X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

SSL Certificates - sec_error_unknown_issuer

Veröffentlicht

Fix your browser already. Getting these SSL errors on every other site is starting to really get annoying! There is nothing wrong with the SSL certificates or the sites. It's your browser that is unable to verify the certificates.

http://i.imgur.com/52qSNXt.png

Latest addition to the sites that do not work: https://www.inspirepay.com

The latest browser causing nothing but trouble for clients.

Edited for language. Please see Forum rules and guidelines

Fix your browser already. Getting these SSL errors on every other site is starting to really get annoying! There is nothing wrong with the SSL certificates or the sites. It's your browser that is unable to verify the certificates. http://i.imgur.com/52qSNXt.png Latest addition to the sites that do not work: https://www.inspirepay.com The latest browser causing nothing but trouble for clients. ''Edited for language. Please see [[Forum rules and guidelines]]''

Geändert am von Moses

Ausgewählte Lösung

Quote: The browser should come with all Certificate Authorities

Note that Mozilla has a strong policy to decide which CA to include with root certificates.

Required intermediate certificates need to be send by the server to make it possible to build a certificate chain that ends in a root certificate.

Diese Antwort im Kontext lesen 5

Mehr Details zum System

Anwendung

  • User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.76 Safari/537.36

Weitere Informationen

Firefox 26.0 is up to date!

philipp
  • Top 25 Contributor
  • Moderator
5306 Lösungen 23424 Antworten
Veröffentlicht

hello, the site you provided works fine here - most of the time this kind of error isn't due to an issue with the browser itself, but because security software (which one are you using?) or other potentially unwanted software that is monitoring or intercepting encrypted network traffic on your pc - which looks like a man-in-the-middle attack in firefox & therefore the warning...

could you tell us which issuer information the certificate does contain when you inspect it (see screenshot)?

hello, the site you provided works fine here - most of the time this kind of error isn't due to an issue with the browser itself, but because security software (which one are you using?) or other potentially unwanted software that is monitoring or intercepting encrypted network traffic on your pc - which looks like a man-in-the-middle attack in firefox & therefore the warning... could you tell us which issuer information the certificate does contain when you inspect it (see screenshot)?
philipp
  • Top 25 Contributor
  • Moderator
5306 Lösungen 23424 Antworten
Veröffentlicht

though on closer inspection the site you have referenced, doesn't properly include its intermediate certificate, so this can lead to problems in certain situations: http://www.sslshopper.com/ssl-checker.html#hostname=https://www.inspirepay.com/

you might have to install the right intermediate certificate manually. go to https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=62&nav=0,20 and download the .crt file. then in firefox go to options > advanced > certificates > view certificates > import... & leave all the checkboxes unticked in the upcoming confirmation dialog...

though on closer inspection the site you have referenced, doesn't properly include its intermediate certificate, so this can lead to problems in certain situations: http://www.sslshopper.com/ssl-checker.html#hostname=https://www.inspirepay.com/ you might have to install the right intermediate certificate manually. go to https://support.comodo.com/index.php?_m=downloads&_a=viewdownload&downloaditemid=62&nav=0,20 and download the .crt file. then in firefox go to options > advanced > certificates > view certificates > import... & leave all the checkboxes unticked in the upcoming confirmation dialog...
cor-el
  • Top 10 Contributor
  • Moderator
17477 Lösungen 157949 Antworten
Veröffentlicht

It is the first certificate ([Intermediate #3] EssentialSSLCA) as listed on this page:

Note that Firefox stores intermediate certificates automatically, so if you have visited a web server before that has send this certificate then you won't get this error.

It is the first certificate ([Intermediate #3] EssentialSSLCA) as listed on this page: *https://support.comodo.com/index.php?_m=downloads&_a=view&parentcategoryid=20&pcid=1&nav=0,1 Note that Firefox stores intermediate certificates automatically, so if you have visited a web server before that has send this certificate then you won't get this error.

Fragesteller

Why can every other browser like Chrome deal with this without an issue?

The browser should come with all Certificate Authorities and intermediates or at least update them when needed. They are Certificate Authorities for a reason.

Why can every other browser like Chrome deal with this without an issue? The browser should come with all Certificate Authorities and intermediates or at least update them when needed. They are Certificate Authorities for a reason.

Geändert am von skyrant

cor-el
  • Top 10 Contributor
  • Moderator
17477 Lösungen 157949 Antworten
Veröffentlicht

You wouldn't have seen this error in Firefox if you have visited a web server before that has send this intermediate certificate: philipp wrote above: hello, the site you provided works fine here, so apparently you already had this certificate installed like a lot of us have if you visit many website and have used a specific profile for a longer period (cert8.db isn't included in a reset).

You wouldn't have seen this error in Firefox if you have visited a web server before that has send this intermediate certificate: <i>philipp</i> wrote above: <i>hello, the site you provided works fine here</i>, so apparently you already had this certificate installed like a lot of us have if you visit many website and have used a specific profile for a longer period (cert8.db isn't included in a reset).

Fragesteller

Just for shits and giggles i did a clean install of Win7 + Chrome + IE + Firefox in a VM.

First site i browsed to was: https://www.inspirepay.com

Every browser worked except Firefox.

I rest my case. Fix your browser.

Just for shits and giggles i did a clean install of Win7 + Chrome + IE + Firefox in a VM. First site i browsed to was: https://www.inspirepay.com Every browser worked except Firefox. I rest my case. Fix your browser.
cor-el
  • Top 10 Contributor
  • Moderator
17477 Lösungen 157949 Antworten
Veröffentlicht

Ausgewählte Lösung

Quote: The browser should come with all Certificate Authorities

Note that Mozilla has a strong policy to decide which CA to include with root certificates.

Required intermediate certificates need to be send by the server to make it possible to build a certificate chain that ends in a root certificate.

Quote: ''The browser should come with all Certificate Authorities'' Note that Mozilla has a strong policy to decide which CA to include with root certificates. * http://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/ * http://www.mozilla.org/projects/security/certs/pending/ Required intermediate certificates need to be send by the server to make it possible to build a certificate chain that ends in a root certificate.
qaixr 0 Lösungen 1 Antworten
Veröffentlicht

Hi,

I've experienced this problem too, I keep encountering the same problem with the certificate cannot be found and so I cannot continue to confirm the exception.

What I tried to do is within the Confirm Security Exception dialog (or whatever it is) is change the https to http on the address bar there and the error message changed -- not to mention that the "Confirm Security Exception" button is also enabled after that. I clicked the Exception button to proceed and I think I bypassed it properly.

Hope this helps.

Hi, I've experienced this problem too, I keep encountering the same problem with the certificate cannot be found and so I cannot continue to confirm the exception. What I tried to do is within the Confirm Security Exception dialog (or whatever it is) is change the https to http on the address bar there and the error message changed -- not to mention that the "Confirm Security Exception" button is also enabled after that. I clicked the Exception button to proceed and I think I bypassed it properly. Hope this helps.
destinedjagold 0 Lösungen 3 Antworten
Veröffentlicht

I can't visit Yahoo. I can't visit Google. I can't download FireBug. I can't even visit your very own Firefox themes page http://i58.tinypic.com/106afyb.jpg Fix your browser!

I can't visit Yahoo. I can't visit Google. I can't download FireBug. I can't even visit your very own Firefox themes page http://i58.tinypic.com/106afyb.jpg Fix your browser!

Geändert am von Moses

cor-el
  • Top 10 Contributor
  • Moderator
17477 Lösungen 157949 Antworten
Veröffentlicht

Hi destinedjagold

Did you check the date and time in the clock on your computer?

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.

You can see more Details like intermediate certificates that are used in the Details pane.

If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".

Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.

Hi destinedjagold Did you check the date and time in the clock on your computer? *https://support.mozilla.org/kb/Secure+Connection+Failed You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates. *Click the link at the bottom of the error page: "I Understand the Risks" Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate". *Click the "View..." button and inspect the certificate and check who is the <u>issuer of the certificate</u>. You can see more Details like intermediate certificates that are used in the Details pane. If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab". Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.

Geändert am von cor-el

destinedjagold 0 Lösungen 3 Antworten
Veröffentlicht

I do not want to keep on clicking the "I Understand the Risks" button every.single.freaking.time. I should just go back to Chrome. Let me know when this error is fixed.

I do not want to keep on clicking the "I Understand the Risks" button every.single.freaking.time. I should just go back to Chrome. Let me know when this error is fixed.
goldenskyhook 0 Lösungen 4 Antworten
Veröffentlicht

I'm having the same problem but with many sites I visited yesterday just fine -- Facebook, Dropbox, and others. ALL obviously trusted sites. The problem most certainly IS with Firefox, and don't give a bunch of crap about what "should" be fine. Some of my error messages aren't even giving me the option of saying "go ahead, I understand the risks." There must be SOME kind of way to change settings or something.

I'm having the same problem but with many sites I visited yesterday just fine -- Facebook, Dropbox, and others. ALL obviously trusted sites. The problem most certainly IS with Firefox, and don't give a bunch of crap about what "should" be fine. Some of my error messages aren't even giving me the option of saying "go ahead, I understand the risks." There must be SOME kind of way to change settings or something.
cor-el
  • Top 10 Contributor
  • Moderator
17477 Lösungen 157949 Antworten
Veröffentlicht

Did you check who is the issuer of the certificate?

Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

Check out why the site is untrusted and click "Technical Details to expand this section.
If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source.

You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.

  • Click the link at the bottom of the error page: "I Understand the Risks"

Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".

  • Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.

You can see more Details like intermediate certificates that are used in the Details pane.

If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab".

Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.

Did you check who is the issuer of the certificate? Check the date and time in the clock on your computer: (double) click the clock icon on the Windows Taskbar. Check out why the site is untrusted and click "Technical Details to expand this section.<br>If the certificate is not trusted because no issuer chain was provided (sec_error_unknown_issuer) then see if you can install this intermediate certificate from another source. You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates. *Click the link at the bottom of the error page: "I Understand the Risks" Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate". *Click the "View..." button and inspect the certificate and check who is the issuer of the certificate. You can see more Details like intermediate certificates that are used in the Details pane. If "I Understand the Risks" is missing then this page may be opened in an (i)frame and in that case try the right-click context menu and use "This Frame: Open Frame in New Tab". Note that some firewalls monitor (secure) connections and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the website's certificate.
goldenskyhook 0 Lösungen 4 Antworten
Veröffentlicht

Hilfreiche Antwort

What is an "(i)frame"? Not everybody is a code freak. I'm with the other guy -- FIX your browser! OR AT LEAST tell ME how to fix it in PLAIN ENGLISH.

What is an "(i)frame"? Not everybody is a code freak. I'm with the other guy -- FIX your browser! OR AT LEAST tell ME how to fix it in PLAIN ENGLISH.

Geändert am von Moses

mconley 0 Lösungen 1 Antworten
Veröffentlicht

Hilfreiche Antwort

I was able to fix this on a friend's Windows 8 PC by uninstalling a piece of software called "Browser Secureguard". Apparently, this is a sneaky piece of Adware that does some tricky things with proxies to serve up video ads while browsing.

I was able to fix this on a friend's Windows 8 PC by uninstalling a piece of software called "Browser Secureguard". Apparently, this is a sneaky piece of Adware that does some tricky things with proxies to serve up video ads while browsing.
Destroyer 0 Lösungen 1 Antworten
Veröffentlicht

I have normal class 1 startssl certificate which uses tons of sites but mine doesnt work too ( http://i.imgur.com/mVt7FLs.png ). Any help? Every other browser works for me as well just fine

I have normal class 1 startssl certificate which uses tons of sites but mine doesnt work too ( http://i.imgur.com/mVt7FLs.png ). Any help? Every other browser works for me as well just fine
cor-el
  • Top 10 Contributor
  • Moderator
17477 Lösungen 157949 Antworten
Veröffentlicht

The www.vcklan.cz server doesn't send a required intermediate certificate.

  • StartCom Class 1 Primary Intermediate Server CA

You can inspect the certificate chain via a site like this:

You will have to install the intermediate certificate on the server, so that Firefox can build a certificate chain that end to the built-in StartCom Certification Authority root certificate.

The StartCom servers seem to been down for maintenance at this moment, so I can't check for details.

The www.vcklan.cz server doesn't send a required intermediate certificate. *StartCom Class 1 Primary Intermediate Server CA You can inspect the certificate chain via a site like this: *http://www.networking4all.com/en/support/tools/site+check/report/?fqdn=www.vcklan.cz&protocol=https You will have to install the intermediate certificate on the server, so that Firefox can build a certificate chain that end to the built-in StartCom Certification Authority root certificate. The StartCom servers seem to been down for maintenance at this moment, so I can't check for details.