Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Can't add security exceptions

  • 2 replies
  • 7 have this problem
  • 3457 views
  • Last reply by cor-el

more options

I'm using firefox 32.0.1 on Windows 7 and having a lot of trouble with https -- I can't add any security exceptions. Problem may have occurred on a prior version of firefox as well (finally posting a question for community support after a couple months with this problem).

When I visit a problematic site (including several run by Duke University), I get a message "This Connection is Untrusted". I click "I understand the risks", "add exception". But I can't get a certificate or confirm a security exception.

I've searched the forum but haven't found a similar issue or solution yet. I have the current firefox version and I've tried disabling all add-ons.

I've been transitioning to Chrome since these problems started happening, but I'd like to get back to Firefox. Any thoughts?

Chosen solution

The certificate chain shows the InCommon Server CA intermediate certificate from Internet2 in your blocked examples

intermediate certificate: InCommon Server CA -> AddTrust External CA Root

You can check the Certificate Manager to see if you can locate the certificate under AddTrust AB and remove it.

Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

Rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.

Read this answer in context 👍 0

All Replies (2)

more options

As a follow up...not all sites are affected. Ex: I can access https://www.bankofamerica.com/ without a problem. But doing a quick search for "https duke" reveals that every https site associated with the university is blocked (https://sakai.duke.edu/, https://www.dukemychart.org/, https://webmail.duke.edu/, etc.). The problem isn't isolated to Duke. Ex: https://wl.mypurdue.purdue.edu/cp/home/displaylogin (Purdue University) is also blocked.

...just a couple examples that I hope provide more information - certainly not an isolated problem for me though.

Thanks in advance for any suggestions!

more options

Chosen Solution

The certificate chain shows the InCommon Server CA intermediate certificate from Internet2 in your blocked examples

intermediate certificate: InCommon Server CA -> AddTrust External CA Root

You can check the Certificate Manager to see if you can locate the certificate under AddTrust AB and remove it.

Check the date and time and time zone in the clock on your computer: (double) click the clock icon on the Windows Taskbar.

Rename the cert8.db file (cert8.db.old) and delete the cert_override.txt file in the Firefox profile folder to remove intermediate certificates and exceptions that Firefox has stored.

If that has helped to solve the problem then you can remove the renamed cert8.db.old file. Otherwise you can rename (or copy) the cert8.db.old file to cert8.db to restore the previously stored intermediate certificates. Firefox will automatically store intermediate certificates when you visit websites that send such a certificate.

If that didn't help then remove or rename secmod.db (secmod.db.old) as well.