搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

Your connection is not secure

  • 17 回覆
  • 11 有這個問題
  • 1 次檢視
  • 最近回覆由 Happy112

more options

Firefox Quantum reports "Your connection is not secure".

I have a Windows 10 Professional computer with Kaspersky Total Security. I use 2 local accounts: 1. User account (ua) A, member of <Administrators>, and 2. ua B, member of <Users>.

Logged on with ua A I can use Firefox without any problems. Logged on with ua B Firefox reports "Your connection is not secure" for my sites. Logged on with ua B and start Firefox by "run as Administrator" there are no problems. Logged on with ua B, start Kaspersky Safe Money (Firefox is set as default browser) and then visiting my sites also give no problems.

Before Quantum I could use Firefox normally logged on with ua B. What's happening?

Firefox Quantum reports "Your connection is not secure". I have a Windows 10 Professional computer with Kaspersky Total Security. I use 2 local accounts: 1. User account (ua) A, member of <Administrators>, and 2. ua B, member of <Users>. Logged on with ua A I can use Firefox without any problems. Logged on with ua B Firefox reports "Your connection is not secure" for my sites. Logged on with ua B and start Firefox by "run as Administrator" there are no problems. Logged on with ua B, start Kaspersky Safe Money (Firefox is set as default browser) and then visiting my sites also give no problems. Before Quantum I could use Firefox normally logged on with ua B. What's happening?

被選擇的解決方法

If you have cert8.db (used previously) and cert9.db then try to rename cert9.db (cert9.db.old) in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed file (cert9.db.old).

Firefox will store intermediate certificates that a server sends in the Certificate Manager for future use.


You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

從原來的回覆中察看解決方案 👍 2

所有回覆 (17)

more options

Sounds like a kaspersky problem and if you disable kaspersky what happens then?

more options
more options

Thanks WestEnd for your input. I've tried it and it didnot solve the problem. As I expected because why would Kaspersky block ua B and not ua A ?

more options

Thanks cor-el but I was familiar with that article before placing my post. Besides, why troubleshooting for ua B and not for ua A where both users use the same certificate ?

more options

In what way is the connection not secure?

Is there a certificate problem or is there a problem with mixed content?

You can see a special padlock at the left end of the location/address bar.

  • a padlock with a strike through means that mixed active content is blocked.
  • a padlock with an exclamation mark attached means that mixed passive content (e.g. images) is present, but not blocked.

You see the shield icon when Tracking Protection is blocking content.

more options

WestEnd said

Sounds like a kaspersky problem and if you disable kaspersky what happens then?
more options

cor-el said

In what way is the connection not secure? Is there a certificate problem or is there a problem with mixed content? You can see a special padlock at the left end of the location/address bar.
  • a padlock with a strike through means that mixed active content is blocked.
  • a padlock with an exclamation mark attached means that mixed passive content (e.g. images) is present, but not blocked.
You see the shield icon when Tracking Protection is blocking content.
more options

Hi cor-el. Thanks for your input and the articles.There is nothing wrong with the content of the webpage; see for yourself : www.nos.nl. It's a Dutch news site. I send you a screenshot of the error-message I get using ua B using Firefox directly (see my first post).

more options

No problems here with https://nos.nl/

You can click the "Advanced" button to expand this section and show extra details. If the certificate is not trusted because the issuer certificate is unknown (SEC_ERROR_UNKNOWN_ISSUER) then click the blue error message to expand this section and show the certificate chain. You can click "Copy text to clipboard" and paste the base64 encoded certificate chain text in a reply. That will allow us to details like the issuer of the certificate.

  • always be cautious when you get an 'Untrusted' error message
  • never create a permanent exception without investigating the cause and only use this to inspect the certificate
more options

SEC_ERROR_UNKNOWN_ISSUER :

https://nos.nl/

Peer’s Certificate issuer is not recognized.

HTTP Strict Transport Security: false HTTP Public Key Pinning: false

Certificate chain:

++++ That's it

more options

Does this work to inspect the certificate chain?

Open this chrome URI by pasting or typing this URI in the location/address bar to open the window to check the certificate:

  • chrome://pippki/content/exceptionDialog.xul

In the location field enter the URL of the website

  • retrieve the certificate via the "Get certificate" button
  • inspect the certificate via the "View..." button
more options

Hallo cor-el

New stuff for me: chrome URI.

You've asked me to inspect the certificate chain. I don't understand the question because the "certificate chain" field was empty (my post 2/16/18, 7:06 AM). Here are the results of the chrome URI. I'm not familiair with this. I see in the Extensions part of the Details-pane: 1. Certicicate Subject Alt Name: Not Critical DNS Name: *.nos.nl DNS Name: nos.nl 2. Certicicate Basic Constraints: Critical Is not a Certificate Authority 3. Extended Key Usage: Not Critical TLS Web Server Authentication (1.3.6.1.5.5.7.3.1) TLS Web Client Authentication (1.3.6.1.5.5.7.3.2) 4. Certicicate Key Usage: Critical Signing Key Encipherment

Hope you can do something with this. Thanks again. Evert.

more options

The second and third screenshot show that the certificate is issued by your Kaspersky security software.

See the section about Kaspersky in the article:

more options

Hallo cor-el

About your article reference, I already knew that one. But first, I have been able to "fix" FF for account B. I cannot save the fix so when closing FF and start it up again the fix is gone. Here is the fix: Open FF Certificate Manager (Options/Privacy & Security/scroll to Certificates and click <View Certificates>). Select the Authorities pane and select the "Kaspersky Anti-Virus Personal Root Certificate". Click <View> and you can read: Could not verify this certificate because the issuer is unknown. <Close> the screen and click <Edit trust>. In my case the three "Edit trust settings" selections were empty. I set the first one: "This certificate can identify websites." and click <OK> (confirmed with masterpassword). Now click the <View> again and now we see: This certificate has been verified for the following uses: SSL Certificate Authority And now I can use FF. But again, don't close FF.

This must be a known fix. Do you know how to save the fix? Or even better, what to change to prevent the fix? (about:config ??). It must be a bug in FF Quantum (??).

more options

選擇的解決方法

If you have cert8.db (used previously) and cert9.db then try to rename cert9.db (cert9.db.old) in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed file (cert9.db.old).

Firefox will store intermediate certificates that a server sends in the Certificate Manager for future use.


You can use the button on the "Help -> Troubleshooting Information" (about:support) page to go to the current Firefox profile folder or use the about:profiles page.

more options

Hi cor-el

Renaming cert9.db is the permanent solution! Problem solved. Case closed. Thanks again. Have a good life. Evert Rademaker.

more options

Hi Evert  !

Would you be a dear and mark cor-el's post as Chosen Solution  ?

(solved problem button .... )

Bij voorbaat dank  ! (Thank you in advance)