Websites using ssl once safe now show "This Connection is Untrusted" in windows 8.1 only
They also have "This website does not supply Identity Information" if you hover over the fav icon (where padlock should be.
The Technical Details are in Firefox 3.0 windows 8.1 "websiteaddresss" uses an invalid security certificate. The certificate is not trusted because no issuer chain was provided. (Error code: sec_error_unknown_issuer)"
In IE 11 Windows 8.1 There's no error but also no padlock or security info at all
In Windows 7 there's just no padlock and the same hover over message
Google chrome in windows 8.1 shows every thing as being OK and secure and viewing security info Shows "the identity of this website has been verified by USERTrust High-Assurance Secure Server CA but it does not have public audit records."
Please Don't Suggest Installing Certificates on my system I cant have every potential visitor to these sites doing this.
So is this a Bug in firefox 30 or windows 8.1 or with the actual certificate or cert providers ? If with providers then what do they need to do in order for it to work without errors in any browser ?
الحل المُختار
so the 2 missing certs in the chain is enough for Firefox to say get me out here ?
Isn't that the whole point of the certificate system? If a cert cannot be verified, then that's reason to be careful.
and why the hell does ie 11 not show anything at all ?
Firefox uses it's own certificate store. Both, IE and Chrome use the Windows certificate store. So you may see a different behavior when using FF and IE. I'm not going to speculate why you didn't see a warning with IE.
Read this answer in context 👍 1All Replies (10)
What site are you talking about (URL)? When you get the error, check who's the issuer of the problematic cert.
Click the site identity button ('the fav icon') - More Information - View Certificate
Look for 'Issued By' and post that information.
... the fav icon (where padlock should be.
The times when there simply was a padlock are long gone. https://support.mozilla.org/en-US/kb/how-do-i-tell-if-my-connection-is-secure
Are you sure that all required intermediate certificates are installed on the server and are send?
You can inspect the certificate chain via a site like this:
Firefox automatically stores intermediate certificates that servers send in the Certificate Manager for future usage. If a server doesn't send a full certificate chain then you won't get an untrusted error when Firefox has stored missing intermediate certificates from visiting a server in the past that has send it, but you do get an untrusted error if this intermediate certificate isn't stored yet.
Hi there one site is harddrivendomains.com.au redirects to https://payment.secureapi.com.au/domain-names/setup/ with a session id string on the end when clicking checkout
But simply visiting https://www.secureapi.com.au/reseller/home/login/ has the same result in firefox . but has the padlock in IE 11 where as the payment. sub domain does not have any info in IE11 like its not even https: at all ?
Um There is no cert to view in Firefox (see attachment) i have to use Google Chrome to view it. Anyways as in the first post the cert is issued by "USERTrust High-Assurance Secure Server CA " created by Comondo and i believe and its purpose is to verify the identity of the secureapi.com.au and sub domains
Im well aware of the new security info format (actualy) it still kinda varies with diff browsers The Cert all looks good except for Key Usage = "Digital Signature, Key Encipherment (a0)" and Basic Constraints = "Subject Type=End Entity Path Length Constraint=Non"
Both have exclamations (see other attachments )
Regards, Chris
Thanks for that i was looking for a page exactly like that to narrow it down.
Yep its kinda messed up :(
possibly missing a cert by the looks or a part of the system is down
http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=payment.secureapi.com.au&protocol=https
Same result without sub domain Damm I wonder how long ts been like this ?
so the 2 missing certs in the chain is enough for Firefox to say get me out here ? and why the hell does ie 11 not show anything at all ?
Anyways Thanks Guys You Have been a Great Help Now to mentally prepare myself for the Foreign Tech Support Call-Center Joys
الحل المُختار
so the 2 missing certs in the chain is enough for Firefox to say get me out here ?
Isn't that the whole point of the certificate system? If a cert cannot be verified, then that's reason to be careful.
and why the hell does ie 11 not show anything at all ?
Firefox uses it's own certificate store. Both, IE and Chrome use the Windows certificate store. So you may see a different behavior when using FF and IE. I'm not going to speculate why you didn't see a warning with IE.
Modified
Hmm my provider claims to have sorted the cert issues and Its working now in windows 7 but I'm still getting the "get me out of here page" in windows 8.1 even after deleting all history items and the cert8.db file is there another place Mozilla stores certs ?
That may be true. But, all of a sudden today (9/11/2014) I am getting that error message on most of the sites that I regularly visit, including my personal bank account sites. This also includes FaceBook, Yahoo, and many other common sites. Please reply to lesbruan@yahoo.com
You should always expand the "Technical Details" section to see what this is about. You should also check the issuer in case of an unknown issuer.
Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Check out why the site is untrusted and click "Technical Details to expand this section. If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source and contact the website to inform them about this issue.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".
- Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
- Note that it is not recommended to add a permanent exception in cases like this, so only use it to inspect the certificate.