Wrong error message (expired cert still valid!)
If I try to access https://bugs.cacert.org I get an error message: SSL_ERROR_EXPIRED_CERT_ALERT
If I access to the same site with chromium browser, there is no such error message, even more: I can access the certificate with the following information: valid until 2024 (see complete cert as picture).
Why this obviously wrong error message? How can it be circumvented (a warning might work, but a blockade?)?
Alle Antworten (7)
I get SEC_ERROR_UNKNOWN_ISSUER the first time I visit the site. SSL Labs indicates the certificate is not trusted by Mozilla, Apple, Android, Java and Windows.
The site uses HSTS which means a secure connection is enforced. To bypass it, you need to search for the site in history (Ctrl+H), right-click > "Forget about this site" then restart the browser. This will clear the HSTS cache and allow you to temporarily bypass the security warnings for the duration of the session.
Firefox doesn't have the "CA Cert Signing Authority" root certificate for cacert.org and thus this origin isn't trusted. You can install this root certificate to make this work (there is a link further down in the Certificate Viewer), but that would only make sense if you would visit this website often.
Thank you, cor-el. I know that Mozilla does not trust CAcert by default. As I use CAcert certificates, the first thing I do with a new browser, is to import the CAcert root certificates. That's why I was surprised that it does not work, even though the root certificates are installed.
eeerrr said
If I try to access https://bugs.cacert.org I get an error message: SSL_ERROR_EXPIRED_CERT_ALERT
eeerrr said
As I use CAcert certificates, the first thing I do with a new browser, is to import the CAcert root certificates. That's why I was surprised that it does not work, even though the root certificates are installed.
Is it possible that an imported certificate has expired? If you click the Advanced button and View Certificate, Firefox should show the certificate chain (as in the cor-el's screenshot) so you can check its links.
Thank you, jscher2000. I checked it. There are two expired class 3 certificates - shoud I remove them? There is a class 3 certificate valid until 2031 and a root certificate valid until 2033.
It works for me after downloading from the certificate page and importing.
eeerrr said
Thank you, jscher2000. I checked it. There are two expired class 3 certificates - shoud I remove them? There is a class 3 certificate valid until 2031 and a root certificate valid until 2033.
Unless the date on your computer has advanced 10 years into the future, those should not be treated as expired. But in case Firefox is not showing what is saved in your Certificate Manager, could you check whether there are old versions saved that you could delete.