Avatar for Username

Αναζήτηση στην υποστήριξη

Προσοχή στις απάτες! Δεν θα σας ζητήσουμε ποτέ να καλέσετε ή να στείλετε μήνυμα σε κάποιον αριθμό τηλεφώνου ή να μοιραστείτε προσωπικά δεδομένα. Αναφέρετε τυχόν ύποπτη δραστηριότητα μέσω της επιλογής «Αναφορά κατάχρησης».

Learn More

Αυτό το νήμα αρχειοθετήθηκε. Παρακαλούμε κάντε νέα ερώτηση αν χρειάζεστε βοήθεια.

Firefox does not trust DigiCert Global Root CA even though trust is set

  • 1 απάντηση
  • 1 έχει αυτό το πρόβλημα
  • 25 προβολές
  • Τελευταία απάντηση από cor-el

morxa
morxa
more options

I've had trouble accessing websites that use a certificate that's signed with the DigiCert Root CA. As an example, if I open up blog.mozilla.org, I get a SEC_ERROR_UNKNOWN_ISSUER.

This is somehow related to my user profile. If I create a new profile, the problem disappears.

I've tried deleting cert*.db in my profile directory to no avail. I checked about:config and I couldn't find any relevant non-default configuration.

To my surprise, if I want to manually set the trust of the certificate in the certificate manager ("Edit Trust"), it tells me that the certificate is trusted. However, if I click on "View Certificate", I get the following error: "Could not verify this certificate because the issuer is unknown."

I don't know much about CAs, but it seems to be surprising how the issuer of a Root CA could be unknown, isn't that the whole point of a Root CA that it does not need to be signed by another certificate?

The more important question: Where in my profile may I have a non-default option that causes Firefox to not trust the DigiCert Global Root CA?

I've had trouble accessing websites that use a certificate that's signed with the DigiCert Root CA. As an example, if I open up blog.mozilla.org, I get a SEC_ERROR_UNKNOWN_ISSUER. This is somehow related to my user profile. If I create a new profile, the problem disappears. I've tried deleting cert*.db in my profile directory to no avail. I checked about:config and I couldn't find any relevant non-default configuration. To my surprise, if I want to manually set the trust of the certificate in the certificate manager ("Edit Trust"), it tells me that the certificate is trusted. However, if I click on "View Certificate", I get the following error: "Could not verify this certificate because the issuer is unknown." I don't know much about CAs, but it seems to be surprising how the issuer of a Root CA could be unknown, isn't that the whole point of a Root CA that it does not need to be signed by another certificate? The more important question: Where in my profile may I have a non-default option that causes Firefox to not trust the DigiCert Global Root CA?

Όλες οι απαντήσεις (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

A root certificate can only work if is has the appropriate trust bit(s) set. For builtin root certificates this should happen automatically.

What certificate chain do you get?

Issues caused by broken certificates are normally fixed by deleting cert9.db and cert8.db and maybe cert_override.txt as well.

Other related files you can look at are pkcs11.txt and secmode.db. I don't think that prefs are involved in this case.

Τροποποιήθηκε στις από το χρήστη cor-el