Firefox has problems with security certificates for yahoo and google when my son logs in as a child under a family account in windows 10.
I use windows 10 and set up a microsoft family account with my son as a child so I can regulate his time on the computer. When he logs in this way and opens Firefox, he gets the error message sec_error_unknown_issuer whenever he tries to get into yahoo or google. The error screen doesn't give the option to make an exception for the problem with the security certificate. When he logs in as a local user the error message doesn't show up. I think it has something to do with logging in on a microsoft family account as a child. The security certificates are different and I think microsoft is acting as an intermediary. I log in as an adult and have no problems at all. I don't know if there is a way to get around this problem. He tried using google Chrome and had no problems but he really prefers to use Firefox as his default browser.
Izabrano rješenje
I believe Microsoft Family Safety operates as a "man in the middle." IE, Edge, and Google Chrome share the same certificate store, the Windows system certificate store. In that store, Microsoft Family Safety is trusted as an authority to issue certificates on behalf of websites. What I think you need to do is copy the certificate to Firefox's separate certificate store to establish the same level of trust.
Microsoft published steps for this when it released an update for Windows 8.1 some time back, so these are the steps from that article. They probably work mostly the same in Windows 10 but please let us know.
(1) Open the Windows Certificate Manager by using search to find Manage user certificates
(2) Expand Trusted Root Certificates Authorities and then click Certificates
(3) In the right-side pane, select Microsoft Family Safety Certificate
, and then right-click to display the shortcut menu. Select All Tasks, and then click Export.
(4) Continue through the Certificate Export Wizard:
- When you are prompted to export the Private Key, click No.
- For the export file format, select DER encoded binary X.509 (.CER).
- Use the browse button to browse to your desktop, and then specify a file name such as
Family Safety Certificate
for the file that you are exporting. The wizard automatically adds a ".cer" extension. - Click Next, and then click Finish to complete the export.
(5) In Firefox, open the Advanced Panel of the Options page using:
"3-bar" menu button (or Tools menu) > Options > Advanced
Click the Certificates mini-tab, then the View Certificates button to display the Certificate Manager.
(7) In the Certificate Manager, click the Authorities mini-tab, and then click the Import button. Firefox should be looking for .cer files automatically.
(8) Point the import dialog to the desktop and select the Family Safety Certificate
file that you previously exported, and then click Open.
(9) In the Downloading Certificate dialog box, select the Trust this CA to identify web sites check box, and then click OK. Click OK again to exit the Certificate Manager.
If Firefox doesn't trust Yahoo and Google immediately, you might need to clear Firefox's cache (see How to clear the Firefox cache), or exit out of Firefox and start it up again.
Success?
Pročitajte ovaj odgovor sa objašnjenjem 👍 3All Replies (4)
If you have Avast then try to disable HTTPS scanning in Avast Web Shield.
- http://www.ghacks.net/2014/10/31/avasts-https-scanning-interferes-with-firefox-and-other-programs/
- https://forum.avast.com/index.php?topic=176073.0
If you can't inspect the certificate via "I Understand the Risks" then try this:
Open the "Add Security Exception" window by pasting this chrome URL in the Firefox location/address bar and check the certificate:
- chrome://pippki/content/exceptionDialog.xul
In the location field of this window type or paste the URL of the website.
- retrieve the certificate via the "Get certificate" button
- click the "View..." button to inspect the certificate in the Certificate Viewer
You can inspect details like the issuer and the certificate chain in the Details tab of the Certificate Viewer. Check who is the issuer of the certificate. If necessary then you can attach a screenshot that shows the certificate viewer.
Odabrano rješenje
I believe Microsoft Family Safety operates as a "man in the middle." IE, Edge, and Google Chrome share the same certificate store, the Windows system certificate store. In that store, Microsoft Family Safety is trusted as an authority to issue certificates on behalf of websites. What I think you need to do is copy the certificate to Firefox's separate certificate store to establish the same level of trust.
Microsoft published steps for this when it released an update for Windows 8.1 some time back, so these are the steps from that article. They probably work mostly the same in Windows 10 but please let us know.
(1) Open the Windows Certificate Manager by using search to find Manage user certificates
(2) Expand Trusted Root Certificates Authorities and then click Certificates
(3) In the right-side pane, select Microsoft Family Safety Certificate
, and then right-click to display the shortcut menu. Select All Tasks, and then click Export.
(4) Continue through the Certificate Export Wizard:
- When you are prompted to export the Private Key, click No.
- For the export file format, select DER encoded binary X.509 (.CER).
- Use the browse button to browse to your desktop, and then specify a file name such as
Family Safety Certificate
for the file that you are exporting. The wizard automatically adds a ".cer" extension. - Click Next, and then click Finish to complete the export.
(5) In Firefox, open the Advanced Panel of the Options page using:
"3-bar" menu button (or Tools menu) > Options > Advanced
Click the Certificates mini-tab, then the View Certificates button to display the Certificate Manager.
(7) In the Certificate Manager, click the Authorities mini-tab, and then click the Import button. Firefox should be looking for .cer files automatically.
(8) Point the import dialog to the desktop and select the Family Safety Certificate
file that you previously exported, and then click Open.
(9) In the Downloading Certificate dialog box, select the Trust this CA to identify web sites check box, and then click OK. Click OK again to exit the Certificate Manager.
If Firefox doesn't trust Yahoo and Google immediately, you might need to clear Firefox's cache (see How to clear the Firefox cache), or exit out of Firefox and start it up again.
Success?
Izmjenjeno
Thank you. At first it didn't work because I set it up within my log-in. When I repeated it within my son's log-in it worked immediately.
Thank you for reporting back. That makes sense, since you probably have separate Firefox profiles, each with its own certificate store.