This thread was archived. Please ask a new question if you need help.
this connection is untrusted with Error code: sec_error_unknown_issuer.
When I try to open G-Mail & twitter and some other trusted websites, I got the following warning "This Connection is Untrusted" with Error code: sec_error_unknown_issuer.
For most of the site, I can bypass by clicking « I understand the risk » but this is a bummer but for Gmail and Twitter, there is no other button than "Get me out of here"
When I go through « about:support » and « reinitialise » system, I no longer have the problem, but not only it erases all my personnal set-up but the problem always come back when I restart my system
Date and time are set right.
I have also tried to reinstall completely FIREFOX to no avail
I am using McAfee Total protection 2014 & Firefox 31.0 on Windows 7 64 bits.
I have had this problem for the last 5 days and only Firefox.
Other Browser ( IE8.0) is working fine
I have searched for solutions but they all failed -
Deleting cert8.db did not solve the problem either
How do I solve this Problem?
Thanks and Regards
All Replies (10)
this article was intended for website owners, so it doesn't apply to your situation...
Back again, have reinstalled once more firefox from scratch, same problem. Not sure I understand what is ISP problem suggested by @philipp. I am really fed up now, nothing seems to work. I loved firefox but thinking of moving to another Internet browser, not sure which one though, I do not like Opera and I do not trust Google Chrome, IE is fairly basic so what do you suggest if I cannot have Firefox back and kicking? do you think Chrome is safe?
Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.
Hi Cor-el, no not the problem, as I said before, date and time are correct.
There are two likely causes, one is a wrong date and time and the other is that Firefox gets the wrong certificate and inspecting the issuer of the certificate should confirm this.
How does the certificate chain show if you check this on the Details tab in the Certificate Manager.
You can retrieve the certificate and check details like who issued certificates and expiration dates of certificates.
- Click the link at the bottom of the error page: "I Understand the Risks"
Let Firefox retrieve the certificate: "Add Exception" -> "Get Certificate".
- Click the "View..." button and inspect the certificate and check who is the issuer of the certificate.
You can see more Details like intermediate certificates that are used in the Details pane.
Can you post a screenshot with the content of the "Technical Details" and a screenshot of the window that opens when you click the View button and of the Details pane with the issuer selected?
Modified by cor-el
That article is about installing missing (intermediate) certificates on a web server and doesn't apply to your situation and this would only help for websites that use PositiveSSL Certificates.
If deleting the cert.db didn't help the renaming the file won't work as well as both will make Firefox create a new file. The only way to recover cleanly is to check the certificate chain to see what is wrong with it, e.g. you get a certificate issued by another website or intermediate proxy or the certificate isn't valid for other reasons.
@cor-el Hello, Do not know how to insert a screen print in here, but as posted before it says (and it has not changed)
Nom commun (CN) VeriSign Class 3 Public Primary Certification Authority - G5 Organisation (O) VeriSign, Inc. Unité d’organisation (OU) VeriSign Trust Network
It should work that way, so if there are still problems like in your case then something else is wrong.
A full certificate chain starts with the certificate that a web server sends and ends with a built-in root certificate with possible one or more intermediate certificates between the certificate of the website and the root certificate.
In Firefox 32 and later some weak root certificates were disabled (removed) and can no longer be used. There are VeriSign certificates mentioned.
As part of the ongoing security improvements, several SSL and code signing trust bits for 1024-bit root certificates have been removed from Network Security Services (NSS) used in Firefox and other products. Those include AC Raíz Certicámara, Entrust.net, GTE CyberTrust, NetLock, TDC Internet, ValiCert and VeriSign. 1024-bit root certificates will all be removed over the next few Firefox releases, because these are no longer considered as secure.
Hi Cor-el, I do not think the problem is a certificate since it does it on every single site (even Mozilla) plus for some when I add the certificate I still cannot see the site properly. My guts tell me there is a conflict between Firefox and McAfee but I might be wrong...