Firefox blocking trusted web sites
trying to order something online. Firefox saying "this site is untrusted". I have used the site before without any problems. They say use IE or Chrome! Can you help?
Chosen solution
hughmaccallum said
Is this a common problem when one has a combination of Firefox and Kaspersky? I didn't used to get a problem. I wonder if upgrades to Firefox have caused the problem? It isn't a problem if I use IE.
It occurs when the trust between Firefox and Kaspersky is broken. Usually Kaspersky transparently inserts its signing certificate into both the Windows system certificate store (shared by IE and Chrome) and Firefox's certificate store, and there's no problem. However, if you were to use Firefox's Refresh feature, the old certificate store is removed and Firefox no longer trusts the "fake" certificates until it is set up to work with Kaspersky again. I'd say that is the most common scenario on this forum.
Read this answer in context 👍 2All Replies (10)
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
- Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
- Click the "View" button and inspect the certificate and check who is the issuer of the certificate.
You can see more details like the intermediate certificates that are used in the Details tab.
Who is the issuer of the certificate?
If you can't inspect the certificate via "I Understand the Risks" then try this:
Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field type/paste the URL of the website
- retrieve the certificate via the "Get certificate" button
- click the "View..." button to inspect the certificate in the Certificate Viewer
Seems you use Kaspersky -- judging from your plugins list in Question Details > More System Details.
Are you having certificate errors on numerous sites, or only on this one?
If it's just the one site, it's possible they haven't set up their server correctly as far as Firefox is concerned. You can use a test page like the following, which has very comprehensive information, but the main things that tend to trip sites up are: incomplete certificate chain (extra download required, which Firefox does not do) or only having RC4 ciphers (old encryption method).
https://www.ssllabs.com/ssltest/
If the problem occurs on multiple sites, have you upgraded to a new major version of Kaspersky recently?
jscher2000 said
Seems you use Kaspersky -- judging from your plugins list in Question Details > More System Details. Are you having certificate errors on numerous sites, or only on this one? If it's just the one site, it's possible they haven't set up their server correctly as far as Firefox is concerned. You can use a test page like the following, which has very comprehensive information, but the main things that tend to trip sites up are: incomplete certificate chain (extra download required, which Firefox does not do) or only having RC4 ciphers (old encryption method). https://www.ssllabs.com/ssltest/ If the problem occurs on multiple sites, have you upgraded to a new major version of Kaspersky recently?
Thank you for replying. It is very frustrating!
It seems to happen on other sites as well. I can use IE without any problem. I also have found that links from Search Engines quite often don't work either. This all seems to have happened in the past month or so. My Kaspersky has been installed for some time now and updates usually daily. I am using the latest version of Firefox.
Firefox has a separate certificate store from Windows, but Kaspersky usually inject its signing certificate into that file (cert8.db) automatically. When that fails, you can import it manually. Also, you might need to manually remove the old signing certificate if it isn't cleaned out automatically.
I found these steps in a post on the Kaspersky forums. The actual path on disk may vary depending on your product:
"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > View Certificates button > Authorities mini-tab
If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"
Select it and Click "Delete or Distrust"
Now click "Import..."
Proceed to "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"
Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open!
Does that work on your Firefox?
Is this a common problem when one has a combination of Firefox and Kaspersky? I didn't used to get a problem. I wonder if upgrades to Firefox have caused the problem? It isn't a problem if I use IE.
Chosen Solution
hughmaccallum said
Is this a common problem when one has a combination of Firefox and Kaspersky? I didn't used to get a problem. I wonder if upgrades to Firefox have caused the problem? It isn't a problem if I use IE.
It occurs when the trust between Firefox and Kaspersky is broken. Usually Kaspersky transparently inserts its signing certificate into both the Windows system certificate store (shared by IE and Chrome) and Firefox's certificate store, and there's no problem. However, if you were to use Firefox's Refresh feature, the old certificate store is removed and Firefox no longer trusts the "fake" certificates until it is set up to work with Kaspersky again. I'd say that is the most common scenario on this forum.
I use Kaspersky also and for the past 2 or 3 months when I log on to my banking website it always asks for one of my secret security questions. I contacted the bank and they told me to go to my settings and untic the 'Delete browsing history on closing FF". It didn't work. Would this certificate issue have anything to do with my problem? I also use IE and it has no issue. The banking site is the only one that has the problem.
Hi ENIAC2
A detail like a website remembering you (log you in automatically) is stored in a cookie.
You can use these steps to make a website recognize and remember you:
- Create a cookie 'allow' exception to keep such cookies, especially in case of secure websites and when cookies expire when Firefox is closed.
- Tools > Options > Privacy > "Use custom settings for history" > Cookies: Exceptions
In case you use "Clear history when Firefox closes" or otherwise clear history.
- do not clear the Cookies
- do not clear the Site Preferences
- Tools > Options > Privacy > Firefox will: "Use custom settings for history": [X] "Clear history when Firefox closes" > Settings
- https://support.mozilla.org/kb/remove-recent-browsing-search-and-download-history
- Clearing "Site Preferences" clears all exceptions for cookies, images, pop-up windows, software installation, passwords, and other website specific data.
- Clearing Cookies will remove all selected cookies including cookies with an allow exception that you want to keep.
Thank you cor-el. I will try these steps you posted. I have already chosen not to clear history when Firefox closes and that didn't work. I will post back with my results. Thank you again.