Connections to Google Analytics and Google Search Console from the SEO Spider are performed securely using libraries provided by Google. When the connection is established the library verifies the server it’s talking to is who it says it is by looking at its certificate.
If you are see the following pop-up when connecting this means there is something either on your computer, or in your network environment, that is preventing the server from being successfully verified.
In a minority of cases this error is triggered by Covenant Eyes and Kaspersky. If you have either of these, or similar security software running, either try connecting with them disabled or with an exception in place for *.google.com.
You may need to contact your IT team to do this.
The most common case we see by far is in a cooperate environment, where the IT team has setup the firewall to do SSL encryption.
The issue is triggered by the certificate presented by the GA/GSC server claiming to be Issued by the firewall, rather than Google, thus making the connection appear (quite rightly!) insecure. Typically the IT team have to make a few adjustments for *.google.com that resolved the issue.
There is nothing we at Screaming Frog can do to resolve this issue.
As this is quite a subtle issue that perhaps IT might not be fully be aware of, you might need to prove this is what is happening. Using the following steps, you can enable network logging and see the verification process.
1) Open up the SEO Spider, and go to ‘Help > Debug > Debug Options’ and find the setting labeled ‘Network (restart required)’, and change this to ‘Debug’, click ‘OK’, then close.
2) Restart the SEO Spider.
2) On start up you’ll receive a warning pop-up window with the title ‘Network Debug Enabled’. Ignore this by clicking ‘OK’ – we want the logging on.
3) Try to connect to your GA/GSC account to reproduce the error.
4) Go to ‘Help > Debug > Debug Options’, find the setting labeled ‘Network (restart required)’ and change this to ‘INFO’, click ‘OK’ then close.
5) Restart the SEO Spider, you should not get the ‘Network Debug Enabled’ warning now.
6) Go to ‘Help > Debug > Save Logs’.
7) Unzip the saved logs.
8) Open the trace.txt in a text editor, such as Notepad.
From the bottom-up, look for a line containing “CN=*.googleapis.com” you’ll find like below. If this isn’t in the trace.txt file open up the highest numbered trace.txt.NUMBER file you have and check in there, again searching from the bottom up.
Subject: CN=*.googleapis.com, O=Google LLC, L=Mountain View, ST=California, C=US
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113522.214.171.124
Key: Sun EC public key, 256 bits
public x coord: 98274446997312835127541769149576585039475199936295800958118771490032236148026
public y coord: 88181432044161306080663229490630778187601582580527997761654179999405642797026
parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7)
Validity: [From: Fri Mar 01 09:38:11 GMT 2019,
To: Fri May 24 10:25:00 BST 2019] Issuer: CN=Google Internet Authority G3, O=Google Trust Services, C=US
SerialNumber: [ 416b1735 17afc403 9bb0f533 ce9c1626]
If the firewall is interfering here, you’ll see a different ‘Issuer’ line, probably matching the name of your company or firewall service.