Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Regular websites untrusted since refreshing firefox. I deleted cert8.db; time settings are fine, but is still not working. What to do?

  • 8 replies
  • 21 have this problem
  • 1 view
  • Paskiausią atsakymą parašė LLLL54

more options

Firstly got error message saying something is preventing Firefox from updating with request to refresh Firefox. So I did. Result is common websites like google and mozilla's own websites not opening because "Connection Untrusted" - (Error code: sec_error_unknown_issuer). I work on Mac OS X 10.10.2 Did delete the cert8.db in Profile folder a couple of times, but is not working. Time settings are fine. Deleted the entire browser app and reinstalled anew; same issue occurring. What's happening? And more importantly, how can this be fixed?

Firstly got error message saying something is preventing Firefox from updating with request to refresh Firefox. So I did. Result is common websites like google and mozilla's own websites not opening because "Connection Untrusted" - (Error code: sec_error_unknown_issuer). I work on Mac OS X 10.10.2 Did delete the cert8.db in Profile folder a couple of times, but is not working. Time settings are fine. Deleted the entire browser app and reinstalled anew; same issue occurring. What's happening? And more importantly, how can this be fixed?

Chosen solution

Aha, do you see AVAST in there under the certificate issuer?

Your Avast security software is intercepting your browsing to filter it for threats. In order to filter secure connections, Avast creates these fake certificates and presents them to your browsers. Since Firefox uses a separate certificate file from Safari, Firefox needs to be set up to trust Avast to generate these certificates.

Now... in theory, Avast is supposed to update Firefox automatically when you exit out and start it up again. I'm assuming you have quit Firefox since this problem started but, if not, give that a try.

If that doesn't work, you or a volunteer would need to research the steps to get the Avast signing certificate into Firefox.

Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.

Skaityti atsakymą kartu su kontekstu 👍 4

All Replies (8)

more options

On firefox click settings then click OPTIONS > click Advanced, click Network. Click settings & choose "Auto-detect proxy setting for this network. Click OK & OK again. Now goto certificates and choose select one automatically.Restart firefox & try to search google or yahoo. Hopefully it would work now.

more options

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"
  • Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate"
  • Click the "View" button and inspect the certificate and check who is the issuer of the certificate.

You can see more details like the intermediate certificates that are used in the Details tab.

Who is the issuer of the certificate?

If you can't inspect the certificate via "I Understand the Risks" then try this:

Open this chrome URI by pasting or typing this URI in the location/address bar to open the "Add Security Exception" window and check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field type/paste the URL of the website

  • retrieve the certificate via the "Get certificate" button
  • click the "View..." button to inspect the certificate in the Certificate Viewer

Check who is the issuer of the certificate.


Just to be sure: We have seen reports that the time as set via an internet based time service was so much out of sync that an error occurs, so if that is the case with your current service then try to switch to another time service.

You can check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

more options

Hi, thanks for your replies.

@ premm krishna shenoy: Changing the proxy detecting settings to automatic; did not really do anything. The problem is also not with every website, just major ones like google and even mozilla's own website are untrusted. But 'smaller' website work fine.

@ cor-el: Cannot do the "I understand risk" thing because it doesn't offer me the option, so followed the chrome URI route; however after trying this on google it still doesn't work and so it continues to not trust it regardless of whether I specifically tell it to trust it. Time zone is the standard Apple time-zone determination, which is corresponding to every clock I come across here.

more options

Can you at least inspect the certificate via the chrome:// URI?

Can you attach a screenshot?

  • Use a compressed image type like PNG or JPG to save the screenshot
  • Make sure that you do not exceed the maximum size of 1 MB
more options

Most definitely. I uploaded a screenshot.

more options

As you can see in the screenshot the certificate is issued by your Avast security software.

You can disable HTTPS scanning in Avast Web Shield.

more options

Chosen Solution

Aha, do you see AVAST in there under the certificate issuer?

Your Avast security software is intercepting your browsing to filter it for threats. In order to filter secure connections, Avast creates these fake certificates and presents them to your browsers. Since Firefox uses a separate certificate file from Safari, Firefox needs to be set up to trust Avast to generate these certificates.

Now... in theory, Avast is supposed to update Firefox automatically when you exit out and start it up again. I'm assuming you have quit Firefox since this problem started but, if not, give that a try.

If that doesn't work, you or a volunteer would need to research the steps to get the Avast signing certificate into Firefox.

Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.

more options

Thanks cor-el, that did work. Although I'd be happy to find the correct avast authorisation certificate for Firefox to ingest so that https websites too can still be monitored...

jscher2000 said

Plan C would be to grab the old cert8.db file from the Old Firefox Data folder on your desktop and transplant it into your current Firefox profile. That one must already have been set up to work with Avast.

Did try this earlier today, but it did not change anything really...