How to troubleshoot security error codes on secure websites
Revision Information
- Revision id: 115306
- Created:
- Creator: philipp
- Comment: initial version of the article
- Reviewed: No
- Ready for localization: No
Revision Source
Revision Content
On websites which are supposed to be secure (i.e. the URL begins with "https://"), Firefox must verify that the certificate presented by the website is valid. If the certificate cannot be validated, Firefox will stop the connection to the website and instead show a "Your connection is not secureThis Connection is Untrusted" error message. This article will explain why you might see error code "SEC_ERROR_UNKNOWN_ISSUER" on websites and how to troubleshoot it.
Table of Contents
During a secure connection a website needs to provide a certificate issued by a trusted certificate authority in order to ensure that the user is connected to the intended target and the connection is encrypted. If you get a "Your connection is not secureThis Connection is Untrusted" error page and see the error code "SEC_ERROR_UNKNOWN_ISSUER" after you click on , this means that the certificate provided was issued by a certificate authority that is not known by Firefox and therefore cannot be trusted by default.
If you receive the error on multiple secure sites
When you see this problem on multiple unrelated HTTPS-sites, this indicates that something on your system or network is intercepting your connection and injecting certificates in a way that is not trusted by Firefox. The most common causes for this would be security software scanning encrypted connections or malware listening in, replacing legitimate website certificates with their own.
Anti-Virus Products
Generally, if your security product contains a feature to scan encrypted connections, you could try to reinstall the security product, which might trigger the software to place its certificates into the Firefox trust store again. Here are some more solutions for particular security products:
Avast
In your Avast security product you can disable the interception of secure connections like this:
- Open the dashboard of your Avast application.
- Go to > and click next to .
- Uncheck the Enable HTTPS Scanning setting and confirm this ny clicking .
More Information about this feature is available on: https://blog.avast.com/2015/05/25/explaining-avasts-https-scanning-feature/
Bitdefender
In your Bitdefender security product you can disable the interception of secure connections like this:
- Open the dashboard of your Bitdefender application.
- Click on (2016 version) or (2015 version).
- Click on .
- Toggle off the Scan SSL setting.
For corporate Bitdefender products, please refer to: http://www.bitdefender.com/support/how-to-enable-ssl-https-scanning-in-cloud-security-for-endpoints-1117.html
Eset
In your Eset security product you can try to disable and reenable SSL/TLS protocol filtering, or generally disable the interception of secure connections like described in their support article on the subject at http://support.eset.com/kb3126/.
Kaspersky
In your Kaspersky security product you can disable the interception of secure connections like this:
- Open the dashboard of your Kaspersky application.
- Click on on the bottom left.
- Click and then .
- Check the Do not scan encrypted connections option and confirm this change (2016 version) or uncheck the Scan encrypted connections option (2015 version).
Family Safety settings in Windows accounts
In Microsoft Windows accounts protected by Family Safety settings, secure connections on popular websites like Google, Facebook and Youtube might be intercepted and their certificates replaced by one issued by Microsoft in order to filter and record search activity.
See http://windows.microsoft.com/en-us/windows/family-features-remove-uninstall-faq on how to turn off these family features for accounts. In case you want to manually install the missing certificates for affected accounts, you can refer to the Microsoft support article at https://support.microsoft.com/en-us/k.../2965142#bookmark-2.
Monitoring/Filtering in corporate networks
Some traffic monitoring/filtering products, that are used in corporate environments might intercept encrypted connections by replacing a website's certificate with their own, possibly triggering errors on secure HTTPS-sites. If you suspect this might be the case, please get in contact with your IT department in order to inquire how to properly configure firefox to work in such an environment.
Malware
Some forms of malware intercepting encrypted web traffic can cause this error message - refer to the article Troubleshoot Firefox issues caused by malware on how to deal with malware problems.
If you receive the error on one particular site only
When you see this problem on one particular site only, this type of error indicates that the web server is not configured properly: The website's certificate might not have been issued by a trusted certificate authority itself and no complete certificate chain to a trusted authority was provided either (a so-called "intermediate certificate" is missing). You should get in contact the owners of the website and inform them of the error.
In case the website allows for it, you can add an exception in order to visit the site, in spite its certificate is not being trusted by default:
- On the warning page, click .
- Click . The Add Security Exception dialog will appear.
- Read the text describing the problems with the website. You can click in order to closer inspect the untrusted certificate as well.
- Click if you want to trust the site.