Firefox will no longer open Google without a "This Connection is Untrusted" error, and no option to get a temporary certificate is available.
This problem popped up for the first time a few months ago. but I was able to work around it by by clicking on "I understand the risks" on the "This Connection Is Untrusted" warning page, and then by adding a security exception. That fix would work for random lengths of time... sometimes for days, sometimes for minutes. Now, after updating to the latest version of Firefox, I get the same security warning but the option to click "I Understand the Risks" is gone. I get this error message on the technical details page: (Error code: sec_error_unknown_issuer
I have done everything listed here many, many times: https://support.mozilla.org/en-US/kb/connection-untrusted-error-message I mean everything. Delete cert.db, start in safe mode, empty cache, delete and reinstall.... Nothing works.
Your help would be greatly appreciated!
Chosen solution
In Firefox, you need to import into Authorities. The certificate usually will have a .cer extension.
Read this answer in context 👍 4All Replies (20)
hi spwood, in order to know what's going on we probably need more information about the failing issuer of the certificate. please proceed like this: enter chrome://pippki/content/exceptionDialog.xul into the location bar, and in the page that opens, set the server location to "https://www.google.com" in order to retrieve and view the certificate. then please report back with the data of the issued by section of the certificate viewer. thank you!
Philipp:
Thanks so very much for your reply. I have followed the steps you outlined above.. Attached is an image of the certificate that I received.
Please let me know what I should do next.
Thanks.
thanks for following up. does it make a difference if you check in the firefox menu ≡ > options > advanced > network > connection - settings... if firefox is set up to directly connect to the internet ('no proxy')?
Firefox will not connect to the Internet through my network unless I select the "use system proxy settings" option. Sorry.
what is happening here is that in the network environment you're on your encrypted network traffic is intercepted/monitored by this proxy setup. if this isn't properly set-up it looks like a genuine man-in-the-middle attack for firefox and that's why it is displaying that error message.
does it work in other browsers like IE or chrome? if so you could try to import the proxy.state.de.us root certificate from those browsers into firefox, like jscher2000 has described it here (for a different certificate): https://support.mozilla.org/en-US/questions/1068675#answer-745280
otherwise you'd probably ave to contact your it department and inquire about the proper setup/instructions of getting this to work...
Yes, Google works fine in IE. I have tried importing the root certificates issued by my proxy server into Firefox, but to no effect.
If my network or proxy are the problem, why does IE work but not Firefox. Doesn't that suggest that the issue is within Firefox somewhere?
Would you be so kind as to advise why IE works with my proxy but Firefox won't?
firefox has a different certificate store than IE. if there is one entity that should be allowed to intercept/monitor all secure network traffic, its certificate has to be whitelisted in the browser's certificate store - apparently this is set-up in IE in your case but not in firefox...
So, how do I whitelist the certificate for GOogle in Firefox?
you don't have to whitlist the certificate for google (this will work out of the box) but the one by "proxy.state.us" - that's why i've suggested contacting your it department about this issue because there isn't much public information available about that
spwood said
I have tried importing the root certificates issued by my proxy server into Firefox, but to no effect.
Make sure to remove old "exceptions" you might have saved before. Just to confirm:
- Server exceptions appear here: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button, then Servers tab -- look for ones that list a specific server, not "*"
- Your proxy server's authority certificate was imported here: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button, then Authorities tab
Oh boy... after doing the above things are getting worse! Google still doesn't work, and now Yahoo search won't either - same error as with Google. Perhaps I need a bigger hammer :( Any other thoughts?
Can you find your proxy's certificate on the Authorities tab? If not, try importing it again. Without that in place, Firefox won't trust any of the fake site certificates signed by the proxy.
Thanks for your continued help.
I have located the proxy's certificate under IE's "Intermediate Cerfication Authorities. Into which category of certificates under Firefox should it be imported? "Servers" or "Authorities"
Seçilmiş Həll
In Firefox, you need to import into Authorities. The certificate usually will have a .cer extension.
You, sir, are a genius!
I have applied the fix suggested above, and both Google and Yahoo have been restored to full functionality.
Thanks so very much for your assistance! Bravo!
I cannot follow the fix described above. Can you describe in English the steps I should perform in order to get the google and yahoo fixes described? Thanks.
Hi rickthomas, was your other problem of no profile solved?
This thread relates to security software that filters your secure browsing, such as Avast, Bitdefender, ESET or Kaspersky. If Firefox is not set up to work with these programs, you get secure connection error pages containing this:
Error code: sec_error_unknown_issuer
Is that what you're getting? If so, which security software do you use?
Thanks jscher2000.
The profile problem is not fixed (I am using a second computer with FF version 39.0.3 loaded). I've given up for now on using FF (any version) on the first computer.
Regarding the untrusted sites, I use Kaspersky, and have not gotten beyond the FF error page for untrusted sites. So I'm not sure what error code I've gotten. The previous FF version (39.0.3) does not have these issues.
Hi rickthomas, Firefox 40 shouldn't trust Kaspersky any less than Firefox 39... something might have changed during the update. Do you see an Old Firefox Data folder on the desktop, indicating that the Refresh feature ran?
Anyway, Kaspersky usually injects its signing certificate into Firefox's certificate file (cert8.db) automatically. I don't know whether you can coax Kaspersky to do that again, or whether you will need to fix it manually.
I found these steps in a post on the Kaspersky forums. The actual path on disk may vary depending on your product:
Open Firefox's Certificate Manager:
"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > View Certificates button
In the Certificate Manager dialog, click the "Authorities" mini-tab (not the Servers mini-tab)
If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"
Select it and Click "Delete or Distrust"
Now click "Import..."
Proceed to "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"
Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open!
Does that work on your Firefox?