SEO Spider

Resolving Google Analytics / Google Search Console Connection Issues

Introduction

Connections to Google Analytics, Search Console and Google Drive are performed securely using libraries provided by Google. When the connection is established the library verifies the server it’s talking to is who it says it is by looking at its certificate.

If you are seeing the following pop-up when connecting this means there is something either on your computer, or in your network environment, that is preventing the server from being successfully verified.

Possible Issue

In a minority of cases this error is triggered by Covenant Eyes and Kaspersky. If you have either of these, or similar security software running, either try connecting with them disabled or with an exception in place for *.google.com.

You may need to contact your IT team to do this.

Probable Issue

The most common case we see by far is in a corporate environment, where the IT team has setup the firewall to do SSL encryption.

The issue is triggered by the certificate presented by the Google server claiming to be issued by the firewall, rather than Google, thus making the connection appear (quite rightly!) insecure.

Solutions

There are two ways to resolve this issue:

  • 1) Add the X.509 certificate of the proxy as a trusted certificate in the SEO Spider. Continue reading below to see how to add a trusted certificate without your IT teams help!
  • 2) Ask your IT team to make some adjustments for *.google.com and *.googleapis.com.

Please see details below on how to add a trusted certificate in the SEO Spider.

How To Add A Trusted Certificate

When a proxy is changing the issuer of a certificate, it can be quickly seen within Screaming Frog. Click ‘File > Settings > Trusted Certificates’ on Windows or ‘Screaming Frog SEO Spider > Settings > Trusted Certificates’ on macOS and then click the ‘Discover’ button.

Trusted Certificates Discover

The genuine issuer for the Screaming Frog website certificate is ‘GTS CA 1P5’, however, you should see this is as something different – such as your proxy, for example ZScaler or McAfee. This shows the issuer of the certificate is being changed in your networking environment.


If you are seeing ‘ZScaler, McAfee’ etc as the issuer certificate, then click the ‘Add’ button next to it.

Trusted Certificate ZScaler


This will add the certificate file to the SEO Spider trusted certificates trust store.

Trusted Certificate Added to trust store

You can then click ‘OK’. You should then be able to connect to Google Analytics, Search Console and Google Drive without issue.

Logging the Issue

As this is quite a subtle issue that perhaps IT might not be fully be aware of, you might need to prove this is what is happening.

Using the following steps, you can enable network logging and see the verification process.

  • 1) Open up the SEO Spider, and go to ‘Help > Debug > Debug Options’ and find the setting labeled ‘Network (restart required)’, and change this to ‘Debug’, click ‘OK’, then close.
  • 2) Restart the SEO Spider.
  • 2) On start up you’ll receive a warning pop-up window with the title ‘Network Debug Enabled’. Ignore this by clicking ‘OK’ – we want the logging on.
  • 3) Try to connect to your GA/GSC account to reproduce the error.
  • 4) Go to ‘Help > Debug > Debug Options’, find the setting labeled ‘Network (restart required)’ and change this to ‘INFO’, click ‘OK’ then close.
  • 5) Restart the SEO Spider, you should not get the ‘Network Debug Enabled’ warning now.
  • 6) Go to ‘Help > Debug > Save Logs’.
  • 7) Unzip the saved logs.
  • 8) Open the trace.txt in a text editor, such as Notepad.

From the bottom-up, look for a line containing “CN=*.googleapis.com” you’ll find like below. If this isn’t in the trace.txt file open up the highest numbered trace.txt.NUMBER file you have and check in there, again searching from the bottom up.

Version: V3
Subject: CN=*.googleapis.com, O=Google LLC, L=Mountain View, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11
Key: Sun EC public key, 256 bits
public x coord: 98274446997312835127541769149576585039475199936295800958118771490032236148026
public y coord: 88181432044161306080663229490630778187601582580527997761654179999405642797026
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
Validity: [From: Fri Mar 01 09:38:11 GMT 2019,
To: Fri May 24 10:25:00 BST 2019]
Issuer: CN=Google Internet Authority G3, O=Google Trust Services, C=US
SerialNumber: [ 416b1735 17afc403 9bb0f533 ce9c1626]

If the firewall is interfering here, you’ll see a different ‘Issuer’ line, probably matching the name of your company or firewall service.

Like us on Facebook Connect with us on LinkedIn Follow us on Twitter Subscribe to our channel us YouTube View our RSS feed

Resolving Google Analytics / Google Search Console Connection Issues

Table of Contents
Introduction
Possible Issue
Probable Issue
Solutions
- How To Add A Trusted Certificate
Logging the Issue

Purchase a licence

SEO Spider Log File Analyser

Download

SEO Spider Log File Analyser

Join the mailing list for updates, tips & giveaways

How we use the data in this form

Back to top