We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Caută ajutor

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Află mai multe

Acest fir de discuție a fost arhivat. Adresează o întrebare nouă dacă ai nevoie de ajutor.

Firefox will no longer open Google without a "This Connection is Untrusted" error, and no option to get a temporary certificate is available.

  • 44 răspunsuri
  • 244 au această problemă
  • 2 vizualizări
  • Ultimul răspuns de cor-el

more options

This problem popped up for the first time a few months ago. but I was able to work around it by by clicking on "I understand the risks" on the "This Connection Is Untrusted" warning page, and then by adding a security exception. That fix would work for random lengths of time... sometimes for days, sometimes for minutes. Now, after updating to the latest version of Firefox, I get the same security warning but the option to click "I Understand the Risks" is gone. I get this error message on the technical details page: (Error code: sec_error_unknown_issuer

I have done everything listed here many, many times: https://support.mozilla.org/en-US/kb/connection-untrusted-error-message I mean everything. Delete cert.db, start in safe mode, empty cache, delete and reinstall.... Nothing works.

Your help would be greatly appreciated!

This problem popped up for the first time a few months ago. but I was able to work around it by by clicking on "I understand the risks" on the "This Connection Is Untrusted" warning page, and then by adding a security exception. That fix would work for random lengths of time... sometimes for days, sometimes for minutes. Now, after updating to the latest version of Firefox, I get the same security warning but the option to click "I Understand the Risks" is gone. I get this error message on the technical details page: (Error code: sec_error_unknown_issuer I have done everything listed here many, many times: https://support.mozilla.org/en-US/kb/connection-untrusted-error-message I mean everything. Delete cert.db, start in safe mode, empty cache, delete and reinstall.... Nothing works. Your help would be greatly appreciated!

Soluție aleasă

In Firefox, you need to import into Authorities. The certificate usually will have a .cer extension.

Citește acest răspuns în context 👍 4

Toate răspunsurile (20)

more options

hi spwood, in order to know what's going on we probably need more information about the failing issuer of the certificate. please proceed like this: enter chrome://pippki/content/exceptionDialog.xul into the location bar, and in the page that opens, set the server location to "https://www.google.com" in order to retrieve and view the certificate. then please report back with the data of the issued by section of the certificate viewer. thank you!

more options

Philipp:

Thanks so very much for your reply. I have followed the steps you outlined above.. Attached is an image of the certificate that I received.

Please let me know what I should do next.

Thanks.

more options

thanks for following up. does it make a difference if you check in the firefox menu ≡ > options > advanced > network > connection - settings... if firefox is set up to directly connect to the internet ('no proxy')?

more options

Firefox will not connect to the Internet through my network unless I select the "use system proxy settings" option. Sorry.

more options

what is happening here is that in the network environment you're on your encrypted network traffic is intercepted/monitored by this proxy setup. if this isn't properly set-up it looks like a genuine man-in-the-middle attack for firefox and that's why it is displaying that error message.

does it work in other browsers like IE or chrome? if so you could try to import the proxy.state.de.us root certificate from those browsers into firefox, like jscher2000 has described it here (for a different certificate): https://support.mozilla.org/en-US/questions/1068675#answer-745280

otherwise you'd probably ave to contact your it department and inquire about the proper setup/instructions of getting this to work...

more options

Yes, Google works fine in IE. I have tried importing the root certificates issued by my proxy server into Firefox, but to no effect.

If my network or proxy are the problem, why does IE work but not Firefox. Doesn't that suggest that the issue is within Firefox somewhere?

more options

Would you be so kind as to advise why IE works with my proxy but Firefox won't?

more options

firefox has a different certificate store than IE. if there is one entity that should be allowed to intercept/monitor all secure network traffic, its certificate has to be whitelisted in the browser's certificate store - apparently this is set-up in IE in your case but not in firefox...

more options

So, how do I whitelist the certificate for GOogle in Firefox?

more options

you don't have to whitlist the certificate for google (this will work out of the box) but the one by "proxy.state.us" - that's why i've suggested contacting your it department about this issue because there isn't much public information available about that

more options

spwood said

I have tried importing the root certificates issued by my proxy server into Firefox, but to no effect.

Make sure to remove old "exceptions" you might have saved before. Just to confirm:

  • Server exceptions appear here: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button, then Servers tab -- look for ones that list a specific server, not "*"
  • Your proxy server's authority certificate was imported here: "3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > "View Certificates" button, then Authorities tab
more options

Oh boy... after doing the above things are getting worse! Google still doesn't work, and now Yahoo search won't either - same error as with Google. Perhaps I need a bigger hammer :( Any other thoughts?

more options

Can you find your proxy's certificate on the Authorities tab? If not, try importing it again. Without that in place, Firefox won't trust any of the fake site certificates signed by the proxy.

more options

Thanks for your continued help.

I have located the proxy's certificate under IE's "Intermediate Cerfication Authorities. Into which category of certificates under Firefox should it be imported? "Servers" or "Authorities"

more options

Soluție aleasă

In Firefox, you need to import into Authorities. The certificate usually will have a .cer extension.

more options

You, sir, are a genius!

I have applied the fix suggested above, and both Google and Yahoo have been restored to full functionality.

Thanks so very much for your assistance! Bravo!

more options

I cannot follow the fix described above. Can you describe in English the steps I should perform in order to get the google and yahoo fixes described? Thanks.

more options

Hi rickthomas, was your other problem of no profile solved?

This thread relates to security software that filters your secure browsing, such as Avast, Bitdefender, ESET or Kaspersky. If Firefox is not set up to work with these programs, you get secure connection error pages containing this:

Error code: sec_error_unknown_issuer

Is that what you're getting? If so, which security software do you use?

more options

Thanks jscher2000.

The profile problem is not fixed (I am using a second computer with FF version 39.0.3 loaded). I've given up for now on using FF (any version) on the first computer.

Regarding the untrusted sites, I use Kaspersky, and have not gotten beyond the FF error page for untrusted sites. So I'm not sure what error code I've gotten. The previous FF version (39.0.3) does not have these issues.

more options

Hi rickthomas, Firefox 40 shouldn't trust Kaspersky any less than Firefox 39... something might have changed during the update. Do you see an Old Firefox Data folder on the desktop, indicating that the Refresh feature ran?

Anyway, Kaspersky usually injects its signing certificate into Firefox's certificate file (cert8.db) automatically. I don't know whether you can coax Kaspersky to do that again, or whether you will need to fix it manually.

I found these steps in a post on the Kaspersky forums. The actual path on disk may vary depending on your product:


Open Firefox's Certificate Manager:

"3-bar" menu button (or Tools menu) > Options > Advanced > Certificates mini-tab > View Certificates button

In the Certificate Manager dialog, click the "Authorities" mini-tab (not the Servers mini-tab)

If you see an existing "Kaspersky Anti-Virus Personal Root Certificate"

Select it and Click "Delete or Distrust"

Now click "Import..."

Proceed to "C:\ProgramData\Kaspersky Lab\AVP15.0.1\Data\Cert\"

Select "(fake)Kaspersky Anti-Virus Personal Root Certificate.cer" and Open!


Does that work on your Firefox?

  1. 1
  2. 2
  3. 3