X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

Clean install, Im showing the CNNIC ROOT cert among other"could not verify for unknow reasons" in preferences. Please Help!

Veröffentlicht

Ive been having trouble with all my browsers, going to pretty much any website... getting unverified certificate. I have no Virus Protector currently running, because everything I tried (Kaspersky, Avast, F-Secure, Intego, etc) multiple problems occured, which even each companies technical depts' had a hard time understanding. Ive just completely uninstalled Firefox and all data, deleted all profiles, removed all associated files, and then reinstalled the new 37.0.1. In my Preferences here are a few screen shots of just a few of the certificates I have. I dont know how they are getting there, or how to secure my system. Any Help would be greatly appreciatted. thanks.

FYI... I see below the "InstalledPlugin" info...... This is not anything I installed at any point in time. I am the only user on this computer/only person with physical access.

Ive been having trouble with all my browsers, going to pretty much any website... getting unverified certificate. I have no Virus Protector currently running, because everything I tried (Kaspersky, Avast, F-Secure, Intego, etc) multiple problems occured, which even each companies technical depts' had a hard time understanding. Ive just completely uninstalled Firefox and all data, deleted all profiles, removed all associated files, and then reinstalled the new 37.0.1. In my Preferences here are a few screen shots of just a few of the certificates I have. I dont know how they are getting there, or how to secure my system. Any Help would be greatly appreciatted. thanks. FYI... I see below the "InstalledPlugin" info...... This is not anything I installed at any point in time. I am the only user on this computer/only person with physical access.
Angefügte Screenshots

Mehr Details zum System

Installierte Plugins

  • Provides information about the default web browser
  • The QuickTime Plugin allows you to view a wide variety of multimedia content in web pages. For more information, visit the QuickTime Web site.
  • Shockwave Flash 16.0 r0

Anwendung

  • Firefox 37.0.1
  • User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
  • Hilfe-URL: https://support.mozilla.org/1/firefox/37.0.1/Darwin/en-US/

Erweiterungen

  • Avast Online Security 10.1.0.177 (wrc@avast.com) (inaktiv)

JavaScript

  • incrementalGCEnabled: True

Grafiken

  • adapterDescription:
  • adapterDeviceID: 0x a26
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: 0x8086
  • driverDate:
  • driverVersion:
  • info: {u'AzureCanvasBackend': u'quartz', u'AzureFallbackCanvasBackend': u'none', u'AzureContentBackend': u'quartz', u'AzureSkiaAccelerated': 0}
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • webglRenderer: Intel Inc. -- Intel HD Graphics 5000 OpenGL Engine
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Basic

Veränderte Einstellungen

Verschiedenes

  • User JS: Nein
  • Barrierefreiheit: Nein
guigs 1072 Lösungen 11697 Antworten
Veröffentlicht

Is SHA-1 phased out in the version of Firefox you have installed?

You might be seeing the "Untrusted Connection Error" is this is the case.

The other thing I noticed what that the finger print matched so it is strange: https://wiki.mozilla.org/CA:IncludedCAs

However does this also happen when you import the certificates from the Options Menu?

Is SHA-1 phased out in the version of Firefox you have installed? *[https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/] You might be seeing the "Untrusted Connection Error" is this is the case. The other thing I noticed what that the finger print matched so it is strange: [https://wiki.mozilla.org/CA:IncludedCAs] However does this also happen when you import the certificates from the Options Menu?
jscher2000
  • Top 10 Contributor
8793 Lösungen 71936 Antworten
Veröffentlicht

Firefox discovers most plugins through registry entries added by the associated programs, such as Flash and QuickTime.

Built-in root certificates on the Authorities tab of the Certificate Viewer are normal because Firefox maintains a separate certificate store than MacOS X and your other browsers. I think I have all the ones you mentioned, and many more.

When you get the certificate error page, does it have an "I understand the risks" section with an Add Exception button? I don't suggest adding an exception but you can use the dialog to view information about the untrusted certificate. In particular, the "Issued by" section often points to the source of the problem, whether it is a security suite, proxy server, or malware. Do you notice any pattern with the "Issued by" information?

Firefox discovers most plugins through registry entries added by the associated programs, such as Flash and QuickTime. Built-in root certificates on the Authorities tab of the Certificate Viewer are normal because Firefox maintains a separate certificate store than MacOS X and your other browsers. I think I have all the ones you mentioned, and many more. When you get the certificate error page, does it have an "I understand the risks" section with an Add Exception button? I don't suggest adding an exception but you can use the dialog to view information about the untrusted certificate. In particular, the "Issued by" section often points to the source of the problem, whether it is a security suite, proxy server, or malware. Do you notice any pattern with the "Issued by" information?
cor-el
  • Top 10 Contributor
  • Moderator
17578 Lösungen 159013 Antworten
Veröffentlicht
See also: *https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/

Geändert am von cor-el

guigs 1072 Lösungen 11697 Antworten
Veröffentlicht
corel beat me to it :-) https://blog.mozilla.org/security/2015/04/02/distrusting-new-cnnic-certificates/
Veröffentlicht

Fragesteller

guigs2 said

Is SHA-1 phased out in the version of Firefox you have installed? You might be seeing the "Untrusted Connection Error" is this is the case. The other thing I noticed what that the finger print matched so it is strange: https://wiki.mozilla.org/CA:IncludedCAs However does this also happen when you import the certificates from the Options Menu?


So sorry Its taken me sooooooo long to reply ( currently undergoing chemotherapy ...not fun) thank you all so much for taking the time to answer/help. So the cert's I was previously referring to were just in my Firefox preferences, So after reading about the SHA-1 CA's I took a look at the cert's in my Keychain System Root, and so far.....(theres a LOT obviously) pretty much every one Ive been looking at is like the screen shot below.... is showing SHA-1 and has ability to do pretty much everything. I have Safari, Firefox, and Opera as browsers, and i get "untrusted site" on all 3 of them, (I have no virus protection, simply because of continued varies problems with each one Ive installed ) I will say Ive had some very strange behaviors on my mac occur... even when the Apple Supervisors have taken remote screen sharing access theyve been puzzled at what theyve found.

So I guess my question in, are these something I should be concerned and reporting and who do I report these things to?

thank you for any help

''guigs2 [[#answer-715455|said]]'' <blockquote> Is SHA-1 phased out in the version of Firefox you have installed? *[https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/] You might be seeing the "Untrusted Connection Error" is this is the case. The other thing I noticed what that the finger print matched so it is strange: [https://wiki.mozilla.org/CA:IncludedCAs] However does this also happen when you import the certificates from the Options Menu? </blockquote> So sorry Its taken me sooooooo long to reply ( currently undergoing chemotherapy ...not fun) thank you all so much for taking the time to answer/help. So the cert's I was previously referring to were just in my Firefox preferences, So after reading about the SHA-1 CA's I took a look at the cert's in my Keychain System Root, and so far.....(theres a LOT obviously) pretty much every one Ive been looking at is like the screen shot below.... is showing SHA-1 and has ability to do pretty much everything. I have Safari, Firefox, and Opera as browsers, and i get "untrusted site" on all 3 of them, (I have no virus protection, simply because of continued varies problems with each one Ive installed ) I will say Ive had some very strange behaviors on my mac occur... even when the Apple Supervisors have taken remote screen sharing access theyve been puzzled at what theyve found. So I guess my question in, are these something I should be concerned and reporting and who do I report these things to? thank you for any help
jscher2000
  • Top 10 Contributor
8793 Lösungen 71936 Antworten
Veröffentlicht

Have you added exceptions for any sites? The exceptions usually would appear on the Servers tab of the Certificate Viewer dialog, not the Authorities tab. Sometimes the "Issued by" section of an untrusted certificate provides the most information about why Firefox doesn't trust the certificate.

(The Live Mail site is a little complicated to diagnose. You might check some other sites, first.)

Have you added exceptions for any sites? The exceptions usually would appear on the Servers tab of the Certificate Viewer dialog, not the Authorities tab. Sometimes the "Issued by" section of an untrusted certificate provides the most information about why Firefox doesn't trust the certificate. (The Live Mail site is a little complicated to diagnose. You might check some other sites, first.)