Since I updated my Firefox browser to version 29.0.1, my gmail stopped working.
The issue seems to be with the certificate provider's authenticity. The message that I get is: "This Connection is Untrusted". On expanding the 'Technical Details' tab, it says: "mail.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer)".
In the previous version of Firefox, though the security warning was displayed, there was another drop-down called 'I understand the risks' and there used to be an 'Add Exception' button through which I could confirm the exception and continue to gmail but that drop-down is no longer available.
I tried the following options and none of them worked:
1. Started Firefox in Safe Mode and tried accessing gmail. Same error is shown. 2. Deleted the existing Google cookies and also cleared my network cache and history, restarted Firefox, but still same error. 3. Closed Firefox, deleted cert8.db file, restarted firefox, tried opening gmail, again same error. 4. Reset Firefox, still same error.
All Replies (14)
Troubleshoot the "Secure Connection Failed" error message
Remove the certificate and import the certificate.
I have already tried deleting / renaming the cert8.db file and restarting FF but the result is same. Moreover, it was working before the FF update to version 29. It stopped working since I updated. If I have not understood / missed anything, please explain me and provide the detailed steps.
Start Firefox in Safe Mode to Troubleshoot the issue and to check if one of the extensions (Firefox/Tools > Add-ons > Extensions) or if hardware acceleration is causing the problem (switch to the DEFAULT theme: Firefox/Tools > Add-ons > Appearance).
Hi iamjayakumars,
If you read through my initial problem description, I have already tried safe mode, disabled all extensions and do not use any themes.
I have gone through the links you posted above and tried those steps to no avail.
Even then the issue is there, I even did a reset FF but still the issue is there. I am sure that it is related to some settings being changed in v 29 of FF that has caused this issue.
Create a new profile as a test to check if your current profile is causing the problems. See Creating a profile:
- https://support.mozilla.org/kb/profile-manager-create-and-remove-firefox-profiles
- http://kb.mozillazine.org/Standard_diagnostic_-_Firefox#Profile_issues
If the new profile works then you can transfer files from a previously used profile to the new profile, but be cautious not to copy corrupted files to avoid carrying over the problem Profile Backup and Restore
Sometimes this problem is caused because your system clock is not set properly. Please check your time and date.
Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted and click "Technical Details to expand this section.
If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
- Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
- Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.
No error on the search page, https://www.google.com/ ? From what I can see, the same "intermediate" certificate is used to sign both certificates.
As mentioned in the initial explanation of my issue:
On expanding the 'Technical Details' tab, it says: "mail.google.com uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer)".
"I Understand the Risks" is indeed missing and I tried opening the page (gmail) in an iFrame as well but it did not work. The reason may be that Gmail has a frame buster script that prevents it from running inside a frame.
I have not used any http interceptors like Sendori or FiddlerRoot.
Anyway, the issue is not due to intermediate certs being missing as the error clearly shows that " The certificate is not trusted because the issuer certificate is not trusted. (Error code: sec_error_untrusted_issuer)".
@jscher2000,
No mate, there is no error on the search page.
@iamjayakumars,
I would try creating a profile, however, I am not sure why that should be an issue because the same website (gmail) was working till the day before FF was updated to v29.
It stopped working right from the moment I updated my FF to v29. Just to add to the information already provided, though the same website did show a certificate error on previous version as well but it also displayed the 'I Understand the Risks' drop-down and allowed me to add the certificate exception and navigate to the website. But, after the upgrade the 'I Understand the Risks' drop-down is gone and there is no way to bypass the exception as well.
Sometimes you get certificate error because your system clock / date is wrong. Check them, and make sure the your location is correct and the computers auto time sync is on.
Hi g_lohiya, you can get "sec_error_untrusted_issuer" for a missing intermediate certificate, but since the same intermediate certificate is used on www.google.com (search) I suspect that is not the issue.
Could you compare your certificate details on www.google.com with the attached? Do you have a different issuer?
Can you think of any proxy software/services you might be running, or other explanation for having to create exceptions for well run sites?
Hi g_lohiya, other browsers have similar certificate viewing dialogs. You could check the Gmail certificate in Internet Explorer or Chrome to see whether it has an unexpected issuer. Some malware that can push certificates transparently into the Windows certificate store (used by IE and Chrome) cannot push them into Firefox, so checking the certificate issuer in IE or Chrome may assist in identifying that kind of malware.