How do I fix a revoked root certificate (windows 10)

For several weeks now, Chrome has been reporting certificate revoked errors on major websites.

Your connection is not private
Attackers might be trying to steal your information from www1.bac-assets.com (for example, passwords, messages, or credit cards). Learn more
NET::ERR_CERT_REVOKED

It's getting to the point that I can't perform basic daily functions. I get the same error if I try Edge, so it seems to be a Windows 10 system problem. I've searched everywhere, and not found a solution, most sites suggest checking system clock, clearing cache, cookies, etc. None of these solutions have worked.

I did find that I could look at the certificate chain, and it appears I have a revoked root certificate for Entrust Root Certification Authority - G2 in the Chrome certificate chain (right click on the address bar, certificate.)

I found something to check mmc console, and there doesn't seem to be an issue if I look in the mmc console at root certificates (no obvious problem anyway.)

Anyone know how to fix this revoked certificate? It's driving me crazy! Help ??

Edit:

bankofamerica.com & tmobile.com

Does anyone know how to fix this revoked certificate?

The certificate is not actually revoked. Your system improperly believes it has been revoked. You should remove Entrust Root Certification Authority (G2) from the certificate store, download Entrust Root Certification Authority (G2) directly from the root authority, and reinstall it. in question and reinstall it You can validate the certificate is properly working by visiting this test website.

You should absolutely NOT disable "Check for server certificate revocation". The major reason you shouldn't disable that option is that it won't solve your problem, as the certificate was already in an invalid state.

The second reason you shouldn't disable that option is due to the fact it will make your system extremely insecure. Certificate revocation is one of the primary security features of SSL/TLS certificates.