time must fall between these two dates.

  2. The client is supposed to obtain the revocation status of each certificate, by obtaining (and validating) a CRL (Certificate Revocation List) from the appropriate issuers. A CRL is deemed acceptable if (in particular) it is "not too old": again, the CRL has a thisUpdate field that says when it was produced, and a nextUpdate field that more-or-less serves as expiration date for the CRL.

If the client's clock is off, then it will break either or both of these functionalities. For instance, the server's certificate will be considered as long expired , or not usable yet , leading to rejection.



NEXT.....What is ERR_UNKNOWN_URL_SCHEME