搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

For one website: "This connection is untrusted"

  • 5 个回答
  • 4 人有此问题
  • 3 次查看
  • 最后回复者为 cor-el

more options

For https://secure.pt4web.com/xxxxx/flash/index.php, which is the login page for a bank (used several times a week), on one XP PC a security alert now issues: "This connection is untrusted," with the specific error being "no issuer chain was provided."

The Firefox security tool reports "Your connection to this web site is not encrypted."

Internet Explorer 8 displays the page with no security alert. Another PC running Firefox under Vista does not display the alert.

Other https web sites do not cause this problem.

This is under Firefox 26.

Things I tried: start Firefox with all add-ons disabled, delete cert8.db from the profile folder, Reset Firefox, uninstall/reinstall Firefox, update Adobe Flash Player, turn off the Windows firewall and Microsoft Security Essentials. I also tried accessing the page from another Windows user account (so the problem does not seem to be specific to one Firefox profile).

Does anyone recognize these symptoms or have further ideas on troubleshooting?

For https://secure.pt4web.com/xxxxx/flash/index.php, which is the login page for a bank (used several times a week), on one XP PC a security alert now issues: "This connection is untrusted," with the specific error being "no issuer chain was provided." The Firefox security tool reports "Your connection to this web site is not encrypted." Internet Explorer 8 displays the page with no security alert. Another PC running Firefox under Vista does not display the alert. Other https web sites do not cause this problem. This is under Firefox 26. Things I tried: start Firefox with all add-ons disabled, delete cert8.db from the profile folder, Reset Firefox, uninstall/reinstall Firefox, update Adobe Flash Player, turn off the Windows firewall and Microsoft Security Essentials. I also tried accessing the page from another Windows user account (so the problem does not seem to be specific to one Firefox profile). Does anyone recognize these symptoms or have further ideas on troubleshooting?

由jd.hupp于修改

被采纳的解决方案

Thanks, philipp and cor-el, for the similarly informative replies.

Oddly, not long after I finished the troubleshooting efforts I describe above, the bank login page began working in Firefox.

I can think of no reason why any of my measures would have a delayed effect without further intermediate actions.

It seems strange that an online banking site would not be sending -- by design -- an intermediate certificate such that dire security alerts are raised in customers' browsers. Unless perhaps it is a cut-rate operation that has figured out how to save some money by operating right at the lower end of acceptable server security.

And maybe the problem will not stay "fixed," since the networking4all report for this site currently reports thus:

Error while checking the SSL Certificate!!

Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.

We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website.

Despite the above report, Firefox on the machine I was sitting at at the time of the report did indeed establish a secure connection.

And again strangely, I ran the networking4all report again 10-15 minutes later, and it said that everything was fine.

Apart from the vacillating reports from networking4all, is there a Firefox security setting that, nudged a notch up or down on different machines, would allow FF on one machine to establish a secure connection when FF on another machine cannot?

定位到答案原位置 👍 0

所有回复 (5)

more options

hello jd.hupp, the site doesn't properly include its intermediate certificate, so this can lead to problems in certain situations.

you might have to install the right certificate manually. go to https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=62&nav=0,20 and download the .crt file. then in firefox go to options > advanced > certificates > view certificates > import... & leave all the checkboxes unticked in the upcoming confirmation dialog...

more options

The secure.pt4web.com server doesn't send a required intermediate certificate.

You can inspect the certificate chain via a site like this:

Note that Firefox stores intermediate certificates automatically, so if you have visited a web server before that

Copy the base64 encoded certificate text of the EssentialSSL CA certificate that starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----" to the clipboard after having selected the full text with the mouse.

Open a plain text editor like Notepad and paste the certificate text of the intermediate certificate that you have placed on the clipboard in the editing area.
Use "Save File as" and set the File type to "All files" and save the certificate text to a .cer file.
Select "All files" when saving the file to avoid getting a hidden .txt file extension (.cer.txt) appended.
Import the saved certificate in the Firefox Certificate Manager.

  • Tools > Options > Advanced > Certificates/Encryption: View Certificates > Authorities > Import

Do not set any trust bits when prompted as those are only required for root certificates and should never be set for a intermediate certificate like this one.


more options

选择的解决方案

Thanks, philipp and cor-el, for the similarly informative replies.

Oddly, not long after I finished the troubleshooting efforts I describe above, the bank login page began working in Firefox.

I can think of no reason why any of my measures would have a delayed effect without further intermediate actions.

It seems strange that an online banking site would not be sending -- by design -- an intermediate certificate such that dire security alerts are raised in customers' browsers. Unless perhaps it is a cut-rate operation that has figured out how to save some money by operating right at the lower end of acceptable server security.

And maybe the problem will not stay "fixed," since the networking4all report for this site currently reports thus:

Error while checking the SSL Certificate!!

Unable to get the local issuer of the certificate. The issuer of a locally looked up certificate could not be found. Normally this indicates that not all intermediate certificates are installed on the server.

We advise you not to submit any confidential or personal data to this website because a secure connection could not be established with this website.

Despite the above report, Firefox on the machine I was sitting at at the time of the report did indeed establish a secure connection.

And again strangely, I ran the networking4all report again 10-15 minutes later, and it said that everything was fine.

Apart from the vacillating reports from networking4all, is there a Firefox security setting that, nudged a notch up or down on different machines, would allow FF on one machine to establish a secure connection when FF on another machine cannot?

由jd.hupp于修改

more options

thanks for reporting back - for the moment i'll mark your issue as solved...

more options

I can confirm that the site is now sending this intermediate certificate.
I deleted it in the Certificate Manager and restarted Firefox as a second test and the website loaded without a problem.