We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Your connection is not secure

  • 2 replies
  • 4 have this problem
  • 1 view
  • Last reply by usgroupie

more options

Firefox blocks: https://vip.vba.va.gov/portal/VBAH/VBAHome/condopudsearch, and https://vip.vba.va.gov/portal/VBAH/VBAHome/buildersearch "Your connection is not secure" Advanced Tab cites "vip.vba.va.gov uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported." Error code: SEC_ERROR_UNKNOWN_ISSUER

However, IE 11 has no issue accessing the websites.

Firefox blocks: https://vip.vba.va.gov/portal/VBAH/VBAHome/condopudsearch, and https://vip.vba.va.gov/portal/VBAH/VBAHome/buildersearch "Your connection is not secure" Advanced Tab cites "vip.vba.va.gov uses an invalid security certificate. The certificate is not trusted because the issuer certificate is unknown. The server might not be sending the appropriate intermediate certificates. An additional root certificate may need to be imported." Error code: SEC_ERROR_UNKNOWN_ISSUER However, IE 11 has no issue accessing the websites.

Chosen solution

Servers are supposed to send not just their own certificate, but any intermediate certificate(s) necessary to link the site's certificate with an ultimate authority that browsers trust. IE has a feature to compensate for an incomplete chain of trust, but Firefox doesn't fill in gaps that way.

This site shows that there is a way to collect different signing certificates to confirm that it should be trusted, but there are multiple steps: https://www.ssllabs.com/ssltest/analyze.html?d=vip.vba.va.gov&s=152.132.104.3&latest

I think that means it's currently safe to make a temporary exception for the site. But if they could "clean up their act" that would be great.

Read this answer in context 👍 0

All Replies (2)

more options

Chosen Solution

Servers are supposed to send not just their own certificate, but any intermediate certificate(s) necessary to link the site's certificate with an ultimate authority that browsers trust. IE has a feature to compensate for an incomplete chain of trust, but Firefox doesn't fill in gaps that way.

This site shows that there is a way to collect different signing certificates to confirm that it should be trusted, but there are multiple steps: https://www.ssllabs.com/ssltest/analyze.html?d=vip.vba.va.gov&s=152.132.104.3&latest

I think that means it's currently safe to make a temporary exception for the site. But if they could "clean up their act" that would be great.

more options

Thank you for the info and the link.